UniFi CloudKey Basic Setup

After the last post, my friend Thomas Fuchs asked me if I might do a little service journalism:

So I toddled off to Amazon, and picked up a UniFi CloudKey ($79 or so), and a UniFi PRO AC access point ($130 or so) for delivery. I already have a router here at the house (Kerio Control Box, and a small POE Switch (Netgear GS110TP, $110 today). I won’t be covering the Ubiquiti Security Appliance ($110) or Ubiquiti 8-port UniFi Switch ($200) setup in this piece, though I’ll be ordering ones to play with for a future piece.

Ubiquiti CloudKey and UAC Pro
Ubiquiti CloudKey and UAC Pro

Why a CloudKey At All?

Ubiquiti Networks are designed to work with a controller of some kind. This can be a downloaded application that runs on a computer you already have, or be configured to run on an Amazon Web Services t2.micro instance (free for a year, $150/yr after that), but the easiest way to have a small dedicated appliance that’s ready to go at the first moment is the CloudKey, a small appliance, slightly longer, but slightly narrower, than a Raspberry Pi.

The CloudKey is your dedicated controller for your network, be it just an AP, or an AP and a switch, or a couple APs, a switch or two, and a security gateway.

What’s Included

Since Amazon is the world’s most efficient shipping operation, everything showed up in one medium-sized box. The Cloud Key and the PRO AC each come with (almost) everything you need to make this all go.


  • CloudKey Appliance
  • Ethernet Cable
  • Memory Card


  • UAC Pro AP
  • Mounting Kit
  • POE Injector
  • Cover

This is almost everything you need to make a go of it. What’s missing? Well, if you lack a POE switch, you need a 5V/1A Micro USB power source for the CloudKey. And, for the UAC Pro, you’re going to need one Ethernet cable if you have a POE switch, and two if you just have a standard switch. So, plan ahead, and if you’re not using a POE switch, stock your supply kit accordingly.

Setup is a two-part process: CloudKey first, then Network.

CloudKey Setup

Open the box, and you’ll see there’s three things in there, save the manual: The appliance itself, a stubby 6″ Ethernet cable, and a Micro SD card.

Slide the Micro SD card into the rear of the device, taking careful note of the pictogram on the device to line it up properly. Once you’ve got the card in place, plug in the ethernet cable to the device, then into your switch. If you’re flying without a POE switch, plug in the Micro USB cable.

This will boot the device, and you’ll see a white light on the center of the CloudKey as it starts up.

The next step requires access to your router, or the installation of their Device Discovery Tool. Once you’ve determined the IP address of your CloudKey, visit that address in a browser. They recommend Google Chrome, or Mozilla Firefox, but my experience says Safari for macOS and iOS both work just fine.

CloudKey Initial Login Screen
CloudKey Initial Login Screen

This is the initial screen for the CloudKey. We’re going to start on the bottom half, Configure Your UniFi CloudKey.

The CloudKey will walk you through initial setup. You login with the ubnt : root combination of username and password, and it will take you through the rest of the easy steps where you set your locality, an administrator password, and the rest. Once you’ve gotten to the main interface, you’ll want to check to make sure that your CloudKey is up to date. Mine shipped with 0.4.3, and 0.5.5 is current as of the authoring of this post.

UBNT CloudKey Interface
UBNT CloudKey Interface

I found that once I upgraded the firmware, I still got a “Hey, turn the device back on!” message, for the first two refreshes of the admin page. That did go away eventually.

Ubiquiti Network Setup

Once you’ve got a password for the CloudKey and it’s been setup and provisioned, it’s time to start working on the network itself. Plugin the UAC Pro if you haven’t already, and make sure the LED in the main ring activates.

Go back to the CloudKey address, and this time, instead of setting up the CloudKey, you’re going to want to setup the Network itself, the top option.

First up, Location & Timezone. This one’s easy.

Initial Ubiquiti Setup Screen
Initial Ubiquiti Setup Screen

You’ll now see the UAC Pro and you’ll want to continue. Check the box next to your AP, and click Next.

Ubiquiti Device Setup
Ubiquiti Device Setup

Here’s where you setup your initial network name (the Secure SSID) and password (the Security Key) for your Wi-Fi network.

Configure SSID
Configure SSID

Then setup your Controller username (different from the CloudKey admin!) and password.

Controller Access Setup
Controller Access Setup

Last up, you have to setup your Ubiquiti account. If you haven’t yet, you can setup a Ubiquiti account before starting, otherwise, it’ll guide you through that process as well. This is what you can tie your whole chain together with – Security Appliance, Switches, APs and CloudKey.

That’s the basics of the wireless network configuration. There’s more control available, though. By default, the UAC Pro uses 20MHz channels in 2.4GHz and 40MHz channels in 5GHz. The sidebar of the main controller view will let you alter the radio controls of the APs. Select the Device, and click the Configuration heading.

Device Configuration Detail
Device Configuration Detail

Here, you can select the channelization of each radio, as well as the channel width and broadcasting power. You can enforce Airtime Fairness, if you’re worried about device dominance, or use Band Steering to force your devices to use 5GHz as much as possible. You can also configure your device’s IP information here, give the AP a specific name.

You can also setup basic maps of your APs using the Maps section and blueprints of your space. This will, if you have multiple APs, let you triangulate the location of devices, as well as map coverage areas and guesstimate signal strengths based on readings from each location. While no substitute for a proper survey, it’s a pretty good guess for getting started.

Next time: Setting up the Security Appliance and integrating the two.

Whither Wi-Fi? Recommendations in an AirPort-less World

Today, Bloomberg Technology News released a story that heralded the death of one of my favorite products over the years, the AirPort. It is one of the few products currently available at Apple that predates my career as an Apple Admin(1). Over the years, we’ve seen a lot of features crammed into these little boxes, and I have a tremendous fondness for them overall.

My thanks to Apple for building a good, solid little box that did so much. I’ve got some recommendations that I’ve been thinking about for some time, along a couple different lines of thought:

Budget Performance

I have yet to find a device that I like more than the current AirPort Express, just in terms of what it does: Home Router, Home Wi-Fi, AirPlay speaker, remotely managed. There isn’t anything I’ve found that is as easily-managed as the AirPort line is. But there are some good options:

  • Archer C7 (<$99) – 802.11ac, 3×3:3, USB Port for basic NAS

* The UI doesn’t totally blow
* Good performance for throughput
* Good coverage for 5GHz for single-floor, drywall construction dwellings

* Not great at density
* Not very useful just as an access point
* NAS performance very limited.

* Synology UI that you like from your NAS
* Beamforming Support to alter coverage areas
* Good performance for throughput

* No USB for direct storage, meant to be used with an existing Synology NAS

Mesh Networking

In the early days of Wi-Fi, Wireless Distribution System (WDS) was an extension of 802.11g that would allow you to use Wi-Fi access points as wireless relays to expand coverage. I wrote a piece for an early edition of Make Magazine on how it works, and it’s been something we’ve used various places over the years, but mostly only when we’ve had to. Each wireless link in the chain can halve your bandwidth, and clog the airwaves. It’s a last ditch effort.

Or, it was, until some new players like eero and Luma started to dip their toe in the proprietary Wi-Fi world, and brought legacy companies like Netgear to the fight. Neither eero nor Luma carry Wi-Fi Alliance certification, but I don’t think that should be the end-all, be-all of the world. I’ve recommended both eero and Luma to clients, and some have adopted it. There are some interesting choices that they’ve made, and there are some consequences to that. Overall, these technologies share the same Pros & Cons:

* No wires required!
* iOS App Setup
* Interesting features not found in other platforms
* Works as a Router solution

* less configurable radios
* proprietary is harder to troubleshoot
* wireless backhaul is still problematic for throughput

eero 3-pack – $499
Luma 3-pack – $296
Netgear Orbi 2-pack – $397

Prosumer Wi-Fi

There are a couple of good options from the big providers of Wi-Fi for home use, too. They’re a step up in cost, but they come with a good step up in performance, too. These are all pure access points, though, they’re not routers, and they don’t have router-like options. This is all about the best Wi-Fi you can build, not AirPlay, not Routing, not remote management.

UniFi and Xclaim are the two that I see most often, and both represent good values. Xclaim is the budget line from Ruckus, and is meant to be cloud-controlled. It is equivalent to the R300 and R500, but without the 6dB of interference mitigation or any of the beamforming that make their APs my go-to on the Pro side. The UniFi APs from Ubiquiti are solid performers, but don’t carry the interference mitigation a large urban environment may require.

  • Xclaim Xi-3 ($249) – 802.11ac, 2×2:2, Made by Ruckus
  • Xclaim Xi-2 ($220) – 802.11n, 2×2:2, Made by Ruckus

* Free cloud dashboard
* Includes POE Injector
* Supports multiple SSIDs and controls
* iOS/Web configuration tools

* No beamforming or interference mitigation
* Only 2×2:2

* Good value APs
* Works with a local Cloud Key controller or AWS t1 micro instance
* Supports multiple SSIDs and controls

* Interference mitigation is a problem in dense environments
* 802.11n AP susceptible to hardware failure after 2 years
* UAP-PRO is only 2×2:2
* UAP-AC is almost $300.
* Needs either a Cloud Key or an AWS instance for best management.

Final Thoughts

The end of the AirPort is a sad day for me, I’ve probably managed close to 100 of them for clients in the last ten years, and I know we are currently supporting 25 of them in daily use. I don’t think there’s a good AirPlay option out there to replace them, sadly, so if that’s your current favorite streaming audio technology, now would be a good time to stock up on extras.

AirPort was a groundbreaking technology when it was released, and the first AirPort-capable Macs were magical in a way that we take for granted now. When people ask me what my favorite miracle of modern technology is, I reply without hesitation: Wi-Fi. Apple lead the way for a long time, focusing on building consumer-friendly products that did a lot. None of the solutions above carry with it the user-friendly function-focus of the AirPort, and that makes me sad. But, new companies like eero and Luma are making wireless do things that Apple has decided not to do, and so the future lives with them, or with the professional access point manufacturers who work down market like UniFi and Xclaim (Ruckus). I think we’re in good hands, even if they’re not Apple’s.


(1) The portables have all changed names, the mini, iPod, iPhone and iPad didn’t exist, the PowerMacs became the Mac Pro, only the AirPort and the iMac carry their original monikers. Crazy, right?

Eero – More Than Meets the Eye

I’ve been fascinated by the Eero for some time, mostly because I love the idea of dirt-simple wireless mesh access points. That’s a challenging space to operate in, and if it’s done well, it has the potential to do a lot of good in putting crappy wireless repeaters out of the marketplace before they convince someone to do impossible things with Wi-Fi.

Recently, though, I’d read some odd things about them, and I wanted to see if I understood the whole situation. First up was something specifically I’d read: they use 40 MHz channel widths in the 2.4 GHz spectrum. My primary experience with devices that work like that has been finding them in use at various corporate sites where they’re just blotting out entire swaths of a very crowded spectrum. It lead to this slide’s existence:

40MHz Channel Widths in 2.4?! Weehawken, Dawn. Guns, Drawn.

It’s safe to say that I feel strongly about this.

Weirder, though, the Eero doesn’t move from its channel position at channel 1 no matter the situation. While 2.4GHz does only have three channels in 2.4 that are unencumbered by adjacent channel interference, it seems odd to pick one and lock right down to it. I asked the CEO of Eero about this on Twitter, and he came back with evidence: “Across now thousands of networks, the best channel has been 1.” In addition, while it will default to 40 MHz widths in 2.4 GHz, if things are crowded, it will dial it back to a standard 20 MHz width.

Fascinating, right? Wait โ€™til you see what else they’re doing.

802.11ac in the 2.4GHz band?!
802.11ac in the 2.4GHz band?!

Yes, that graphic is right. They are using 802.11ac in the 2.4GHz range! HOW?!

Well, for one, Eero is not Wi-Fi Alliance certified, which means their gear isn’t necessarily adhering to every part of the 802.11 set of standards as designed and approved by the IEEE. That means that they can choose to do more innovative things with their units, at the cost of a pretty and recognizable badge on their box.

Now, why’s this all matter at all? The culmination of our Wi-Fi deck at Cascadia was the definition of transmit speeds, which depend on the guard interval, the encoding and modulation scheme, the channel width, and the number of spatial streams available. Like a mathematical equation, these group together to give us a decent result. Wi-Fi works by encoding signals through amplitude modulation and phase-shift keying, which combine to put the wave in a specific position in a given polar chart, like so:

64QAM Chart
64QAM Chart

Depending on how the amplitude and phase are shifted together, you can line up each symbol in one of 64 positions, which a fourier transform can quickly calculate. That’s how Wi-Fi works. But until 802.11ac – which is a 5GHz technology by specification – 64-position Quadrature Amplitude Modulation was the limit. With 802.11ac, when conditions are right, everything upshifts to 256-position QAM, and the chart gets a whole lot denser:


Sure enough: 2 spatial streams, with a short guard interval, in a 40MHz channel in the 2.4 GHz band, at 256QAM 5/6, gets you a 400Mbps Tx Rate, and that’s what Wi-Fi Explorer sees in this test provided by a friend-of-a-friend.

It’s a pretty neat trick to make 802.11ac work in the 2.4 band, especially when you think they’re flouting the standards to prove a point. I’m interested to see a little more about how these handle the backhaul between units, but I’m not sure I want to spend $500 to find out more.