First Look at UniFi Wireless Access Point
New project — new challenge. For this project I got UAP-AC-Pro, UAP-AC-Lite and UAP-Outdoor+.
How to install and configure them you can easily find on the Ubiquiti website. This post is about the hard way — when you don't buy the full ecosystem and need a custom solution.
I wrote this post after two months of deep research and experiments with UniFi and FreeRadius, FreeRadius with Google Workspace, and also after some bad experience communicating with UniFi support about poor technical documentation and many broken links on their website.
The UniFi community has had similar problems for years — many topics have been locked for more than 8 years without any solution. My solution is currently in the testing stage and should be production ready next month.
Installation and configuration
After all devices are connected you need to configure the whole infrastructure. There are several ways to do it.
UDDT — Ubiquiti Device Discovery Tool (Java or Chrome application). Works fine and can be used for configuring your own home access point.
UNMS — Ubiquiti Network Management System. A Docker-based control panel that can be used for managing internal and external access points.
UCRM — Ubiquiti’s Complete ISP Management Platform. A Java application for ISPs. It does not work without specific Ubiquiti equipment. This software scanned my entire network and found HP and Aruba switches, print servers, and many internal services — but not a single access point. That was confusing.
All configuration was done using UNMS.
root@unms:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cbb649baef7d ubnt/unms:1.3.6 "/usr/bin/dumb-init …" 4 weeks ago Up 3 weeks unms
1858f3ee9c14 ubnt/unms-netflow:1.3.6 "/usr/bin/dumb-init …" 4 weeks ago Up 3 weeks 0.0.0.0:2055->2055/udp unms-netflow
1c10f01cdfa0 ubnt/unms-crm:3.3.6 "dumb-init -- make s…" 4 weeks ago Up 2 weeks 80-81/tcp, 443/tcp, 9000/tcp, 2055/udp ucrm
72b82c88ef08 redis:5.0.5-alpine "docker-entrypoint.s…" 4 weeks ago Up 3 weeks unms-redis
2c178440ace2 ubnt/unms-siridb:1.3.6 "/entrypoint.sh siri…" 4 weeks ago Up 3 weeks (healthy) unms-siridb
93dd516d9853 rabbitmq:3.7.14-alpine "docker-entrypoint.s…" 4 weeks ago Up 3 weeks unms-rabbitmq
3d43c14e08ad ubnt/unms-nginx:1.3.6 "/entrypoint.sh ngin…" 4 weeks ago Up 3 weeks 0.0.0.0:80-81->80-81/tcp, 0.0.0.0:443->443/tcp unms-nginx
5b5adfdc4c7f postgres:9.6.12-alpine "docker-entrypoint.s…" 4 weeks ago Up 3 weeks unms-postgres
8acb4f29d543 ubnt/unms-fluentd:1.3.6 "/entrypoint.sh /bin…" 4 weeks ago Up 3 weeks 5140/tcp, 127.0.0.1:24224->24224/tcp unms-fluentd
BTW, the first experiments were done using UDDT, and after starting UNMS I simply exported and imported the configuration. It worked perfectly.
Device registration
UNMS allows registering external devices, for example access points located outside the internal network. Each access point has SSH access and can be customized.
Login and password: “ubnt”.
uni-int-2-BZ.v4.3.28# mca-cli set-inform http://unms.server.com:8080/inform
After that the device becomes accessible in UNMS and can be adopted.
UNMS highlights
- Half of the functionality does not work without a UniFi Security Gateway.
- The system shows MAC addresses and hostnames, but not the users who are connected.
- Full management is available from the UniFi portal, so you don’t need a direct connection to your internal UNMS.
- Only one guest portal can be configured.
- The integrated guest portal is very powerful, but there is no easy way to customize it — so you either use it as-is or create your own.
- Integrated payment systems cannot be modified and new ones cannot be added.
- All examples of external web portals were removed from the documentation.
API and Development
My solution for a Ubiquiti UniFi External Portal:
github.com/alan-lt/unifi-guest-portal
Two projects that helped me move forward:
Comments
Post a Comment