Running a wire at my house isn’t working out, so I’m stuck needing a wireless link to get the 200′ outdoors to the base of a tree. Fortunately there’s power there! Today I replaced the hacky leftover router wireless link with a more permanent setup involving Ubiquiti hardware. So far so good, some things to improve.
The Ubiquiti equipment is interesting. In a lot of ways it’s just like a WiFi router with flexible firmware like DD-WRT on it. It has a wifi network interface and a wired network interface and various routing and bridging capabilities. But it’s more prosumer. Ubiqiuti has pretty solid firmware (airOS) and I’m impressed with details like the web-based discovery tool and the way it reconfigures itself quickly without rebooting. Also the wireless implementation seems much more solid than consumer gear. And the hardware is designed for outdoor use with directional antennas, and supports distances of 5 miles out of the box. Pretty impressive.
One massive caveat: the wireless link startup time is slow. Like 30+ seconds, maybe 5 minutes the first time. It appears to be scanning the spectrum for the right channel to use. Not sure why that takes so long, or why you can’t just rely on normal 802.11 frequency hopping for the 5GHz links.
I set up a Nano M5 and a Nano Loco M5 paired together as a transparent ethernet bridge. That configuration means those devices are invisible to the rest of my network. My router sits at the other end and gets DHCP from my ISP’s equipment. The wireless network SSID for the nanos isn’t even visible (and anyway it’s not standard 802.11). I think this is the right configuration for my purposes.
The configuration is like this:
- A WISP POP a mile away with IP 18.104.22.168
- … via a wireless link to …
- ISP hardware in my tree, acts as a DHCP server and NAT router.
The WAN side is at 173.195.173.xxx
The LAN side is at 10.33.1.1 and provides DHCP and NAT to my house
- … via an ethernet cable to …
- Nano M5 in Access Point mode. WDS is enabled for bridging. This device has an IP address of 192.168.0.111 but that’s mostly invisible.
- … via a 5GHz airMax link to …
- Nano Local M5 in Station mode. WDS is enabled for bridging. This device has an IP address if 192.168.0.110 but that’s mostly invisible
- … via an ethernet cable to …
- My home router, an ASUS RT-N16 running as full AP + Router.
The WAN side gets its IP address via DHCP from the ISP (via the Nanos). It happens to be 10.33.1.23 at the moment.
The LAN side is 192.168.0.1 with subnet 255.255.255.0. Also provides DHCP and all the other home network services you’d expect
- … via an ethernet cable or 2.4GHz 802.11 link to …
- Desktop computers, mobile devices, etc in 192.168.0.*
The good news is I’m not doing triple-NAT anymore. My router is doing all the real NAT work for my house. The ISP’s hardware is also NAT but I’ve taken pains to only have the one device connecting to it.
The main problem with this configuration is from my house network I can’t access the Nano status pages at 192.168.0.110/111. My router and the rest of my house’s devices think all of 192.168.0.* is on the LAN interface so won’t send packets out the WAN interface where they are. I could hack around this with static routes but that’s dumb. I should reconfigure the Nanos to a different subnet like 192.168.25.*. Then I add a single static route for that subnet in my router and I think I’m done. (I could set them to 10.33.1.* but that’s a bit funky, I definitely don’t want to risk those devices being visible to the wider Internet.)
The other small problem I have is the secondary PoE port on the Nano M5 isn’t working. In theory this should provide power to the ISP equipment in the tree. Power passthrough isn’t enabled by default but I fixed that, still not working. More tinkering required, for now I just use a second PoE injector.
This Ubiquiti firmware is pretty powerful and I feel like there’s some simpler configuration where I get rid of my house router entirely, use one of the two Nanos to be the router too. I’m not sure that really simplifies anything though, I’d probably still want the third box acting as an access point inside the house.
I renumbered the Ubiquiti bridge devices to 192.168.1.110 / 192.168.1.111 and added a static route for them in my router. Works great. Next project; some sort of monitoring for them. They have SNMP and I find references to Munin plugins.
I also figured out the secondary PoE problem. I thought maybe it was total power; the Ubiquiti device wants 8W, the Cambium radio in the tree wants as much as 7W. So 15W total and the PoE injector only puts out 12W. But then I read more closely and discovered that the Cambium PoE implementation is reversed from the usual passive setup. Cambium puts positive voltage on pins 7 & 8, not 4 & 5 like everyone else. How stupid! Really dangerous, I’m lucky the magic smoke stayed inside the Cambium gear when I plugged it in. Maybe they engineered in some safety to overcome the perversity of using reverse polarity from what is common. (I hesitate to say standard, because there is no standard for passive PoE, although the 802.3af standard has a mode B that looks an awful lot like the passive PoE everyone but Cambium does.)
I’ve also discovered the radio in my house works in a closet, behind a relatively thick wall. Signal strength is degraded; airMAX quality is 78% compared to 95% with a clear view through the window, and max speed is about 200Mbps instead of 300Mbps. Still well above what I need for the 12Mbps Internet link though. Going to test it out, would be nice to not have to mount that thing outdoors or in the window.
(Some very boring notes so someone else can wire this up)
Conceptually, we’re connecting a wire from the antenna in the tree to the Ubiquiti NSM5, one long straight wire. But it’s complicated because we need separate PoE injectors to provide power to both devices.
The black wire from the tree goes to the Phihong PoE module. It goes to the port on the left, labelled “Data + Power”. Very important to use the right module; the Cambium tree antenna uses non-standard PoE and this Phihong PoE module is special. The word “PHIHONG” is in the upper left of the label, beneath a spiral P logo. It’s the longer module, that does not say “Ubiquiti” in the upper right. The top one in this photo.
An ordinary short ethernet patch cable goes from the “Data” port on the right side of the Phihong PoE module to the “LAN” port on the right side of the Ubiquiti PoE module. This cable is currently a 3′ coil of white wire (would be nice to replace with a 1′ cable). This cable is not powered, not PoE, it just carries data between the devices.
Another ordinary ethernet cable goes from the “PoE” port on the left side of the Ubiquiti module to the Ubiquiti NSM5 antenna. It goes to the port on the right labelled “Main”. The port labelled “Secondary” is not used.
Finally, plug both PoE modules into AC power. There’s an LED on the back of the Ubiquiti radio to confirm it’s powered, but it’s pretty hard to see in bright sunlight. Once the devices have power they both take about ~60 seconds to establish wireless links.