Sense and Unifi

More of an FYI than a question, but wanted to let people know they use Unifi network gear, don’t just blindly enable “Block LAN to WLAN Multicast and Broadcast Data” if you’re using HS110’s (or probably WeMo plugs). Apparently it also curtails wireless to wireless device communication and it breaks the HS110’s talking to Sense.

I’ve been working on multiple tweaks to my home network, and that was one that surprised me. You can whitelist specific devices to not be blocked, but I haven’t tried that yet.

Similarly, I’ve been seeing some odd behavior with my Sense since adjusting the minimum bandwidth setting for 2G on my network. It seems to occasionally not be able to get an IP over DHCP. It eventually does, but it seems to take its sweet time. Does Sense have any documentation regarding any of this, or have you done any in house testing regarding minimum speed settings on wireless networks?

My experience two weeks ago, trying to install a more “intelligent” Netgear managed switch in my house has taught me about the reality of many IoT devices and simple consumer networking gear. Most need some form of broadcast to operate efficiently, or even at all in some cases. To make that Netgear switch work with a Netgear ORBI wireless system (wired backhaul), I had to do the following steps to remove any switch functions that might filter out required broadcasts… Sense and Kasa apps also had trouble until I changed these default settings:

STP:
A. Login to the management page of the switch
B. Select Switching > STP > Basic > STP Configuration.
C. Next to Spanning Tree State, Select Disable and click on Apply

IGMP Snooping:
A. Login to the management page of the switch
B. Select Switching > Multicast > IGMP Snooping > IGMP Snooping Configuration.
C. On the IGMP Snooping status, select disable and click Apply

DHCP Snooping:
A. Login to the management page of the switch
B. Select Security > Control > DHCP Snooping Global Configuration.
C. On the DHCP Snooping Global Configuration, select disable and click Apply

minimum speed for Sense: no data, but their network requirements do say that its going to transmit 200-300MB of data across your internet per month… breaking that down to the second, it shouldn’t need much bandwidth…

as far as DHCP, my experience and opinion is to put devices like Sense on static… I don’t suggest everything static… just devices that you don’t want to wait for DHCP to lease out to… I don’t put servers on DHCP… so devices I class like a server are static… in my home: server, nest thermostat & protects, security cams, security hub/system, PV system monitor, and Sense are all static… but a managed static… I don’t set them static in the device… I let my DHCP server (pfSense, router), assign a static to the MAC of the device… what I call a managed static… and the statics are outside the DHCP range so there is no future issue of devices getting the same IP… for example: my DHCP range is xxx.xxxx.xxx.21 to xxx.xxx.xxx.250… xxx.xxx.xxx.20 is my router, with managed switches/APs in the xxx.xxx.xxx.16 - 19 range… security cams in the xxx.xxx.xxx.1 - 10 range… servers in the xxx.xxx.xxx.11-15… leaving IPs above 250 for NTP protocol/sync… I’ve used this same method for years, even as a network admin, there was always a slot/class for devices to be put into… if I needed more IPs, I just broaden the band… but static or not, everything gets an IP from the DHCP… but statics don’t get lease times… so no interrupted network connections…

since the routers job (properly configured) is to mask the LAN IPs/ports from the internet, having static IPs on the LAN should never be a security issue…

I don’t choke down my bandwidth or use traffic shaping/prioritization… I have in the past, under certain configurations… but for my home (175 Mbps down / 5~6 Mbps up) there’s just no point… 1 Gbps wired / 800 Mbps wireless - I’ve had as much as 4 full HD streams at the same time and can still go get my emails or surf, just no need to regulate it…

Sorry, I don’t mean minimum speed that way. I mean minimum data rate for wireless. So in my case, I’ve disabled 802.11b speeds, and told devices they must be able to support at least 6mbps. Sense does that, but since then it’s been a little odd.

All my devices have reserved (assigned) IPs. So the DHCP server always gives them the same address anytime they ask. I don’t see a way to tell Sense to have a truly static IP (to tell Sense “you are 10.0.0.x, don’t ask DHCP for an address”). So that’s not really an option.

My HS110s weren’t been seen by Sense and by trial and error learned the same thing. I use UniFi and also had to uncheck “Block LAN to WLAN Multicast and Broadcast Data” before they were identified by Sense. I keep all IoT devices such as this on a VLAN keeping traffic separate from my primary network which I thought might be the issue but it is working fine.

@staze I see what your trying to do, but in my opinion, you are doing wrong… I used to think as you do and try to force devices to keep as fast a speed possible… but I learned over the years that its more headache than its worth… a perfect example of this is my Roku Stick+, I have 4 of these in my home and I’m running a TP-Link Deco M5 mesh wifi and I have (4) pucks (as I call them) throughout my home… even though my Rokus support 5Ghz, they often connect to 2Ghz and even connect as low as 1Mbps… as soon as I direct my Roku to stream a movie, I can watch it change to 5Ghz and connect up to 700Mbps during the movie… once its done, it ramps back down…

this is a characteristic I’ve seen from a lot of newer devices (I think its the energy management that causes this)… besides devices that constantly change wifi connection, I’ve also noticed that wifi never stays the same… wifi signals fluctuate as the day goes on and even introducing a new wifi client on the network changes the shape/signal coverage it has… its one of the reasons why I moved to a mesh wifi, to reduce this… I used to try, as you are, to keep things connected as fast as possible thinking that was the best network… what I’ve learned is build a big powerful network and just let the devices do what they want… its worked better for me…

I understand what you’re saying, but I disagree. Cell congestion is the reason you disable slower speed devices and connectivity. Broadcast messages are sent at the slowest speed, so upping that slower speed speeds everything up.

All I’m asking for is if Sense has done any testing in house regarding this. Maybe @RyanAtSense might be able to chime in.

Thanks.

hi @staze

My guess is that the TI chip does support the 6mbps data rate as if its the one I think it is, it is a b/g/n chip. But keep in mind that if the signal strength is not great, it may not be able to connect at that rate.
If you drop the data rate and let the Sense connected again, can you look at it on the UniFi dashboard and see what rate it is connected at and what its signal strength is reporting?

In regards to Broadcast traffic, as mentioned elsewhere, you pretty much always need to allow broadcast traffic on if you are dealing with IoT devices that connect to your phone/ or other devices in your house directly and not via a cloud service. So a nest thermostat for instance doesn’t need broadcast traffic because you set it up by connecting to its generated wifi, and then once its on your network, all communication happens via the Sense servers. You want to change a temperature, you phone tells Nest servers and Nests servers tell the Thermostat.

Smart Switches, Smart plugs, smart fans etc… for the most part all communicate with your phone (and each other) locally on the network. Many offer enabling “remote access” which will then also connect them with a cloud service for remote management, but that is pretty much what it says. Used for remote usage (outside your home). But when you aren’t using the remote connection, the communication happened directly and your phone finds the device via broadcast.

This is why frequently you see people creating VLAN’s for their IOT stuff so that all that broadcast communication stays separate from the main data network. The downside of this is that without doing some specific routing trickery, often you lose that “internal” control unless you switch your phone over to the IOT network.

@HiTechRedNeck
I do similar to you and set many “static” DHCP reservations, but I don’t quite agree with you on the DHCP lease time comment. Maybe your DHCP server is different, and I know its possible, but I’ve never encountered a consumer or prosumer DHCP server that sends out “infinite” DHCP lease times.
Mikrotik, Unifi and Barracuda F Series all honor the lease time of the DHCP server. The reservation is just that, a reservation, so that if the DHCP table is cleared, at least those reserved devices will always get their same IP’s. Halfway through the lease time, the devices should still be pinging the DHCP server for a renewal, but they just keep getting the same one.

@kevin1
I think Orbi specifically does some weird things as generically speaking, those settings should not have to be disabled to allow the communication that most IoT things need, with a giant exception for Sonos speakers. I can’t remember off the top of my head, but I know there are a few products out there that have called out compatibility issues with Orbi. All that being said, except for STP, DHCP and IGMP snooping also doesn’t need to be on for 98% of households.

I have all my IoT devices on VLANs. And yes, I understand it’s all through Sense once it’s configured. The issue is that Sense talks to the HS110’s over broadcast traffic locally. Which is odd… one would think it would be unicast.

Makes me want to create another SSID for my Sense related stuff so I can leave broadcast on on it and turn off elsewhere. =P Or just whitelist those devices for broadcast traffic.

And yes, TI chip works fine other than occasional hiccups. Could be something completely unrelated. Or could be I’m seeing some bug with Unifi dashboard, Unifi firmware, or Sense firmware. Would really love to see logs from my Sense to see if there are any DHCP issues (Sense support didn’t give me this info).

I have Sonos speakers and Apple access points, as well as trialing ORBI. All three were hosed by the Netgear GS724 switch with default settings - and required the changes above to operate. My original GS116 Netgear switch interoperated perfectly with all three. BTW - I gave on the ORBI because the 4 year old Apple basestations actually gave better coverage than a 3 ORBI config.

I moved the Sense and smartplugs to an IoT guest network, that uses the same hardware but different subnet/IP allocation. Seems to work just fine.

How are you seeing that it’s taking a long time to obtain a leased address?

While you are waiting on Sense to reply, have you tried to run Wireshark from within that Vlan to see what Sense is actually doing? You should be able to filter based on UDP/68 & 67, but may want to look at port mirroring to see unicast traffic as well as broadcast. Is the lease actually expiring before you see it having problems with obtaining an IP?

Is UniFi showing that Sense is staying connected the whole time? You should be able to look at Events in the GUI or actual server logs on the controller to verify what the event log shows. In the GUI you can search by name whereas in the controller CLI you would need to grep the last 4 of the MAC address. The reason I ask is because even though Sense has a fairly stable signal level I see that there are times where the connection rate dips down pretty low; below your 6Mbps threshold:

Sense Client Stats.png944×905 136 KB

I also have a UniFi network so if you can’t figure it out I may look into replicating your setup. What model access point and firmware/UniFi versions are you running?

Hi Jeff,

I’m on controller 5.10.5, AP is a UAP-AC-Pro (4.0.18.9926) (DHCP is handled by my USG3P, and controller is a UCK-Gen2+). What I’m seeing is in the client list, I’ll often see the Sense have a 169.254.x.x address (self assigned). As I said, not entirely positive this is a real result, or if the Unifi dashboard is just doing some weird caching. There are no events outside of me applying AP firmware updates or otherwise the AP reprovisioning. Also of interest, I have loggly set up to log my unifi logs, and I’m not seeing anything in there either. So I’m starting to think it IS just a unifi dashboard oddity.

For example. while talking right now, it went from a 10.0.6.x address (my IoT network) to a 169.254.x.x address. Then if I wait a minute or two, it goes back to its normal address. I’m going to set up a ping monitor to see if it’s actually ever losing traffic.

I’m running the same version of UniFi. Is your IoT network setup as a guest network?

nope. corporate. no other devices have issues. not even sure Sense has an issue… this has kind of spun off of the random gaps I’ve been seeing in data (and others have reported)

I haven’t read this whole thread thoroughly, so apologies if I’m coming out of left field here. I am also running a Unifi network with two UAP-AC-LITE APs. I don’t think I had problems with Sense in particular, but I did have problems with other 2.4G only IoT devices when using the 5G band steering functionality, and when using auto channel selection on the APs. This wasn’t a problem with the old UAP-LR APs I had, but when I upgraded to AC I had issues until disabling those two features.

This fixed my issue almost immediately.
I had been fighting with the plug and had finally given up.

I still run two separate VLANS to isolate my IOT equipment and I wrote a firewall rule that prevents IOT devices from communicating over the LAN with anything on my other VLAN but this is what resolved it.

Thanks

Hi @benkagan

Sorry, what fixed the issue almost immediately? turning off bandsteering on your IoT network?

disabling “Block LAN to WLAN Multicast and Broadcast Data” on my Unifi system.

Unifi recommends enabling it by default but turning it off on the IOT SSID allowed the HS110 to be recognized within seconds.

As a generalization, I would say that in a corporate environment, this should be turned on. but in a home / IOT environment, it should be off. In corporate, there isn’t usually as much need for broadcast from WLAN back to the network. It just creates unnecessary traffic.

For home where we all have an ever growing amount of IOT things that auto negotiate / auto discover on the network, it is more important to allow that traffic, especially now that more homes have multiple AP’s. You wouldn’t necessarily notice with only a single AP because your Sense and the Kasa plugs may be on the same access point, so they are both getting the same broadcast traffic. But if you have “Block WLAN to LAN” turn on, and your Sense is on one access point, Kasa plugs on another access point, the Sense isn’t getting the broadcast notifications from Kasa if the AP’s are blocking LAN to WLAN.