Thinking about Unifi WiFi6?

Be aware that the Unifi U6-Lite and the U6-LR from Ubiquiti do not support WiFi6 (802.11ax) in the 2.4GHz band.

You will not receive the benefits of OFDMA on 2.4GHz frequencies.

While this likely isn’t an issue for most, UI make no attempt to highlight this on their website or in the technical specifications.

The UI Unifi U6-Pro (in Early Access at the time of writing) does feature WiFi6 support in both bands.

Unifi UDM Pro – an Update

I wrote a post a few months ago revealing my thoughts around the state of the UDM Pro and whether I would have bought one having known what I know now. Spoiler – I wouldn’t have.

Let’s not beat around the bush here, the firmware prior to 1.8.2 was a complete dumpster fire with resource utilisation issues, stability problems and more beta labels than you could shake a stick at. The worst thing however was the lack of communication from the company – support sucked and UI forum participation was limited.

So what has changed? Well, the support still sucks, communication is still limited although UI-GlennR is doing his best in the forums. We have however, had some decent firmware upgrades. 1.8.3 to 1.8.5 appear to be at the point where they can considered stable and most “basic” things seem to work well. There are still too many beta labels plastered across the configuration screens for my liking but at least the flurry of activity seems to indicate UDM isn’t a dead duck quite yet and they are moving forward.

Would I buy a UDM Pro now? Still no I’m afraid but when the 1.9.x train releases with the promised multiple WAN IP address support, it might be time to re-evaluate.

Random Thoughts on the Ubiquiti UDM-Pro

I bought heavily into the Ubiquiti (UI) Unifi eco-system around 2015 after many years of messing about with “advanced” SME routers for my home Internet connection ranging from physical devices such as Draytek and Cisco 800 series through to Astaro UTM9 and Sophos XG running as virtual appliances based on ESXi.

We’d always used Meraki at work for smaller networks and I’ve always been impressed with the ease of management through a single pane of glass. While I’m more than capable of the administration of Cisco routers, who needs that noise after a day in the office fixing problems for other people?

Ubiquiti’s Unifi lineup caught my eye as it seemed to offer Meraki like functionality for a fraction of the cost and no ongoing license fees. I started with a USG3P, a 16 port USW POE switch, one of the older access points, I can’t remember which specifically and the first generation of CloudKey.

Apart from a couple of issues where the CloudKey lost power and destroyed its own database, the setup was very stable and didn’t cause any problems. When FTTP was laid past my front door in 2020, I thought I’d treat myself to an upgrade both of the Internet service and network hardware. I tossed out the older stuff and invested in a UDM Pro, a USW-16-POE Gen2 and a couple of HD-Nano AP’s. For good measure, the CCTV system I had in place was an old Swann setup that caused nothing but hassle so I threw a couple of G3-Pro CCTV cameras on the list as well.

Now why the UDM-Pro? Simply put, there is very little else on the market at this point in time that provides the same WAN throughput (10Gbps) and supports IPS at over a gigabit (3.3Gbps claimed) at this price point.

Initial setup was interesting as The UDM-Pro demands an active Internet connection and a Ubiquiti Website account before it will complete setup. Once I’d figured that out, installation was straight forward. I accepted I was going to lose the ability to manage multiple sites like I could with the Cloudkey or generic Controller but that didn’t really bother me. What I wasn’t prepared for was the fact that the UDM-Pro runs Unifi-OS.

For those not in the know, Unifi-OS is Ubiquiti’s own implementation of a router operating system based on Linux (Debian I think) whereas the older USG product was based around a fork of the Vyatta router OS.

While the underlying operating system base isn’t a problem, what became apparent almost immediately was the lack of feature parity. Things you can do on the USG such as DNAT and hosting multiple public IP addresses on the WAN (albeit through CLI and JSON configuration) were and still are not present on the UDM-Pro. While this isn’t necessarily an issue for me in a home and lab environment, it does become an issue for those wishing to deploy Unifi in production customer environments.

The other irritation is the amount of “beta” labels stuck across the controller software. Even IPS/IDS, a standout feature referenced in marketing is still in beta and to make matters worse, runs a version of Suricata that has long been end of life.

Stability wise, the system on the whole has behaved itself although I’ve had to do a complete recovery a couple of times as a result of beta software testing causing the management interface to crash rendering the device unmanageable.

The TLDR of all this is that the system hardware is great but it is completely let down by shonky software. They are getting there with the OS and as they release (beta!) updates, things do seem to improve.

I guess the ultimate question is knowing what I do now, would I have bought one in the first place and the answer to that is no. I’d have waited until the software is sorted and somewhere on par with the USG.

HOW-TO: Use Ubiquiti Unifi UDM/USG directly with Vodafone Gigafast.

Information here is specific to my installation and configuration experience – your own mileage may vary!


I was fortunate/unfortunate enough depending on your point of view, to have the Vodafone Gigafast service installed. The underlying network is delivered by Cityfibre who are a growing player in the Fibre to the Premises (FTTP) market in the UK. As part of the installation, they provide a preconfigured router but as we all know, no-one sane uses the standard ISP kit – especially when you have a shiny UDM Pro sitting there so the ISP kit goes back in the box and on the shelf.

Unifi Equipment

UDM Pro running version 1.7.2 but should be a similar setup on most Unifi USG/UDM devices.


The Vodafone/Cityfibre router comes either preconfigured with the connection PPPoE credentials or is configured automagically. Either way, they don’t provide these details in any of the paperwork they send you. You must request the PPPoE details from Vodafone which is the most difficult part of the entire procedure! I found the easiest way to do this was through the Chat feature of the Vodafone website. You’ll need to pass through security so make sure you have your account number, email address associated with the account. They also asked me for part of the sort code associated with the direct debit. Tip: The username should be something like with a random string of text for the password.

Physical Configuration

When the nice installation engineer has finished, he will connect the WAN port of the ISP supplied router to a newly installed fibre termination box on the wall. Mine is a Calix device, black in colour and has four LEDs, a power plug, the optical input and an Ethernet port. As soon as the engineer is out of sight, disconnect the Ethernet cable from the WAN port on the ISP router and plug it in to the WAN port on your Unifi device. In my case, this is WAN on my UDM Pro.

Unifi Configuration

  • On the WAN configuration page of your Unifi Device (for classic, it’s Settings > Networks > WAN).
  • Enter a name for the Connection (default is WAN) in the Name field.
  • In the Connect Type drop down field under the IPV4 section, select PPPoE. A Username and Password field will appear.
  • Enter the Username and Password you obtained from Vodafone in the Prequisite section into these field.
  • In the DNS Server fields under Common Settings, enter your DNS servers of choice. I tend to stick with Cloudflare and but use whatever you will here.
  • Check the Use VLAN ID Checkbox and enter 911 in the box immediately to the right.
  • Make sure you are happy with the remaining settings.
  • Click Save and allow the changes to provision.


Once you have successfully established a connection, you can decide what to do with your ISP supplied router. Mine, as mentioned, is back in its box on the shelf but I’m sure you could have some fun setting fire to it, leaving it outdoors in the rain or using it as a doorstop.


And that’s it. This is written specifically for a specific ISP in a specific country but the key things are making sure you get your PPPoE credentials and also that the VLAN associated with Vodafone (at least in my part of the UK) is 911.

I hope this helps someone and good luck!

BGP – Neighbour and Sessions

Session based protocol – TCP running on port 179. Reliability comes from TCP.

Two types of neighbours – iBGP and eBGP (internal and external). The AS number after the neighbour statement defines whether the neighbour is internal or external. They are referred to as peers and the relationship forming process can be a slow affair.

There are no hellos. Neighbours are established manually. There is an element of “trust” between organisations running BGP.

Neighbours do not have to be directly connected. Neighbours can form over an underlay network being connected across multiple hops by an IGP or static routes.

Numerous rules around BGP – syncronisation, next hop etc.

BGP tyically used by service providers and enterprise networks where redundant egress points exist.

Session communications:

  • OPEN – starts a BGP session
  • KEEPALIVE – maintains the session i.e. it stays up
  • UPDATE – Routing updates
  • NOTIFICATION – BGP error – used when the session will be terminated.

Forming neighbour relationships pass through six states

  • IDLE – Neighbours configured but not connected.
  • CONNECT – Attempts to form TCP/179 connection to other peer
  • ACTIVE – Attempting to form a BGP relationship
  • OPENSENT – All of the configuration of peer is sent to the other side and tested.
  • OPENCONFIRM – All is good – ready to establish.
  • ESTABLISHED – BGP relationship is up.