This document specifies a multi-modal, zero-latency, offline-capable community gate access system built on the UniFi Access ecosystem, augmented by an industrial Raspberry Pi Compute Module 4 (CM4) edge-compute node that guarantees sub-10ms gate response regardless of internet or LAN connectivity.
Traditional community gate systems rely on a single access method — typically a keypad PIN or a proprietary RFID fob. When that method fails (dead battery, lost fob, snow-covered license plate), residents are locked out. Commercial solutions from vendors like DoorKing, LiftMaster myQ Community, or ButterflyMX solve this with multi-modal access but carry $15,000–$25,000+ installation costs and $200–$500/month recurring cloud subscriptions.
This system delivers four independent entry methods — any one of which can open the gate autonomously — for a one-time hardware cost of approximately $2,500–$2,700 with zero recurring cloud subscriptions. All processing happens on-premises. The industrial CM4 edge node uses soldered 8GB onboard eMMC storage (no fragile SD cards), ensuring the system survives years of unattended outdoor operation.
| Priority | Modality | Device Flow | Latency | WAN Offline (No Internet) | LAN Offline (No Console) | Failure Scenario It Solves |
|---|---|---|---|---|---|---|
| 1st | UHF RFID (Sticker) | Wiegand Reader → CM4 Edge → Hub REX | <10ms | ✅ Works | ✅ Works (CM4 Cache) | Snow packs on plate; LPR blind. |
| 2nd | License Plate (LPR) | UVC-AI-LPR → UniFi Console → Hub | ~1–3s | ✅ Works | ❌ Fails | Sticker failure; long-range auditing. |
| 3rd | QR / Face ID | UA-Intercom → UA-Hub-Gate | ~1–2s | ✅ Works | ✅ Works (Hub Cache) | Walk-ins, cyclists, maintenance. |
| 4th | Keypad PIN | UA-Intercom → UA-Hub-Gate | ~1s | ✅ Works | ✅ Works (Hub Cache) | Rental cars, guests, delivery. |
Note
Edge Survivability: Because UniFi is locally hosted, all four modalities function perfectly during a standard ISP internet outage. The "LAN Offline" column strictly refers to a catastrophic scenario where the physical network uplink from the gate to the primary building is severed. Even in this "islanded" state, the UA-Hub-Gate's internal cryptographic cache ensures PINs, QR codes, and Faces continue to work autonomously, alongside the industrial offline UHF CM4 system.
| This System | Commercial (DoorKing / ButterflyMX) | |
|---|---|---|
| Hardware Cost | ~$2,500–$2,700 | $15,000–$25,000+ |
| Monthly Subscription | $0 | $200–$500/mo |
| 3-Year Total Cost | ~$2,700 | $22,200–$43,000 |
| Offline Gate Access | ✅ UHF (milliseconds) | ❌ Most require cloud |
| Entry Methods | 4 (UHF, LPR, Face/QR, PIN) | 2–3 typical |
| Vendor Lock-In | Low (standard Wiegand + PoE) | High (proprietary) |
This diagram illustrates the "One Boss" rule: only the UA-Hub-Gate is wired to the LiftMaster gate motors. All other systems — AI cameras, CM4 relay, intercom — trigger the Hub, which owns the physical lock relay to the motor.
---
config:
theme: dark
flowchart:
rankSpacing: 60
nodeSpacing: 40
---
flowchart TD
subgraph CLOUD["☁️ Cloud / Software Layer"]
UNIFI["UniFi Access\n(User DB · LPR · Scheduling)"]
HA["Home Assistant\n(Audit Ledger · Automations)"]
end
subgraph BOXA["📦 Box A — Edge Infrastructure"]
ISW["USW-Industrial\n(430W PoE++ Switch)"]
HUB_E["UA-Hub-Gate\nENTRY ★"]
HUB_X["UA-Hub-Gate\nEXIT"]
CM4["CM4 Industrial\nEdge Node"]
RLY["Opto Relay"]
SPLIT["12V PoE\nSplitter"]
end
subgraph FIELD["🏗️ Field Devices"]
LPR["UVC-AI-LPR\n(25.5W)"]
BULLET["AI Bullet\n(Context Cam)"]
INTCM["UA-Intercom\n(PIN / QR / Face)"]
UHF(["UHF Wiegand\nReader (IP67)"])
M1(["Entry\nLiftMaster"])
M2(["Exit\nLiftMaster"])
AP["U6-Mesh\nAP"]
end
UNIFI <-->|"Integration"| HA
CM4 -->|"API Sync\n(10 min cron)"| UNIFI
CM4 -->|"MQTT\n(audit events)"| HA
ISW -->|PoE++| HUB_E
ISW -->|PoE++| HUB_X
ISW -->|PoE| BULLET
ISW -->|PoE| AP
ISW -->|PoE| CM4
ISW -->|PoE| SPLIT
HUB_E -->|PoE Out| LPR
HUB_E -->|PoE Out| INTCM
SPLIT -->|"12V"| UHF
LPR -->|"Plate Match"| UNIFI
INTCM -->|"PIN/QR/Face"| UNIFI
UHF -->|"Wiegand USB"| CM4
CM4 --> RLY
RLY ==>|"REX"| HUB_E
HUB_E ==>|"Lock Relay"| M1
HUB_X ==>|"Lock Relay"| M2
classDef cloud fill:#1a2e4a,stroke:#4FC3F7,color:#B3E5FC,stroke-width:2px
classDef unifi fill:#0d3b66,stroke:#4FC3F7,color:#B3E5FC,stroke-width:2px
classDef edge fill:#1a3a1a,stroke:#66BB6A,color:#A5D6A7,stroke-width:2px
classDef motor fill:#3d1111,stroke:#cc3333,color:#ff9999,stroke-width:2px
classDef field fill:#2e2e1a,stroke:#FFA726,color:#FFE0B2,stroke-width:2px
class UNIFI,HA cloud
class ISW,HUB_E,HUB_X unifi
class CM4,RLY,SPLIT edge
class M1,M2 motor
class LPR,BULLET,INTCM,UHF,AP field
Legend: 🔵 Blue = UniFi hardware · 🟢 Green = Edge compute · 🔴 Red = Motors · 🟠 Orange = Field devices
This diagram details the power distribution and data isolation architecture within Box A. The USW-Industrial's 430W PoE++ budget powers everything. The Hub-Gate Entry's 55W passthrough feeds both the AI-LPR (25.5W) and Intercom (13W) directly — no midspan injector needed. The UHF subsystem is electrically isolated from the CM4 via the Wiegand-to-USB converter's optical barrier.
---
config:
theme: dark
flowchart:
rankSpacing: 50
nodeSpacing: 30
---
flowchart LR
subgraph POWER["⚡ Power Distribution"]
UPLINK["Repeater\n(Uplink)"] --> ISW["USW-Industrial\n430W PoE++ Budget"]
end
subgraph HUB_POWER["Hub-Gate Entry — 55W Passthrough"]
ISW -->|"PoE++ (60W)"| HUB["UA-Hub-Gate\nEntry"]
HUB -->|"PoE Out\n25.5W"| LPR["UVC-AI-LPR"]
HUB -->|"PoE Out\n13W"| INTCM["UA-Intercom"]
end
subgraph DIRECT_POE["Direct PoE from ISW"]
ISW -->|"PoE (15W)"| BULLET["AI Bullet"]
ISW -->|"PoE (10W)"| AP["U6-Mesh AP"]
end
subgraph UHF_SUBSYSTEM["🔒 UHF Edge Subsystem — Electrically Isolated"]
ISW -->|"PoE (12W)"| CM4_BB["CM4 PoE\nBaseboard"] --> CM4["CM4 Edge\n(8GB eMMC)"]
ISW -->|"PoE (24W)"| SPLIT["PoE+ to 12V\nDC Splitter"]
SPLIT -->|"12V/2A\n(18/6 cable)"| UHF(["UHF Wiegand\nReader"])
UHF -->|"Wiegand D0/D1\n(18/6 cable)"| W2U["Wiegand-to-USB\n⚡ OPTICAL ISOLATION ⚡"]
W2U -->|"/dev/ttyUSB0\n(Native USB-A)"| CM4
end
subgraph TRIGGER["🔌 Gate Trigger Path"]
CM4 -->|"3.3V GPIO"| RLY["Opto Relay"]
RLY -->|"Dry Contact\n(6″ wire)"| REX["Hub-Gate\nREX Terminal"]
REX ==>|"Lock Relay\n(18/2 shielded)"| MOTOR(["LiftMaster\nMotor"])
end
classDef power fill:#1a2e4a,stroke:#4FC3F7,color:#B3E5FC,stroke-width:2px
classDef isolated fill:#2e1a1a,stroke:#FF7043,color:#FFCCBC,stroke-width:2px
classDef safe fill:#1a3a1a,stroke:#66BB6A,color:#A5D6A7,stroke-width:2px
class ISW,HUB,UPLINK power
class UHF,W2U,SPLIT isolated
class CM4,CM4_BB,RLY,REX,MOTOR safe
Power Math: Hub-Gate Entry PoE++ input (60W) → passthrough to LPR (25.5W) + Intercom (13W) = 38.5W of 55W budget used (70% utilization, well within safe margins).
The CM4 maintains a local offline cache by periodically pulling the user database from UniFi Access.
When a vehicle approaches, the UHF reader fires a Wiegand signal that the CM4 resolves against its local cache in under 10ms — completely independent of network connectivity.
sequenceDiagram
autonumber
box rgb(26, 58, 26) Phase 1 — Background Sync (Cron · 10 min)
participant CRON as CM4 Cron Job
participant UNIFI as UniFi Access API
participant DB as SQLite on tmpfs
end
box rgb(26, 26, 74) Phase 2 — Zero-Latency Access Event
participant TAG as Windshield Tag
participant UHF as UHF Reader
participant W2U as Wiegand-to-USB
participant CM4 as CM4 Edge Node
participant RLY as Opto Relay
participant HUB as Hub-Gate Entry
participant MOTOR as LiftMaster
participant HA as Home Assistant
end
Note over CRON,DB: Phase 1 — Sync runs every 10 minutes
CRON->>UNIFI: GET /api/v1/developer/users
UNIFI-->>CRON: JSON (all user profiles)
CRON->>CRON: Extract EPCs from Notes/Employee ID
CRON->>DB: UPSERT tag_cache (epc → user)
Note over TAG,HA: Phase 2 — Vehicle approaches gate
TAG-->>UHF: RF backscatter (EPC Gen2)
UHF->>W2U: Wiegand D0/D1 (50µs pulses)
W2U->>CM4: Serial frame via /dev/ttyUSB0
CM4->>DB: SELECT user WHERE epc = ?
DB-->>CM4: Match: "John Doe, Unit 42"
CM4->>RLY: GPIO HIGH (3.3V, 500ms pulse)
RLY->>HUB: Dry contact closes REX terminal
HUB->>MOTOR: Lock relay energizes
Note over MOTOR: Gate opens in <10ms from tag read
CM4-->>HA: MQTT async (fire-and-forget)
Note over HA: {"event":"gate_access",<br/>"user":"John Doe",<br/>"unit":"42",<br/>"tag":"EPC123...",<br/>"status":"Granted"}
Every cable run in the system, documented for the electrician.
| Cable ID | Origin Device | Origin Port | Destination Device | Destination Port | Cable Type | Notes |
|---|---|---|---|---|---|---|
| C-01 | Repeater (West) | RJ45 | USW-Industrial (Box A) | Port 1 | Cat6 (outdoor) | Single uplink; ISW distributes PoE locally |
| C-02 | USW-Industrial | PoE++ Port 2 | UA-Hub-Gate Entry | PoE In | Cat6 (patch, in-box) | 60W PoE++ to Hub |
| C-03 | USW-Industrial | PoE++ Port 3 | UA-Hub-Gate Exit | PoE In | Cat6 (patch, in-box) | 60W PoE++ to Hub |
| C-04 | Hub-Gate Entry | PoE Out 1 | UVC-AI-LPR | PoE In | Cat6 (outdoor, shielded) | 25.5W passthrough; Hub must see LPR for Access unlock |
| C-05 | Hub-Gate Entry | PoE Out 2 | UA-Intercom | PoE In | Cat6 (local) | 13W; combined with C-04 = 38.5W of 55W budget |
| C-06 | USW-Industrial | PoE Port 4 | AI Bullet Camera | PoE In | Cat6 (outdoor) | Context camera — mandatory for LPR Night Mode |
| C-07 | USW-Industrial | PoE Port 5 | U6-Mesh AP | PoE In | Cat6 (local) | Mount AP outside Box A (polycarbonate blocks Wi-Fi) |
| C-08 | USW-Industrial | PoE Port 6 | CM4 PoE Baseboard | RJ45 In | Cat6 (patch, in-box) | Native PoE power + Ethernet for CM4 |
| C-09 | USW-Industrial | PoE Port 7 | 12V PoE Splitter | RJ45 In | Cat6 (patch, in-box) | Splitter outputs 12V/2A for UHF reader |
| C-10 | 12V PoE Splitter | 12V Barrel Out | UHF Wiegand Reader | 12V Power In | 18/6 Shielded Direct-Burial | Pair 1: 12V+/GND. 50–100ft outdoor run |
| C-11 | UHF Wiegand Reader | Wiegand D0/D1 | Wiegand-to-USB Converter | Wiegand In | 18/6 Shielded Direct-Burial | Pair 2: D0/D1. Same 18/6 cable as C-10 |
| C-12 | Wiegand-to-USB | USB Out | CM4 PoE Baseboard | USB-A Port | USB Cable (6", in-box) | Plugs natively into CM4 carrier board |
| C-13 | CM4 PoE Baseboard | GPIO Pin | Opto Relay Module | Signal In | Jumper wire (6", in-box) | 3.3V trigger, 500ms pulse |
| C-14 | Opto Relay Module | NO/COM | Hub-Gate Entry | REX Terminal | 18 AWG (6", in-box) | Dry contact; "Request to Exit" signal |
| C-15 | Hub-Gate Entry | Lock Relay | Entry LiftMaster | Trigger In | 18/2 Shielded | Dry contact to motor controller |
| C-16 | Hub-Gate Exit | Lock Relay | Exit LiftMaster | Trigger In | 18/2 Shielded Direct-Burial | Long run (verify distance); dry contact |
Note
C-10 and C-11 share the same physical 18/6 cable. The 18/6 cable carries 3 pairs: Pair 1 = 12V power (C-10), Pair 2 = Wiegand D0/D1 (C-11), Pair 3 = Shield/Ground.
| Item | Qty | Est. Cost | Notes |
|---|---|---|---|
UniFi Industrial Switch (USW-Industrial) |
1 | ~$429 | 430W PoE++ budget; hardened; lives in Box A |
UniFi Access Hub Gate (UA-Hub-Gate) — Entry |
1 | $279 | Primary brain; 55W passthrough; REX + Lock Relay; wired to entry motor |
UniFi Access Hub Gate (UA-Hub-Gate) — Exit |
1 | $279 | Scheduled controller; no readers; wired to exit motor |
| UniFi U6-Mesh AP | 1 | — | ✅ Already owned; mounted outside Box A |
| Item | Qty | Est. Cost | Notes |
|---|---|---|---|
UniFi AI LPR (UVC-AI-LPR) |
1 | ~$499 | 4K LPR bullet; 3× zoom; glare-cut filter; 50ft IR; 25.5W PoE+ |
| UniFi AI Bullet Camera | 1 | — | ✅ Already owned; mandatory context cam (LPR Night Mode) |
UniFi Access Intercom (UA-Intercom) |
1 | ~$299 | Keypad PIN, QR codes, Face ID; 13W |
| UniFi Intercom Pedestal Mount | 1 | ~$149 | Official Ubiquiti adapter plate; 42"–48" driver window height |
| Item | Qty | Est. Cost | Notes |
|---|---|---|---|
| Commercial Integrated UHF Wiegand Reader | 1 | ~$200 | IP67; built-in 9 dBi antenna; 12V input; Wiegand D0/D1 output |
| Raspberry Pi Compute Module 4 (CM4) | 1 | ~$45 | Industrial edge compute; 8GB onboard eMMC (no SD card) |
| CM4 Industrial PoE Baseboard | 1 | ~$45 | Carrier board; native PoE power, RJ45, USB-A, GPIO breakout |
| Wiegand-to-USB Converter | 1 | ~$15 | Optical isolation + dedicated MCU for 50µs timing |
| Gigabit PoE+ to 12V DC Splitter | 1 | ~$15 | Powers UHF reader via 18/6 cable |
| 3.3V-to-5V Opto-Isolated Relay Module | 1 | ~$5 | Bridges CM4 GPIO to Hub-Gate REX terminals |
| Passive UHF EPC Gen2 Windshield Tags | 100+ | ~$80 | Tamper-evident; non-transferable |
| Item | Qty | Est. Cost | Notes |
|---|---|---|---|
| XL Polycase HD NEMA 4X (≈20"×16"×8") | 1 | ~$150 | Light Gray (RAL 7035) — thermal requirement |
| IP68 Gore-Tex Breather Vent | 1 | ~$10 | Bottom-mounted; prevents condensation |
| DIN Rail + Mounting Hardware | 1 set | ~$25 | Inside Box A; includes bracket for CM4 baseboard |
| Weatherproof Cable Glands | 4+ | ~$15 | Cable entry/exit |
| 18/2 Shielded Direct-Burial Cable | 1 run | ~$25 | Exit Hub → Exit LiftMaster |
| 18/6 Shielded Direct-Burial Cable | 1 run | ~$25 | UHF Reader ↔ Box A (power + data + shield) |
| Category | Estimate |
|---|---|
| Subsystem 1 — Core Gate Controllers | ~$987 |
| Subsystem 2 — Multi-Modal UniFi Peripherals | ~$947 |
| Subsystem 3 — Industrial UHF Edge Compute | ~$405 |
| Subsystem 4 — Power, Enclosures & Weatherproofing | ~$250 |
| Total System Cost | ~$2,589 |
Commercial equivalent: $15,000–$25,000+ with $200–$500/month recurring subscription fees. This system pays for itself within 6 months of avoiding a single commercial contract, and requires zero cloud subscriptions.
The Pi Zero 2 W has only one Micro-USB data port. Connecting a PoE/Ethernet adapter consumes it, leaving no port for the Wiegand-to-USB converter without a USB hub. The CM4 + Industrial PoE Baseboard provides native PoE power, RJ45 Ethernet, USB-A ports, and GPIO breakout — all on a single carrier board with industrial onboard eMMC storage. No SD cards, no USB hubs, no adapter chains.
The Retrofit Hub supports native Wiegand input and would eliminate the CM4 entirely. But: it is rated for indoor use only (14°F to 104°F). Inside a sealed box in Colorado sun, it will overheat. The UA-Hub-Gate + CM4 + REX relay architecture keeps everything safe inside the Light Gray NEMA 4X enclosure with passive ventilation.
Ubiquiti does not expose an endpoint to inject custom log events or attribute user identity via API. Triggering via API also introduces network latency (1-second delay = cars stop). The 2-wire REX relay opens the gate in milliseconds. CM4 owns the zero-latency physical trigger; Home Assistant owns the audit log.
The built-in HA UniFi integrations do not expose user profile custom fields (Notes, Employee ID). The CM4 must query the UniFi Access API directly to extract UHF EPCs from user profiles.
┌─────────────────────────────────────────────────┐
│ BOX A — LIGHT GRAY (RAL 7035) NEMA 4X │
│ (Entry log structure, 20"×16"×8") │
│ │
Uplink (from Repeater) ──► USW-Industrial Switch │
│ ├─ PoE++ → UA-Hub-Gate (ENTRY) │
│ │ ├─ PoE Out → AI-LPR Camera ─────────────┼──► (log structure)
│ │ ├─ PoE Out → UA-Intercom ───────────────┼──► (pedestal)
│ │ ├─ REX ◄── relay (6" wire, inside box) │
│ │ └─ Lock Relay ──────────────────────────┼──► Entry LiftMaster
│ ├─ PoE++ → UA-Hub-Gate (EXIT) │
│ │ └─ Lock Relay ──────────────────────────┼──► 18/2 ──► Exit LiftMaster
│ ├─ PoE → AI Bullet Camera ─────────────────┼──► (mounted on structure)
│ ├─ PoE → U6-Mesh AP ───────────────────────┼──► (mounted outside box)
│ └─ PoE → 12V PoE Splitter ─────────────────┼──► 12V out → 18/6 to UHF Reader
│ │
│ CM4 + PoE Baseboard (native PoE + ETH + USB) │
│ ├─ USB-A ◄── Wiegand-to-USB converter ◄─────┼── 18/6 from UHF Reader
│ └─ GPIO → Opto Relay → Hub-Gate REX │
└─────────────────────────────────────────────────┘
UHF Reader (gate structure, IP67 weatherproof):
├── 12V power ◄── 18/6 from Box A (PoE splitter)
├── Wiegand D0/D1 ──► 18/6 to Box A (Wiegand-to-USB converter)
└── Built-in 9 dBi antenna reads windshield tags
| System | Role |
|---|---|
| UniFi Access | User management, LPR/Face/QR/PIN auth, gate scheduling, safety interlock |
| CM4 Edge Node | UHF Wiegand decode + offline validation + REX relay trigger + MQTT audit emitter + UniFi API sync |
| Home Assistant | Master audit log + automation (e.g., driveway lights on specific resident) + remote gate button for guests |