Getting started with the Ubiquiti AmpliFi mesh router

amplfi.router.on.table

The Ubiquiti AmpliFi router is one of the recent wave of consumer friendly mesh router systems. You can think of these mesh systems as routers that come with pre-matched, easy to use, Wi-Fi extenders.

AmpliFi competes with Eero, Luma, the Netgear Orbi and the soon-to-be-released Google Wi-Fi. Google's previous OnHub routers were a single device. I recently griped that AmpliFi does not support remote access, but it has other things going for it.

One is price, AmpliFi starts at $200 for a three unit system, making it the cheapest mesh option. Another is privacy. Eero, Luma and Google routers (at least the OnHub) require you to have an account with the company. AmpliFi and the Netgear Orbi let you be anonymous. 

Their anonymity extends to network traffic too. A few days ago, it was all over the news that Eero updated their firmware. In covering the story, Ron Amadeo at Ars Technica wrote that "anonymized performance and diagnostic data is collected from all Eero customers and used to make the performance of the system better." No thanks, I prefer privacy even if the cost is slightly worse performance.

All these mesh router systems are new products. Eero and Luma are new companies. Wi-Fi routers are a relatively new thing for Google. But Netgear and Ubiquiti have a long history of Wi-Fi products.

So, sight unseen, my initial preference among the mesh routers would be either the Netgear Orbi or the Ubiquiti AmpliFi. 

amplfi.router.on.table

The Ubiquiti AmpliFi router

There are three AmpliFi models, ranging in price from $200 (roughly) to $350. Each is a three unit system consisting of a router and two antenna sticks that Ubiquiti calls "mesh points". There is one Orbi model, and it costs $400. 

Most every AmpliFi review is of the high end model that was lent to the reviewer by the company. This article is about the low end model that I paid for myself.

My hope is that even a bottom-of-the-line mesh router system will be a big step up from a single device router.

I know someone whose Internet connection comes into their house in the basement on the south side. The bedrooms, however, are on the north side of the house on the second floor. It's a worst case scenario, the Wi-Fi signal has to travel diagonally through the entire house to reach the bedrooms. 

This article is based on my setting up the AmpliFi at home in preparation for installing at the just-described house. Time will tell how much AmpliFi can improve the Wi-Fi signal. 

INITIAL SETUP

The setup instructions for the AmpliFi are typical, and wrong. The setup instructions for all routers are wrong. The common mistake is connecting a new router to the Internet first thing. It is much safer to make some initial configuration changes off-line, then put the router online, behind the firewall of another router, while downloading the inevitable firmware updates. 

So, I connected the WAN port of the AmpliFi to a LAN port of an existing router and powered the thing up. You can do the initial setup without involving the mesh points.

One great feature of the AmpliFi is its screen. It's small and thus can't display a ton of data, but I really came to like it. Almond and Starry routers also have screens, none of the other mesh router systems has one.

Frustration started immediately; there is no documentation on how long it takes the router to start up, what the display shows while its booting and how you know when its ready to go. For the record, there are dots on the display while its booting.

When its ready, the screen prompts you to install either the Android or iOS app. I did neither, instead I used a web browser for the initial setup.

This required connecting to a temporary open, unsecured Wi-Fi network created by the AmpliFi. While this network exists, anyone nearby can connect to it, which is why its great that the initial setup (picking an SSID and password) can be performed off-line. As far as I know, the Netgear Orbi is the only other mesh router that can be configured off-line.

The name (SSID) of the temporary network was "AFi-R-802AA896F247 Setup" but it fooled me at first. The name is displayed on the router screen but "Setup" was on a second line and I thought it just meant we were in the setup phase. Duh. The middle section of the SSID is, as you may have guessed, one of the many MAC addresses of the router.

You can't help but notice, at this point, a bright white light on the bottom of the router. No doubt the color means something, but what? The Quick Start Guide doesn't say. The full User Manual confusingly uses the term "LED" to refer both to this light and the small blue dots on the mesh points.

Turns out, this light does not change color, it just blinks sometimes. The manual says that while the router is being configured the light will flash slowly. That was not my experience.

I connected a Chromebook to this temporary Wi-Fi network and it warned that it "may require you to visit its login page" which I took to mean that the Chromebook thought it was connecting to a captive portal.

The instructions say to start a web browser and wait, that router setup pages should magically appear in the browser. They did not. Thinking it was a captive portal, I tried to go to a website and, sure enough, that triggered the router startup wizard.

Interestingly, the browser was directed to amplifi.lan. I mention this just as an FYI, I had never seen a ".lan" domain name before.

You are required to pick a name and password for your Wi-Fi network. This is a great security feature, it is time to retire all default passwords and SSIDs.

All routers have, at least, two passwords, one for administering the router itself and one for Wi-Fi. The AmpliFi defaults to using the Wi-Fi password as the router password ("Use the same password for administration"), but I opted for the more secure option, setting a different password for the router.  

Entering the router password is an accident waiting to happen. There is no option to see the password as you type it and you only have to type it once. Make a typo, and you have to reset the router.

After the initial configuration, I tried to log back into the router for more advanced tweaking, but it rejected the password. Or at least I think it did, the router wasn't polite enough to actually display an error message. Perhaps I had made a typo when setting the router password?

The router was, otherwise, working fine. It had picked up the correct date and time and was displaying them on its round screen. I've seen uglier clocks.

A scan with the Android WiFi Analyzer app showed that the AmpliFi network was not using WPS. Great.

On the 2.4GHz band, it was on channel 1, which I found to be a strange choice. The router was in the same room as another router that was also using channel 1. The ability to force a specific channel is one of the advanced options I was looking for. Time to start all over.

Resetting the router was easy enough, it has the usual pinhole and a paper clip did the trick. The screen says "rebooting" while it's rebooting, which is more informative than the dots it displays during a cold boot.

Initially, the router assigned itself to the 192.168.187.x network, a nice change from the customary 192.168.0.x and 192.168.1.x. This time, it defaulted to 192.168.199.x. Not only does the AmpliFi not use the common subnets, but it seems to be randomly choosing one. Another example of avoiding defaults. Well done Ubiquiti. If you don't like this subnet, you can change it in the app.

However, Ubiquiti left one default that you can't change - the router is always computer number 1 on the LAN. The first time around, the router was 192.168.187.1, the second time it was 192.168.199.1. Some router attacks assume the router is computer number 1, so I always make a point of assigning it to a different number.

This time again, after the initial setup, I could not login to the router from a web browser. So, I reset the router a second time, and chose the short "xxxx" as the password, hoping it would be typo-resistant. That the router let me pick a 4 character password shows that although Ubiquiti is an enterprise oriented company, the AmpliFi is clearly targeted at consumers.

And, typical of consumer products, the AmpliFi seems to have been rushed out the door. I could not logon with my 4 character password either. This was not a typo issue.

I guessed that there might be a bug in the code that sets the router password. So, yet another router reset, and this time I kept the two passwords the same. Bingo. Now I can logon to the router.

All this trouble turned out to be for nothing. After the initial out-of-the-box configuration, the web interface does only one thing. It lets you change the type of Internet connection: DHCP, Static or PPPoE. Nothing more. It's an app world.

The current version of the Android app is 1.0.4, released November 3, 2016. The app has been installed between 1,000 and 5,000 times, has 62 reviews and 4.2 rating. On iOS, it's at version 1.0.5 , from November 2nd and has only 6 reviews. 

Ubiquiti says the iOS app requires Bluetooth, while the Android app does not. I ran the iOS app on two devices, each with Bluetooth disabled and the app seemed fully functional. 

In general, I found both the Android and iOS apps confusing to use. Some icons are there for display purposes only, but other icons are clickable. It takes trial and error to figure this out. And, rather than a standard OK, SAVE or APPLY button, you tell it to make the changes you just entered using a check in the top right corner. Except, for the changes that take effect immediately.

The Guest network defaults to open, so, of course, I tried to set a password. It has to be entered twice and initially they did not match. Correcting them, did not remove the error message about their not matching.

Speaking of passwords, nowhere in the app or the User Guide does it say if passwords are case sensitive, how long they can be or whether certain characters are not allowed. 

UPDATING FIRMWARE

The first thing I set out to do in the app is update the firmware. This is the one area where AmpliFi significantly lags it competitors, firmware updates remain a manual endeavor.

The router shipped with firmware version 1.2.1, the latest (as of Nov. 19, 2016) is 1.4.2. My first roadblock was immediate, a warning that it is not recommended to update the firmware in the router without also updating the mesh points. I had not yet dealt with the mesh points.

I played it safe, plugged in the mesh points, made sure they were online, then updated all the firmware. The process was opaque, you can't see the different phases (download, install and reboot) and there is no progress bar and no time estimate. Still, the mesh points and the router were all upgraded to version 1.4.2.

Immediately afterwards, the app complained that it was "unable to locate device". What device? It didn't say.

While the router was re-booting, my Android tablet had connected to another Wi-Fi network. I made a note of this, went back to the app, and all was well. The tablet was again connected to the AmpliFi network. Strange.

Any router that depends on humans to upgrade the firmware needs some help.

It would be great if Ubiquiti offered a mailing list to tell their customers about newly released firmware, but they don't.

Some routers can automatically check for new firmware, even if it has to be manually installed. It would be helpful if the AmpliFi put a notice on its very visible round screen that new firmware is available, but I read all the documentation I could find, and it doesn't seem to do this. It is not clear if the mobile app automatically notifies you of new firmware or if you have to look for it yourself.

Then too, some of us like to know what changes are being made. I looked for a history of firmware releases but there doesn't seem to be one. All, I found was a question in the FAQ, What are the updates in the latest firmware release?

On iOS, the app has a release history in the app store, but the description of the changes is minimal. The Android Play store does not keep a release history. 

POKING AROUND

This being my first mesh router, I did some poking around into how things are setup. Initially, I wanted to get the lay of the land, to see signal strengths and what's connected to what.  

amplfi app700

The home page of the AmpliFi app

Both the router and the mesh points indicate the strength of the signal between them. On the mesh point, there are five blue dots. If all five are lit, the signal strength is excellent. Fewer lights, mean a weaker signal. The app shows the signal strength to each mesh point with a bar graph on its home page, as shown above. In this case, the bedroom mesh point has a strong signal and the kitchen mesh point has a weak one. If you click on the picture of a mesh point from this screen, you can see the signal strength as a percentage.

The client section of the app shows all the devices communicating with the router. Clicking on a client, offers details, including its signal strength, both as a percentage and as a bar graph. It also shows which device the client is communicating with. Confusingly, this field is labeled "Access Point," a term that means something else to most networking folks. 

I did not test how well the AmpliFi handles switching a mobile device between the router and the mesh points as the device moves around. But, it's good to know that such testing is possible. 

One nice feature is the ability to change the Wi-Fi frequency band used by each mesh point to communicate back to the router. It defaults to the faster 5GHz band and if the mesh point has a strong signal, all is well. However, if the signal is poor, you can try using the longer-range 2.4GHz band. My AmpliFi was perfectly happy with one mesh point using 5GHz and the other using 2.4GHz for its backhaul connection. Cool.

Note that whichever frequency band the mesh point is using to communicate with the router, it is available on both bands to communicate with your computers / phones / tablets.

I am a big fan of the Fing network scanner and running it on the AmpliFi Wi-Fi network turned up an interesting point. Each mesh point showed up in the scan with its own IP address. The app hides the IP address of the mesh points.

A Fing services scan showed that TCP port 80 was open on the mesh points, they were running a web server. So, of course, I tried to access one with a web browser. I was met with a simple web page that prompts you to download the AmpliFi app. The page also has a blue SUPPORT button. Clicking it, displayed the firmware version of the mesh point (this is available in the app) and a green button to download a file of diagnostic data. Nothing interesting.  

More to come ...

Update: Nov. 26, 2016. Fixed four typos. 

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.