



I recently decided to upgrade on my office WiFi from a basic wireless router setup in bridging mode to an actual access point with some more advanced features.

What I ended up deciding to get was a Ubiquiti setup using the UniFi controller software and a UAP-AC access point (AP).

So far, it’s been an awesome setup…



UniFi Controller

For the UniFi controller software, I decided to try and get it up and running on a Linux (CentOS) VM I have running… After doing a little googling, I was able to find some easy instructions for getting everything setup. You can check them out, here. For a full list of installation instructions from the UBNT Community, check them out. They have instructions for a bunch of systems, including Raspberry Pi, Windows and various Linux configurations.

You will want to make sure any instructions you follow use the latest version of the UniFi software. The instructions I used point to an older version of the UniFi software. But just update the version number in the wget call to download the latest UniFi zip package (currently version 3.2.10).

Also, I had issues getting the controller to detect the AP. It turns out I was missing a rule in my iptables configuration. The rules listed below should be all you need. If you are installing the controller on a windows system, you may have to make changes or turn off the Windows firewall as well. The last rule, for UDP port 10001, is specifically for AP discovery.

If you are having issues with the controller finding your APs, turning off iptables to see if they are picked up is an easy place to start. That’s how I originally discovered I was missing the UDP rule.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8081 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 8843 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 8880 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 27117 -j ACCEPT -A INPUT -p udp -m udp --dport 10001 --sport 10001 -j ACCEPT -A INPUT -p udp -m udp --dport 3478 --sport 3478 -j ACCEPT

I’ve done some reading but haven’t actually tested this; in some cases UDP port 3478 needs to be open. I didn’t have it open, and things seemed to configure and run just fine. But in some cases, it may need to be. I’ve generally seen this in relation to cloud controller configurations. But it’s identified as being used for STUN services, so you may or may not need it.

The Ubiquiti community is pretty much the main source of information for all things Ubiquiti. They have information on lots of configuration options and instructions to do pretty much anything you want; you just have to do a little hunting for it. UBNT Community

UBNT Knowledge Base



You need the UniFi software to configure and manage the APs (there is no built in GUI on the APs). You can connect to the APs via SSH and do some configurations. Honestly, I haven’t jumped into that at all, and I hope to never have to. If you want to know more about the SSH interface on the APs, check out the UBNT Community.

Once the APs are configured, they will run without the controller, but you wont get statistics, and things like guest portals wont work. So it’s best to setup a VM or get some light weight dedicated hardware to run the controller software on. Or, if you are in a really small office, or only need to configure the AP and then leave it alone, you can use a Windows or Mac computer to do the configuration.

This can pose some complications for consultants and other groups trying to use these systems at client installations, since you need the controller for configuration. You can backup configurations and import/export them from the controllers, or the latest software lets you configure different sites, so you can setup all of your clients on one system and have them listed as different sites. Still not as easy as being able to connect to each AP individually, but it’s more “enterprise” to need the controller, and hey, it works on Linux, so it can be cheap to setup. So I definitely recommend an on-site controller if you plan to use these, not mandatory, but definitely a better option.

UniFi Features

The Ubiquiti UniFi software offers quite a lot of features… One thing I really like about Ubiquiti in general is that their software is usually really feature rich and offers a lot of bang for your buck, maybe not right out of the gate, but within a few releases they usually have more features than a lot of competitors at a substantially lower cost. Something that is perfect for SOHO style setups or generally any small to medium sized businesses. Once their software has been out for a bit, I’d say they would work for any business, small or large. This was something that was definitely true with their EdgeRouter software; with v1 you had to do a lot of things at the command line, now, there is very little you need to do from the command line, unless you want to, and the system is REALLY stable.

A lot of the posts you see about missing features or stuff not working correctly are old posts from a few years ago. The newer versions of software have a lot of the kinks worked out, and everything I had concerns about, or read peoples concerns about, have been laid to rest in the later software versions (currently version 3.2.10).

So, a short list of some of the out of the box features I like (this wont be too in-depth, just highlighting a few things I think are nice)…

WLAN Groups and WLANs

You can configure multiple WLAN groups and in each group have multiple WLANs… Giving you a lot of options. Maybe you have some APs in an office space and one in a lobby, you can have internal networks on the office APs and public access on the lobby APs, all configured on the same controller. This really gives you options to what networks are available where and what types of services those networks offer.

Guest Control / Hotspots

Another great feature is, out of the box, the controller software offers a bunch of options for guest access, including PayPal integration for paid access. The simple options listed are, No authentication (an open network), Simple Password (a password is required to access the quest network), a Hotspot (including a voucher system and PayPal integration), as well as external portal option that allows you to use an external portal that is off of the controller system (generally a custom or 3rd party system).

Also mixed in with the system for guest access is a Hotspot manager, basically a secondary admin portal that can be used for issuing vouchers, and managing connected guest users. Finding how to access this from the admin is a little hard, I only stumbled upon it. To get to it (make sure hotspot access is enabled or you wont see the option) you login to the controller then go to Settings > Guest Control > then click on the “Hotspot Operator” link. Or you can go to the page directly using the url, https://{IP_ADDRESS}:8443/hotspot.

This feature is something that is generally only found on much more expensive hardware/software packages. So this is a really awesome addition. If you are just using these at home, you probably wont have any need for this, but it’s definitely nice to have.

When the guest network is accessed, depending on the options you have selected, this is what the user will see if you have the hostspot activated.

The page that is displayed is slightly dynamic based on the options you have selected in the Admin… But you can also customize the page by enabling Portal Customization in the config. Then on the server you can access the portal html files under the sites. For my installation, on Linux, the customization files are found here, /opt/UniFi/data/sites/{SITE_NAME}/portal.

Once you find the files, it’s just a matter of updating the html/css/images, etc and the changes will be immediately visible to clients that are trying to connect.

Also, if you noticed, the portals are broken up by site. This means you can have a different portal for each site you have configured.

Logging & Statistics

The controller also provides some basic statistics as well as SNMP v1 and syslog support (configurable at the site level). These are nice features, especially if you have a lot of APs and are worried about one of them going down, etc.

Insights

The controller/APs also offer what they are calling “Insights.” This provides details on known wireless clients, rouge APs, past connections and past guest authorizations.

This is pretty nice for monitoring your network, especially if you are in a corporate environment… The above picture is a shot of the Rogue Access Points near me.

UniFi UAP AC

I decided to just go for it and get the latest and greatest AP, the UniFi UPA AC, it has 2.4 GHz and 5 GHz radios, supports 802.11 a/b/g/n/ac (pretty much every standard out there) and touts 1300 Mbps throughput on the 5 GHz channel and 450 Mbps on the 2.4 GHz channel.

The AP also has color indicator lights on the top, they are a nice touch. They are not super bright, but you can see them. The indicator has 6 primary states; Flashing White – Initializing, Steady White – Factory default waiting to be integrated, Alternating White/Blue – Device is busy (don’t unplug), Quickly Flashing Blue – Used as a locator to identify the AP from the controller, Steady Blue – Device has been integrated and is working, and finally Steady Blue with Occasional Flashing – Device is in an isolated state (waiting for an up-link).

So far, the AP has worked great, plugged it in, got it provisioned in the controller… and it’s been working, and working fast! Overall, it’s a great upgrade over the wireless router I was using as an AP before; it has a lot more features and is much faster.

If you are looking for enterprise quality WiFi at pretty darn affordable prices, I’d say these are a no-brainier! And if you don’t need all the speed of the latest AC WiFi standards, they offer other APs that you can get for as low as about $70 USD on the low end to the more powerful pro models for around $200 USD.

Overview

The Ubiquiti UniFi software coupled with the UniFi APs provide a robust set of enterprise level features at a fraction of the cost of it’s competitors. In my mind, Ubiquiti puts out some really great hardware and has ever evolving and improving software that is feature rich and powerful.

Their documentation is a little lacking, with most features needing to be explained by the Ubiquiti Community, but the community is manned by many experts and Ubiquiti employees, so finding answers is usually just a quick search away.

If you are more technical and want enterprise level products at good prices, Ubiquiti is hands down my go to choice.

If you have any questions or want to know anything about any features, just let me know!