This is not for me as I'm not a professional network engineer, but I do want to say that Ubiquiti has made home networking SO fun for me. Everything truly "Just Works."
My setup is definitely more on the prosumer side, but it's been so build out and inspect my network with their tools.
This is exactly how it is for me too. Everything truly "just worked" - except Sonos, but that's not a Unifi problem - they even have a dedicated page in their docs on how to set up Sonos systems, which I followed exactly, and it now works a treat.
I wish I could say that Unifi has just worked for me, but any time I add a new Unifi device to the network (say a new switch, or just recently a U6 range extender), my network gets incredibly unstable until I manually restart every UniFi device on the network, sometimes multiple times. (i.e. Some devices won't connect to WiFi due to DHCP IP configuration errors.) And that's after getting the device adopted, which generally takes multiple retries.
I've also had three instances where upon rebooting due to a power outage or a system update, my inbound firewall / port forwarding was just broken. UniFi simply did not pass packets to my server. Once again, a full reboot of every UniFi device on the network resolved it.
I really want to like UniFi, and I appreciate how much access I have to SSH in and figure out what's going on (and I did take tcpdumps and have a support case open), but it has definitely not been plug-and-play for me.
I'm using a UDR7, U7 Lite, a number of managed UniFi switches, and just recently added the U6 extender.
I just wanted to chime in and say that this hasn't been my experience. It sounds like you have some other sort of problem if it takes multiple attempts to adopt.
Yeah, my experience with the UAP-AC-LITE and -LR was that it would get wonky if not rebooted every month or so. That (combined with the realization that its software load is pretty much just OpenWRT with the serial numbers filed off) caused me to dump the official firmware and switch to OpenWRT.
I was quite a lot happier after the switch, as I didn't have to hassle with UniFi and my APs stopped needing roughly-monthly reboots.
Tangentially related: is Mikrotik as bad for wireless as some say? I want to like them, even though their equipment seems complex, I root for a company from the Baltics that have carved out a respectable niche. But they appear to struggle with wireless?
My biggest issue is threat surface. You can design around it, but Mikrotik WAP's do everything a Mikrotik router can do. If they get compromised they can run scripts, create blind proxies etc, and mikrotik has a habit of resurfacing CVEs from memory.
My experience is very binary. I had some Mikrotik RF installs that Just Worked, and never needed attention. And some that were just problem children constantly demanding reboots.
Mikrotik code isnt the most stable beast in the world, but if you keep it at a certain point in time you are usually safe. But then that brings you back around to the security issues again.
> If they get compromised they can run scripts, create blind proxies etc...
How's that different from a Unifi AP? Unless they changed something in the past five, eight years, the software running on the AP is pretty much OpenWRT with the serial numbers hastily filed off. [0] Get a shell, and you get to download whatever to do whatever you need.
[0] Me coming to this realization is what lead me to switch over to OpenWRT. I didn't need any of the fleet management stuff provided by UniFi, and was constantly frustrated that the APs had to totally reboot whenever you changed nearly any setting on them. (I heard that they eventually fixed that particular shortcoming. Good for them, I guess.)
Mikrotik will let you do a lot of this without downloading new code, but you are correct. In my experience people find a simple vuln, log in, enable the blind proxy feature, and then use your network to evade netflix region blocking until you realise.
Cambiums shell from memory is much further locked down. IIRC you need a possibly predictable password form cambo to do get full root shell on a lot of devices.
> IIRC you need a possibly predictable password form cambo to do get full root shell on a lot of devices.
If we're ignoring access-control-violating logic errors, then Mikrotik's shells are quite locked down. As you'd expect, you can provision multiple users with a variety of privs... and even make a user that has no configuration modification privs at all.
You can also very easily deny remote access to any credentials other than a username and SSH key. Good luck predicting an SSH key.
But if we're not ignoring coding errors that bypass access control, then I expect that Cambium is no less vulnerable than anything else out there. They're certainly using either BSD or Linux with some proprietary goop layered on top to make it look super sexy.
I've been using Mikrotik in various capacities since 2008, I even made IoT devices using RB450 boards before the word "IoT" was coined. I also love supporting a small company that is successfully competing with the giants.
Their long-distance wireless and outdoor wireless are great, but their regular WiFI access points and software are at most adequate. They are not keeping up with the state of the art.
> They are not keeping up with the state of the art.
Does that mean that the performance is middling (making them -IME- equal to UBNT's APs), that they never have APs that use the very latest and greatest WiFi version, or both?
Both. They don't have access points supporting 6 GHz wireless or 2.5G Ethernet.
I think they've just given up on that sector, and they're focusing on more specialized outdoors/long-distance wireless.
I don't want to get into the Ubiquity ecosystem because it's typically all-or-nothing plunge. And I distrust complicated managed systems out of general principles.
You've not looked at Mikrotik's hardware recently.
They have several APs that have 2.5Gbit ethernet (one with a 2.5Gbit SFP+ cage), and one AP with a 10Gbit SFP+ cage. Additionally, all their APs run RouterOS, which means that you can bond links together to fairly-reliably get additional throughput. [0]
In regards to Wifi 6e and Wifi 7, it looks like Mikrotik takes quite a long while after a new Wifi version to release hardware that runs it. I expect your assertion that they've given up on 6GHz for home/small-office APs is incorrect.
[0] Yes, I've personal experience with using link bonding on Mikrotik hardware. As a knowledgeable someone would expect, it usually provides you with additional throughput proportional to the number of bonded links.
Yeah, I'm using bonded links between my Synology NAS with 4 gigabit ports and a CCR router. It works acceptably well.
But I've just checked the Mikrotik hardware list, and I don't see indoor APs that are PoE-powered and have more than one Ethernet port. Maybe I'm overlooking something?
> But I've just checked the Mikrotik hardware list, I don't see indoor APs that are PoE-powered and have more than one Ethernet port.
a) Who said anything about that? In the four comments prior to this one, that set of requirements wasn't brought up.
b) Yes, you are absolutely overlooking something. On the Products page, try expanding the "Features" widget of the "Product filters" section, checking the "PoE-in" option, and hitting the "Use filters" button. Even the AP I mentioned with the 10Gbit SFP+ cage has PoE in.
> I tried again, and I see only mANTBox and NetMetal ax access points.
I'm not sure what you've done to only see those two APs. Based on your confusing report, it seems like you're also looking in the "Wireless systems" category. Try the "Wireless for home and office" category.
If you try and fail again, please do post the URL of the page you're looking at.
Can someone explain what "just works" when compared to other networking gear? IE I use ASUS and their mesh, and it all "just works". Have a mix of routers over 10 years and they all mesh together.
I started with TPLink gear in a mesh mode, and it kinda sorta maybe worked? I had an access point on the ground floor, a range extender + option to connect RJ45 (for devices with out WiFi), on the middle floor, and an additional meshed AP / range extender on the top floor. The top floor meshed thing basically didn't work, the RJ45 thing got me like 50 Mbps while wireless was getting me 200 Mbps. It 'just worked', but it didn't work well.
In that same house switching over to Ubiquiti just worked, and worked well. I had the same setup (mesh nodes on every floor), but performance was substantially better (2-4x).
I've moved house, and now have wired APs on every floor, and get phenomenal performance. The management UI to see what is where / how its connected, and when something doesn't work is very good. It also enables things that were hard / difficult with other non-'prosumer' gear. Like I can have multiple WAN ports, and plug in a cellular modem, so that when my internet doesn't just work (which happens way too often) it auto-fails over to the cellular modem, and continues just working.
The reason I went with Ubiquiti in the first place was their Unifi Protect line of cameras, and again those 'just work' from the wireless small ones to domes / etc plugged into wired connections they all just seamlessly connect to my dream machine, and provides a great UI, and the data is on prem which I want.
The only thing Ubiquiti doesn't do the way I want is DHCP + DNS, so I have a seperate raspberry pi doing that.
After years of fussing around with either linux / pfsense / ... routing + firewall solutions, and different AP / meshing configurations the ubiquiti stuff is very hands off.
Ah, so based on your last paragraph I guess you're in "prosumer" territory? My router has dual WAN, SFP, can do cellular over USB, tells DHCP clients to use the pihole for DNS, and I don't have speed issues in or around the house with the mesh nodes, but maybe it falls short if I was looking to do more advanced routing/firewalls.
Definitely in prosumer territory, and it's totally achievable with equipment that isn't Ubiquiti (they're not magic, the mediums RF + ethernet + fiber are all the same), but the amount of fiddling I found to get things to 'work right' with ubiquiti was plug it all in, set up the WiFi password, and update the DNS / DHCP server to my pihole, and then I didn't have to do much else, and there was a really nice UI with nice metrics, and a nice UI for cameras all built in, and a few other niceties like some VPN options. There's also sufficient logging that when something doesn't work I can maybe figure out why.
I don't really do more 'advanced' routing (other than maybe the unifi protect aka camera stuff it sounds like we're describing similar configurations), it's just that when I tried to achieve the configuration you're describing with Asus it was impossible, with TPLink it took a lot of fiddling / configuration and never 'worked right' (right meaning as well as I thought it should, though I've not tried TPLink in a primarily wired configuration) where as the ubiquiti stuff was plug and play and just 'worked right' (close to the speeds and reliability I expected both in a mesh mode and in wired).
The whole camera thing -- which is what really got me to pay the ubiquiti tax -- is another story entirely, I'm sure there are lots of other good options for self hosted IP camera solutions, but I couldn't find any ones I wanted to use, and again with ubiquiti it was super plug and play, and once I'd bought the UDM to do camera stuff and saw how well that worked I wanted to try the ubiquiti networking stuff, and it worked better with less configuration that the other alternatives I'd tried.
With infinite time and finite budget ubiquiti is not the right choice for home networks, with a sizable budget for home networking equipment minimal time investment and a preference for performance ubiquiti has worked out better for me than alternatives out of the box, and better for me after spending time tweaking and trying to optimize TPlink (meaning ubiquiti out of the box was better after trying to optimize TPlink).
If "not ubiquiti" works for you out of the box, or in the configuration you're already in then you're all set, and you're definitely not missing out on anything. If things aren't working out of the box and you're tired of fiddling with it, or your other goals aren't possible, and they are with ubiquiti maybe it's worth the investigation.
I also _hate_ how much I sound like an ad for ubiquiti. I'm really not, but I think I've spent more time writing these two comments than I've spent having to fuss around with my network equipment in years.
Hey, really appreciate the response though. I would say I'm in the "more time than money" category.
It's hard to not notice the ... ubiquity of praise for their gear over the years, but I haven't seen much clarifying what sets them apart. Maybe I should look at them like peak Apple but for networking gear?
Yes. That is how I view them, and a fair description I think.
When I was willing to spend time on this (home networking + cameras) I would have never touched this equipment. It was all open source / cheap stuff with BSD or Linux routers, random switches, home assistant raspberry pi's connected to USB cameras. It would take some time maybe not a lot, but enough, and it would break frequently enough due to some update somewhere or something.
I think the idea is that the Ubiquiti equipment is far more capable than normal consumer-grade equipment like ASUS, and still manages to "just work". So your ASUS may also "just work" but is has a fraction of the capabilities as the unifi system in terms of feature load-out and scope of native device integrations.
Adding a new Unifi device to the network is just a matter of powering it up, responding to "adopt this new device?" prompt on your phone, and that's it. It's literally Plug'n'Play in 2025. Even if other brands let you do that with similar number of steps, the UX is so behind that it's impossible for you to discover the steps that easily. Ubiquiti uses UX quite intelligently to make complicated things feel simple. My experience hasn't been close to Ubiquiti's with any other brand I've tried.
Right. Just like 5Gbit PPPoE uplinks over VLAN. In fact there is no Ubiquiti router which can handle 1.5Gbit+ PPPoE for some reason. So, I have a mikrotik in front of UDMPM just to termiate PPPoE and I had to buy a IPv4 /29 subnet to avoid double not.
I got some decommissioned Ubiquiti gear (a switch, some ap's) from work, but it requires UniFi to do anything. I looked into that briefly and it appears to be some eldritch horror of an application. Anything I can't use from a terminal is worthless, so all of it is going in the trash where it belongs.
I made the switch to Ubiquiti from TP Link last year. 1000% worth it. The "Just Works (tm)" thing is true, but the ceiling of what you can do with it is so much higher. I'll also say that the Unifi nerds out there are legion and you can find support and comment threads all over the place for pretty much any project you want to do.
I ended up going with TP-Link Omada and have been happy so far (a managed switch and wifi 6 WAPs). I am a bit concerned about their security track record given how bad their soho products are, so I ended up sticking with my opnsense router at the perimeter as the first line of defense.
I’m curious to hear what you think you’re missing out on with Omada.
>I am a bit concerned about their security track record given how bad their soho products are, so I ended up sticking with my opnsense router at the perimeter as the first line of defense.
Ubiquiti has had plenty of bad security issues as well I'm afraid, but fundamentally one of the advantages of both is that with a self-hostable controller and VLAN isolation you should be able to minimize your attack area pretty well from both the LAN and WAN. No remote dependencies at all. But like you I run OPNsense at the edge, you do at least have to trust their firewall and such if you want to go full single-pane.
The two biggest complaints in that thread (Edgerouter support abandoned, and VLAN issue unacknowledged and unfixed) were both wrong. Overall, it is a great, easy, inexpensive set of products.
Well, [0] mentions that they left the ER firmware alone for two years. They also don't sell the ER hardware anymore.
Looking at the changelog in combination with the comments on the news item about the new release, it looks like there are many bugs left unfixed. If this analysis is correct [2], nearly nothing was changed.
That smells an awful lot like abandonment.
> ...VLAN issue unacknowledged and unfixed... were both wrong.
This subthread [3] disagrees with you. As someone who has suffered through multi-quarter "struggle sessions" [4] with UBNT engineering staff about broken basic functionality, I can totally believe a report that UBNT claims something has been fixed when it's very much not fixed.
[4] Complete with round after round of them saying "Hey, we fixed it! Try the latest beta!", and me replying "No, you didn't. Did you run my 100% reliable reproducer that I've given you? It sure looks like you haven't because that reproducer still reproduces the problem.".
I made the same conclusions but got burned with Omada. Cheaper, yes, but fewer features and buggier than Unifi (and that’s a pretty low bar). I migrated back to Unifi.
I don't think I've run into any bugs, but there are also entire sections of the controller I haven't explored yet. I have a pretty typical homelab style setup with multiple wifi SSIDs for trusted devices and untrusted devices, and several VLANs to isolate them. I guess it's good to know rumors of Ubiquiti's death have been greatly exaggerated in case my Omada hardware starts acting up.
Not omoda, but TP-Link - recently built a deco setup - 3x be65, 2x be25, one WiFi mesh node, the rest is wired 2.5gbe backhaul and performance is excellent, though I’m not a fan of only being able to configure stuff from the app, and there isn’t that much to configure anyway. It just works, but if it wouldn’t, I’d probably have to return the whole set.
I've used both and was super interested to use Omada because of its price and performance. Honestly, Ubiquiti is just so much easier. The whole controller model for Omada tries to be way more "enterprisey" at the cost of a SOHO ease of use.
Based on having migrated multiple clients from UniFi to Omada but still has UniFi deployed across a few sites too, I'll give you a different take from the replies you've gotten so far. TP-Link's Omada is a newer, direct competitor to UniFi, and when it came out Ubiquiti was an absolute fucking dumpster fire in terms of, well, everything. Their software, hardware, and even the forums (which they killed in favor of the current mess). Their gateway/routing/network service story sucked, they were missing key features, their firmware was rotting in basic ways (like ssh being so old it literally included only insecure ciphers and you couldn't even connect to it anymore without + options), and finally were also starting to make more and more concerning and ugly choices that pointed towards serious organization issues (constant UI bike shedding churn in favor of ancient features and bugs they'd agreed were important) and enshitification (tying software applications to required hardware). However, they were also the only player doing that sort of fully self-hostable unified configuration networking. I migrated all the gateway/routing/simple service stuff to OPNsense, but then was stuck.
TP-Link stepped in and have been working hard on Omada being a direct competitor. It's clearly inspired liberally from UniFi but that's A-OK by me, it's healthy for both to be going head to head. In my experience it had somewhat fewer features, particularly initially, and they definitely don't cover the full breadth of cool and useful niches that Ubiquiti does either. But what there is has worked well and been more reliable for me, particularly in a mixed environment. For example Omada worked perfected day 1 with automatic L3 controller discovery using a simple DHCP Option 138 set on my OPNsense unit pointing right at my controller FQDN. It was easy and built-in to supply a proper certificate for the Web GUI. I never got either of those to work with the UniFi controller. The switching has been rock solid reliable and the WiFi more performant, better coverage, and features like PPSK were added way before Ubiquiti did and have a much better interface.
However, Ubiquiti does seem to perhaps be turning things around a bit. Their router hardware is no longer garbage, even if it is of course far less then you can do yourself. From what I can see in simple ongoing tests they do a better job on the software side for router features now as well, so if you're all-in on both systems for the total single-pane experience UniFi might once again be better. Their announcement of the "UniFi OS Server" 3 months ago (in Early Access) and publicly last month was both a surprise and heartening. Rarely does one see companies that start down the path of lock-in reverse course at all. If they make it possible to run all their various controller applications on your own hardware I'd definitely start to add more back into my mix.
So if you've got decently modern Omada hardware (and you probably do because not like it's been around that long, in terms of networks anyway) I'd be in no massive rush to switch to UniFi unless you see some key specific things you'd like. If you think you ever might want to roll your own other infra same thing even harder. But if you're thinking about a bunch of upgrades anyway then worth keeping an eye on and looking carefully at the various feature mixes each have.
And that's a really statement that makes me super happy to say, because I think each is now driving the other, which is really healthy for this ecosystem!
Thanks for your perspective! I’m all-in on Omada now with WiFi 6 APs and a few managed switches. Been working pretty well overall, but my network config is pretty basic.
I was more just curious if I was missing out on something great (or if I ever decide to upgrade to WiFi 7+)
My setup is definitely more on the prosumer side, but it's been so build out and inspect my network with their tools.