First look on UniFi Wireless Access Point

New project - new challenge. For this project I got UAP-AC-Pro, UAP-AC-Lite and UAP-Outdoor+. How to install and configure you can easily find on Ubiquiti website. This post is about the hard way, if you don't buy all the equipment and you need a custom solution. This post I write after two month deep research, experiments with Unifi and FreeRadius, FreeRadius and Google Workspace and bad experience communication with Unifi support about bad technical documentation and a lot of broken links in the website. The Unifi community met a similar problem like me, many topics last 8 years waiting in locked threads… My solution now in the test stage and production ready for next month.

Installation and configuration

After all device connected you need configure whole infrastructure, for whose present few ways:

UDDT - Ubiquiti Device Discovery Tool (java or chrome application) - works fine, and can be used for configuring your own home access point.
UNMS - Ubiquiti Network Management System - docker based control panel which can be used for internal and external access point control.
UCRM - Ubiquiti’s Complete ISP Management Platform - java application for ISP. Not work without specific ubiquiti equipment. This software scanned all my network, found HP and Aruba switches, print servers, a lot of internal services, but no one access point. I'm confused.

All configuration I made with UNMS 
root@unms:~# docker ps -a
CONTAINER ID        IMAGE                     COMMAND                  CREATED             STATUS                 PORTS                                            NAMES
cbb649baef7d        ubnt/unms:1.3.6           "/usr/bin/dumb-init …"   4 weeks ago         Up 3 weeks                                                              unms
1858f3ee9c14        ubnt/unms-netflow:1.3.6   "/usr/bin/dumb-init …"   4 weeks ago         Up 3 weeks             0.0.0.0:2055->2055/udp                           unms-netflow
1c10f01cdfa0        ubnt/unms-crm:3.3.6       "dumb-init -- make s…"   4 weeks ago         Up 2 weeks             80-81/tcp, 443/tcp, 9000/tcp, 2055/udp           ucrm
72b82c88ef08        redis:5.0.5-alpine        "docker-entrypoint.s…"   4 weeks ago         Up 3 weeks                                                              unms-redis
2c178440ace2        ubnt/unms-siridb:1.3.6    "/entrypoint.sh siri…"   4 weeks ago         Up 3 weeks (healthy)                                                    unms-siridb
93dd516d9853        rabbitmq:3.7.14-alpine    "docker-entrypoint.s…"   4 weeks ago         Up 3 weeks                                                              unms-rabbitmq
3d43c14e08ad        ubnt/unms-nginx:1.3.6     "/entrypoint.sh ngin…"   4 weeks ago         Up 3 weeks             0.0.0.0:80-81->80-81/tcp, 0.0.0.0:443->443/tcp   unms-nginx
5b5adfdc4c7f        postgres:9.6.12-alpine    "docker-entrypoint.s…"   4 weeks ago         Up 3 weeks                                                              unms-postgres
8acb4f29d543        ubnt/unms-fluentd:1.3.6   "/entrypoint.sh /bin…"   4 weeks ago         Up 3 weeks             5140/tcp, 127.0.0.1:24224->24224/tcp             unms-fluentd
BTW, the first experiments I made with UDDT, and after starting UNMS I just export-import configuration. Perfect.

Device registration

UNMS allows registering external devices, as example, access points located outside of the internal network. Each access point has SSH and can be customized.

Login and password “ubnt”. 
uni-int-2-BZ.v4.3.28# mca-cli set-inform http://unms.server.com:8080/inform
After device will accasable in UNMS and can be adopted.

UNMS highlights

  • Half of functionality does not work without Unifi Security Gateway.
  • System shows mac addresses and hostnames, but not users who connected.
  • Full management from unifi portal, you no need direct connection to your internal UNMS.
  • Only one guest portal can be configured.
  • Very powerful integrated guest portal, but don't have an easy way for customisation, so use as-is or write your own.
  • Integrated payment systems can not be modified and you can’t add new one.
  • All examples of external web portals were removed from documentation.

API and Development

Two projects, who very helped move forward.

https://github.com/kaptk2/portal
https://github.com/Art-of-WiFi/UniFi-API-client

Comments

Post a Comment

Popular posts from this blog

FreeRadius and Google Workspace LDAP

This is the first time when I used FreeRadius, this program reminds me of Postfix, I mean similar complicated and powerful tool. Only one big difference - very bad documentation and not enough examples. In the maillists a lot of questions without answers from FreeRadius guru. Here I provided examples of how I solved some problems or where I took too much time…
Read more

pssh (parallel-ssh) problems on Debian 10 with Python 3.7

Python reminds me of PHP many years ago with totally incompatible versioning on one server. Do you need another version? The best way - new servers, because any update or installation can break all global environments. Half a year after “Sunsetting Python 2” but main distributions continue to push python2 during installation and it’s a big challenge not to replace the default version after some update or installing a new package.
Read more