Point to Point Wireless with LiteBeam

From time to time, we get asked a question like “Hey, I need to get signal to a building that’s not part of our regular building. Can you do that?” and the answer is usually, “Sure, we could bury a fiber, or fly a cable,” mostly because we haven’t felt the loss in speed and signal makes sense. We recently had a situation that called out for a wireless point to point link, though, and that got us thinking.

Our client took a new space on an upper floor of a warehouse building, across the loading dock from their storage space. They have a staff of two or three on the far side of the gap, and they wanted to extend their current connection to this space without paying for a second internet connection, relying on cellular hotspots, and the building is such that a flown cable or a trenched fiber was impractical.

They’re a Ubiquiti shop, and so we looked at our options. There are the NanoStation and NanoBeam options, but our reseller house of choice was badly backordered, so we ended up with a LiteBeam AC Gen2 setup. I think, given what we found regarding our mounting situation, it’s fortunate we ended up with the antenna geometry and power pairing that was present in the LiteBeam.

The LiteBeam gear is powered by 24V passive injectors, or, if your switch is capable, it can take 24V passive POE directly off a switch. Most places aren’t going to have switches capable of 24V power, and it’s a real bummer that’s what this requires. I’m still scratching my head why this won’t just take standard 802.3af.

When we toured the space, the client suggested that we could mount the warehouse dish on the exterior of the building and “easily” plumb the cable into their space. On the office side, we could position the dish in the north-facing window. There was no roof access, and definitely no exterior penetrations permitted in their space. So through the looking glass we went.

The LiteBeam antennas are parabolic reflector dishes approximately 14″ wide by 10″ tall by 10″ deep. They come with adjustable mounting equipment, including a super helpful hoseclamp mount.

Specifications of the LiteBeam Gen2

Assembly is fairly rapid. The dish ships in three panels which slot together nicely, then screwed together, the feed receiver attaches via tension tab mounts, and the antenna feed snaps into place. From there, you can attach the elevation and azimuth mounts, and which then attach to the pole mount kit.

But, what if we don’t have a pole to mount to?

It was off to the hardware store to talk to my friend neighborhood Annie’s Ace Hardware folks about ways to handle this. What we settled on was a set of galvanized flanges and pipe joints, which easily allowed us to mount an elbowed pipe to the vertical wall of the warehouse, and an offset pipe mounted to a piece of 2×4 with lag bolts for screwing into the window frame. This gave us superb stability at a cost of less than $50.

Two LiteBeam dishes with attached mounting kits, resting on a dining room table. A LiteBeam dish hanging from a pipe mount beneath a 2x4

Having mounted the office side, we went to mount the warehouse side. After several broken concrete anchors, and a trip for a bigger drill and better anchors, and a lot of creative cabling, we were able to get the second dish properly mounted. Time had come to setup and test.

Now, we’d laid the groundwork ahead of time, and everything had been firmware updated and tested and prepared from inside the warm office, before heading out into the cold. We knew these things should easily sync up, we just had to get there, and get the dishes aligned.

LiteBeam Wireless Link mounted in its final position

If we were smart, I’d have picked up a green laser pointer to help with the alignment of the two dishes, but Mark I Eyeball still does the job pretty well. On our first attempt we got the wireless link close enough to register without having to futz with the positioning, we’d gotten close enough for a functioning link:

An image from the setup up showing functional links

The patient lives! We were getting about 20Mbps through the link, on a connection that is often twenty times that fast, so we knew we had work to do. We were able to get the signal up to 40dB of signal, and that was about as good as we could get. With the LiteBeam good for kilometers, we knew we should be doing better at a distance of under 200 feet.

To test our theory, we unmounted the dish and stood outside with it, and sure enough, signal strength spiked back up to the top of the range. The window’s coating was messing with our signal. There was, unfortunately, no fix for that, as glaziers weren’t in the budget for the move, but we did get service on the far side of the link up to 50Mbps on our speed test, more than adequate for a staff of two primarily doing light streaming and office work.

Lessons Learned:

Building penetrations are never as easy as they say they are.

Window glass can be a tougher barrier to signal than you’d think.

A laser sight of some sort is required for point to point wireless.

Sometimes $50 at the hardware store is going to be plenty for creative mounting solutions.

The LiteBeam Gear is pretty awesome, but you need 24V Passive POE to power it, which is not awesome.

UniFi CloudKey Basic Setup

After the last post, my friend Thomas Fuchs asked me if I might do a little service journalism:


So I toddled off to Amazon, and picked up a UniFi CloudKey ($79 or so), and a UniFi PRO AC access point ($130 or so) for delivery. I already have a router here at the house (Kerio Control Box, and a small POE Switch (Netgear GS110TP, $110 today). I won’t be covering the Ubiquiti Security Appliance ($110) or Ubiquiti 8-port UniFi Switch ($200) setup in this piece, though I’ll be ordering ones to play with for a future piece.

Ubiquiti CloudKey and UAC Pro

Ubiquiti CloudKey and UAC Pro

Why a CloudKey At All?

Ubiquiti Networks are designed to work with a controller of some kind. This can be a downloaded application that runs on a computer you already have, or be configured to run on an Amazon Web Services t2.micro instance (free for a year, $150/yr after that), but the easiest way to have a small dedicated appliance that’s ready to go at the first moment is the CloudKey, a small appliance, slightly longer, but slightly narrower, than a Raspberry Pi.

The CloudKey is your dedicated controller for your network, be it just an AP, or an AP and a switch, or a couple APs, a switch or two, and a security gateway.

What’s Included

Since Amazon is the world’s most efficient shipping operation, everything showed up in one medium-sized box. The Cloud Key and the PRO AC each come with (almost) everything you need to make this all go.


  • CloudKey Appliance
  • Ethernet Cable
  • Memory Card


  • UAC Pro AP
  • Mounting Kit
  • POE Injector
  • Cover

This is almost everything you need to make a go of it. What’s missing? Well, if you lack a POE switch, you need a 5V/1A Micro USB power source for the CloudKey. And, for the UAC Pro, you’re going to need one Ethernet cable if you have a POE switch, and two if you just have a standard switch. So, plan ahead, and if you’re not using a POE switch, stock your supply kit accordingly.

Setup is a two-part process: CloudKey first, then Network.

CloudKey Setup

Open the box, and you’ll see there’s three things in there, save the manual: The appliance itself, a stubby 6″ Ethernet cable, and a Micro SD card.

Slide the Micro SD card into the rear of the device, taking careful note of the pictogram on the device to line it up properly. Once you’ve got the card in place, plug in the ethernet cable to the device, then into your switch. If you’re flying without a POE switch, plug in the Micro USB cable.

This will boot the device, and you’ll see a white light on the center of the CloudKey as it starts up.

The next step requires access to your router, or the installation of their Device Discovery Tool. Once you’ve determined the IP address of your CloudKey, visit that address in a browser. They recommend Google Chrome, or Mozilla Firefox, but my experience says Safari for macOS and iOS both work just fine.

CloudKey Initial Login Screen

CloudKey Initial Login Screen

This is the initial screen for the CloudKey. We’re going to start on the bottom half, Configure Your UniFi CloudKey.

The CloudKey will walk you through initial setup. You login with the ubnt : root combination of username and password, and it will take you through the rest of the easy steps where you set your locality, an administrator password, and the rest. Once you’ve gotten to the main interface, you’ll want to check to make sure that your CloudKey is up to date. Mine shipped with 0.4.3, and 0.5.5 is current as of the authoring of this post.

UBNT CloudKey Interface

UBNT CloudKey Interface

I found that once I upgraded the firmware, I still got a “Hey, turn the device back on!” message, for the first two refreshes of the admin page. That did go away eventually.

Ubiquiti Network Setup

Once you’ve got a password for the CloudKey and it’s been setup and provisioned, it’s time to start working on the network itself. Plugin the UAC Pro if you haven’t already, and make sure the LED in the main ring activates.

Go back to the CloudKey address, and this time, instead of setting up the CloudKey, you’re going to want to setup the Network itself, the top option.

First up, Location & Timezone. This one’s easy.

Initial Ubiquiti Setup Screen

Initial Ubiquiti Setup Screen

You’ll now see the UAC Pro and you’ll want to continue. Check the box next to your AP, and click Next.

Ubiquiti Device Setup

Ubiquiti Device Setup

Here’s where you setup your initial network name (the Secure SSID) and password (the Security Key) for your Wi-Fi network.

Configure SSID

Configure SSID

Then setup your Controller username (different from the CloudKey admin!) and password.

Controller Access Setup

Controller Access Setup

Last up, you have to setup your Ubiquiti account. If you haven’t yet, you can setup a Ubiquiti account before starting, otherwise, it’ll guide you through that process as well. This is what you can tie your whole chain together with – Security Appliance, Switches, APs and CloudKey.

That’s the basics of the wireless network configuration. There’s more control available, though. By default, the UAC Pro uses 20MHz channels in 2.4GHz and 40MHz channels in 5GHz. The sidebar of the main controller view will let you alter the radio controls of the APs. Select the Device, and click the Configuration heading.

Device Configuration Detail

Device Configuration Detail

Here, you can select the channelization of each radio, as well as the channel width and broadcasting power. You can enforce Airtime Fairness, if you’re worried about device dominance, or use Band Steering to force your devices to use 5GHz as much as possible. You can also configure your device’s IP information here, give the AP a specific name.

You can also setup basic maps of your APs using the Maps section and blueprints of your space. This will, if you have multiple APs, let you triangulate the location of devices, as well as map coverage areas and guesstimate signal strengths based on readings from each location. While no substitute for a proper survey, it’s a pretty good guess for getting started.

Next time: Setting up the Security Appliance and integrating the two.

Whither Wi-Fi? Recommendations in an AirPort-less World

Today, Bloomberg Technology News released a story that heralded the death of one of my favorite products over the years, the AirPort. It is one of the few products currently available at Apple that predates my career as an Apple Admin(1). Over the years, we’ve seen a lot of features crammed into these little boxes, and I have a tremendous fondness for them overall.

My thanks to Apple for building a good, solid little box that did so much. I’ve got some recommendations that I’ve been thinking about for some time, along a couple different lines of thought:

Budget Performance

I have yet to find a device that I like more than the current AirPort Express, just in terms of what it does: Home Router, Home Wi-Fi, AirPlay speaker, remotely managed. There isn’t anything I’ve found that is as easily-managed as the AirPort line is. But there are some good options:

  • Archer C7 (<$99) – 802.11ac, 3×3:3, USB Port for basic NAS

* The UI doesn’t totally blow
* Good performance for throughput
* Good coverage for 5GHz for single-floor, drywall construction dwellings

* Not great at density
* Not very useful just as an access point
* NAS performance very limited.

* Synology UI that you like from your NAS
* Beamforming Support to alter coverage areas
* Good performance for throughput

* No USB for direct storage, meant to be used with an existing Synology NAS

Mesh Networking

In the early days of Wi-Fi, Wireless Distribution System (WDS) was an extension of 802.11g that would allow you to use Wi-Fi access points as wireless relays to expand coverage. I wrote a piece for an early edition of Make Magazine on how it works, and it’s been something we’ve used various places over the years, but mostly only when we’ve had to. Each wireless link in the chain can halve your bandwidth, and clog the airwaves. It’s a last ditch effort.

Or, it was, until some new players like eero and Luma started to dip their toe in the proprietary Wi-Fi world, and brought legacy companies like Netgear to the fight. Neither eero nor Luma carry Wi-Fi Alliance certification, but I don’t think that should be the end-all, be-all of the world. I’ve recommended both eero and Luma to clients, and some have adopted it. There are some interesting choices that they’ve made, and there are some consequences to that. Overall, these technologies share the same Pros & Cons:

* No wires required!
* iOS App Setup
* Interesting features not found in other platforms
* Works as a Router solution

* less configurable radios
* proprietary is harder to troubleshoot
* wireless backhaul is still problematic for throughput

eero 3-pack – $499
Luma 3-pack – $296
Netgear Orbi 2-pack – $397

Prosumer Wi-Fi

There are a couple of good options from the big providers of Wi-Fi for home use, too. They’re a step up in cost, but they come with a good step up in performance, too. These are all pure access points, though, they’re not routers, and they don’t have router-like options. This is all about the best Wi-Fi you can build, not AirPlay, not Routing, not remote management.

UniFi and Xclaim are the two that I see most often, and both represent good values. Xclaim is the budget line from Ruckus, and is meant to be cloud-controlled. It is equivalent to the R300 and R500, but without the 6dB of interference mitigation or any of the beamforming that make their APs my go-to on the Pro side. The UniFi APs from Ubiquiti are solid performers, but don’t carry the interference mitigation a large urban environment may require.

  • Xclaim Xi-3 ($249) – 802.11ac, 2×2:2, Made by Ruckus
  • Xclaim Xi-2 ($220) – 802.11n, 2×2:2, Made by Ruckus

* Free cloud dashboard
* Includes POE Injector
* Supports multiple SSIDs and controls
* iOS/Web configuration tools

* No beamforming or interference mitigation
* Only 2×2:2

* Good value APs
* Works with a local Cloud Key controller or AWS t1 micro instance
* Supports multiple SSIDs and controls

* Interference mitigation is a problem in dense environments
* 802.11n AP susceptible to hardware failure after 2 years
* UAP-PRO is only 2×2:2
* UAP-AC is almost $300.
* Needs either a Cloud Key or an AWS instance for best management.

Final Thoughts

The end of the AirPort is a sad day for me, I’ve probably managed close to 100 of them for clients in the last ten years, and I know we are currently supporting 25 of them in daily use. I don’t think there’s a good AirPlay option out there to replace them, sadly, so if that’s your current favorite streaming audio technology, now would be a good time to stock up on extras.

AirPort was a groundbreaking technology when it was released, and the first AirPort-capable Macs were magical in a way that we take for granted now. When people ask me what my favorite miracle of modern technology is, I reply without hesitation: Wi-Fi. Apple lead the way for a long time, focusing on building consumer-friendly products that did a lot. None of the solutions above carry with it the user-friendly function-focus of the AirPort, and that makes me sad. But, new companies like eero and Luma are making wireless do things that Apple has decided not to do, and so the future lives with them, or with the professional access point manufacturers who work down market like UniFi and Xclaim (Ruckus). I think we’re in good hands, even if they’re not Apple’s.


(1) The portables have all changed names, the mini, iPod, iPhone and iPad didn’t exist, the PowerMacs became the Mac Pro, only the AirPort and the iMac carry their original monikers. Crazy, right?

Eero – More Than Meets the Eye

I’ve been fascinated by the Eero for some time, mostly because I love the idea of dirt-simple wireless mesh access points. That’s a challenging space to operate in, and if it’s done well, it has the potential to do a lot of good in putting crappy wireless repeaters out of the marketplace before they convince someone to do impossible things with Wi-Fi.

Recently, though, I’d read some odd things about them, and I wanted to see if I understood the whole situation. First up was something specifically I’d read: they use 40 MHz channel widths in the 2.4 GHz spectrum. My primary experience with devices that work like that has been finding them in use at various corporate sites where they’re just blotting out entire swaths of a very crowded spectrum. It lead to this slide’s existence:

40MHz Channel Widths in 2.4?! Weehawken, Dawn. Guns, Drawn.

It’s safe to say that I feel strongly about this.

Weirder, though, the Eero doesn’t move from its channel position at channel 1 no matter the situation. While 2.4GHz does only have three channels in 2.4 that are unencumbered by adjacent channel interference, it seems odd to pick one and lock right down to it. I asked the CEO of Eero about this on Twitter, and he came back with evidence: “Across now thousands of networks, the best channel has been 1.” In addition, while it will default to 40 MHz widths in 2.4 GHz, if things are crowded, it will dial it back to a standard 20 MHz width.

Fascinating, right? Wait ’til you see what else they’re doing.

802.11ac in the 2.4GHz band?!

802.11ac in the 2.4GHz band?!

Yes, that graphic is right. They are using 802.11ac in the 2.4GHz range! HOW?!

Well, for one, Eero is not Wi-Fi Alliance certified, which means their gear isn’t necessarily adhering to every part of the 802.11 set of standards as designed and approved by the IEEE. That means that they can choose to do more innovative things with their units, at the cost of a pretty and recognizable badge on their box.

Now, why’s this all matter at all? The culmination of our Wi-Fi deck at Cascadia was the definition of transmit speeds, which depend on the guard interval, the encoding and modulation scheme, the channel width, and the number of spatial streams available. Like a mathematical equation, these group together to give us a decent result. Wi-Fi works by encoding signals through amplitude modulation and phase-shift keying, which combine to put the wave in a specific position in a given polar chart, like so:

64QAM Chart

64QAM Chart

Depending on how the amplitude and phase are shifted together, you can line up each symbol in one of 64 positions, which a fourier transform can quickly calculate. That’s how Wi-Fi works. But until 802.11ac – which is a 5GHz technology by specification – 64-position Quadrature Amplitude Modulation was the limit. With 802.11ac, when conditions are right, everything upshifts to 256-position QAM, and the chart gets a whole lot denser:



Sure enough: 2 spatial streams, with a short guard interval, in a 40MHz channel in the 2.4 GHz band, at 256QAM 5/6, gets you a 400Mbps Tx Rate, and that’s what Wi-Fi Explorer sees in this test provided by a friend-of-a-friend.

It’s a pretty neat trick to make 802.11ac work in the 2.4 band, especially when you think they’re flouting the standards to prove a point. I’m interested to see a little more about how these handle the backhaul between units, but I’m not sure I want to spend $500 to find out more.