Download Ubiquiti UAP Access Point Firmware 4.0.80.10875 (Router / Switch / AP). This is a hot fix release for 4.0.69 and does not contain changes made in 4.0.70-4.0.79. Bugfixes: - HW Limit MAC addresses from being reported when analytics are enabled. USW Revert changes from 4.0.69. Ubiquiti free download - Ubiquiti UniFi, Ubiquiti airMAX AC Toolkit, Ubiquiti MAC Address Changer, and many more programs.
- Unifi Controller Download For Mac
- Unifi Controller 4.0 3 Download Mac Os
- Unifi Controller 5.6.42 Download
- Download Ubiquiti UVC-Dome IP Camera Firmware 3.4.0 (Network / IP / NVR / Surveillance / Baby Camera). Timeline only works on recordings made with UniFi Video 3.2+. It will not show recordings made with 3.1.x. UVC Pros have issues at higher FPS, for accurate recordings, use 25FPS.
- UniFi - 3.2.10-GA is the latest official General Availability Release. NOTE: Make sure you always do a backup before any updates, especially if you plan to upgrade your existing installation. Release Note Feature Added CTRL - Add multiple accounting server support for 802.1x/WPA2 Enterprise.
- Version 4.0.21 or lower; versions between 4.0.48 and 4.3.13.11253; An example working setup consists of a UAP AC Lite device running firmware version 4.0.54 and UniFi Network Controller version 5.11.39. Known issues – firmware 4.0.42. Access point firmware version 4.0.42 is known to NOT work with captive portal solutions, Social WiFi included.
Last revised 21 November 2017.
- Upgrading
- Tuning Setup
A number of people reached out asking how to configure the Unifi software and access points to work with my pfSense guide so here it is. The Unifi controller does not need to be running continuously for basic Unifi access point configuration, you can run it when needed on a Mac, Linux or Windows based desktop although to make use of some of the advanced logging and telemetry functionality it does need to be running constantly and collecting data from associated access points. I’ve run the Unifi software in a Debian virtual machine on ESXi successfully for a couple of years now. The VM doesnt require a lot of resources, mine is configured as follows:
- Linux Debian 9 64bit
- 1 CPU
- 2GB RAM
- 16GB HD
- single 1gbps VL10_MANAGEMENT network connection
To support full functionality of the Unifi software, make sure that you can access the root account via SSH, the hostname is set and DNS, DHCP and NTP all function.
Connect the unifi access points to your Vl10_MANAGEMENT network, either directly to a PoE switch or making use of one of the included PoE injectors. Make sure to use good quality Cat5e cable, preferably solid core copper if using PoE to ensure adequate current carrying capacity and robust operation. Watch out for stranded and CCA (Copper Clad Aluminum) which are lesser quality.
Install prerequisites
ssh into your Debian VM and log into the root account to perform the following installation steps.
Add Ubiquiti Unifi repository
Pick one of the following repositories:
- deb http://www.ubnt.com/downloads/unifi/debian oldstable ubiquiti
- deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti
- deb http://www.ubnt.com/downloads/unifi/debian testing ubiquiti
Further details on versions are available on the Unifi community forums. This guide will use the testing branch which at the time of writing this guide covers v5.6.19, the last verison of the 5.6 branch.
echo 'deb http://www.ubnt.com/downloads/unifi/debian testing ubiquiti' | tee /etc/apt/sources.list.d/100-ubnt.list
Fetch GPG key
apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
Install Unifi package
This will download and install a number of required packages, verify this completes successfully before proceeding.
start Unifi
Enable unifi to start automatically at boot
and verify the service started correctly by entering
systemctl status unifi
Disable default Mongodb instance
Unifi will start its own version of MongoDB so we can and should disable the default instance from running at boot
Open a browser and head to https://
Go to Settings / Wireless Networks, click Create New Wireless Network and configure following:
8. If you get URL similar to this one on the client device ( IP address instead wifihotspot.io domain)
Click +New Wireless Network
- Name/SSID = WIFI-MGMT
- Enabled = [x]
- Security = WPA Personal
- Security key = reallyreallyreallysecurepassword
- Guest policy = [ ]
Open Advanced options and set
- Multicast and broadcast filtering = [ ] (see this section for further details)
- VLAN = [ ] this is untagged native network
- VLAN ID = [ ]
- Enable fast roaming = [ ]
- Hide SSID = [ ]
- WPA Mode = WPA2 Only
- Encryption = AES/CCMP Only
- Group rekey interval = 3600
- User group = Default
- UAPSD = [ ]
- Scheduled = [ ]
- Multicast Enhancement [ ]
802.11 rate and beacon controls = default
Mac filter = default
Radius mac authentication = default
Mac filter = default
Radius mac authentication = default
Click Save
VPN network configuration
Click +New Wireless Network
- Name/SSID = WIFI-VPN
- Enabled = [x]
- Security = WPA Personal
- Security key = securepassword
- Guest policy = [ ]
Open Advanced options and set
- Multicast and broadcast filtering = [ ] (see this section for further details)
- VLAN = [x]
- VLAN ID = [20]
- Enable fast roaming = [ ] this is known to cause some issues currently
- Hide SSID = [ ] no additional security
- WPA Mode = WPA2 Only
- Encryption = AES/CCMP Only
- Group rekey interval = 3600
- User group = Default
- UAPSD = [ ]
- Scheduled = [ ]
- Multicast Enhancement [ ]
802.11 rate and beacon controls = default
Mac filter = default
Radius mac authentication = default
Mac filter = default
Radius mac authentication = default
Click Save
Clearnet configuration
Click +New Wireless Network
- Name/SSID = WIFI-CLRNET
- Enabled = [x]
- Security = WPA Personal
- Security key = adifferentsecurepassword
- Guest policy = [ ]
Open Advanced options and set
- Multicast and broadcast filtering = [ ] (see this section for further details)
- VLAN = [x]
- VLAN ID = [30]
- Enable fast roaming = [ ]
- Hide SSID = [ ]
- WPA Mode = WPA2 Only
- Encryption = AES/CCMP Only
- Group rekey interval = 3600
- User group = Default
- UAPSD = [ ]
- Scheduled = [ ]
- Multicast Enhancement [ ]
802.11 rate and beacon controls = default
Mac filter = default
Radius mac authentication = default
Mac filter = default
Radius mac authentication = default
Click Save
Guest configuration
My guest network is firewalled on the pfSense router and I don’t limit bandwidth for users of the guest network either as I make use of the guest network as a failover network from time to time. Due to these reasons I don’t apply guest policy in the configuration below. Its possible to limit bandwidth and provide access via a portal, I may add these as an addendum to this guide later if theres demand.
Click +New Wireless Network
- Name/SSID = WIFI-GUEST
- Enabled = [x]
- Security = WPA Personal
- Security key = adifferentpassword
- Guest policy = [ ]
Open Advanced options and set
- Multicast and broadcast filtering = [ ] (see this section for further details)
- VLAN = [x]
- VLAN ID = [40]
- Enable fast roaming = [ ]
- Hide SSID = [ ]
- WPA Mode = WPA2 Only
- Encryption = AES/CCMP Only
- Group rekey interval = 3600
- User group = Default
- UAPSD = [ ]
- Scheduled = [ ]
- Multicast Enhancement [ ]
Unifi Controller Download For Mac
802.11 rate and beacon controls = default
Mac filter = default
Radius mac authentication = default
Mac filter = default
Radius mac authentication = default
Click Save
How to download text tones on mac. After clicking Save, your wireless networks page should look like this
Configure Services
Configure NTP
In order for access point firmware updates to take place easily from within the web client, we need to an accurate time set. Navigate to Services > NTP and configure the NTP servers. All my devices sync with my pfSense router hence the 192.168.10.1 address.
Controller
Controller settings
Make sure the controller name is set correctly as per your hostname record, in my case of Unifi2
- Controller name = Unifi2 as per your host name
- Controller hostname/IP = unifi2.local.lan FQDN or IP address
Apply changes
Now we’ve configured all the settings needed to create and configure our SSIDs, we can adopt our access points. Navigate to DEVICES where you should see your access points pending adoption. Adoption is initiated by clicking ADOPT next to the respective access point. After displaying PROVISIONING for a little while, the status should change to CONNECTED.
Once the access point has been adopted you should be able to join any of the provisioned SSIDs. Validate that you can connect, receive an appropriate DHCP address and that you can access internal devices and internet sites.
Click on the access point name and a panel will slide out on the right of the browser window where we can configure access point related settings.
Access point alias
Navigate to General > Alias and set a more meaningful name e.g. Kitchen
Click Save
Click Save
Band steering
Navigate to General > Band Steering and set Prefer 5G = ON.
This will coerce device promotion from crowded 2.4GHz frequencies into the 5Ghz range.
This will coerce device promotion from crowded 2.4GHz frequencies into the 5Ghz range.
Airtime fairness
Navigate to General > Airtime fairness and set it to ON.
This will encourage fairer airtime sharing.
This will encourage fairer airtime sharing.
Apply the above changes.
Unifi Software
New software is made available through Unifi and the beta program frequently and its worth keeping up to date. Before updating your system, please make sure to make a backup in case you need to roll back to a previous version. To update your installation SSH into Unifi system and enter
wget <filename> -O <destination_filename>
, e.g for version 5.7.3 you would enterwget https://dl.ubnt.com/unifi/5.7.3-91ad2e6240/unifi_sysvinit_all.deb -O ~/unifi/downloads/5.7.3-installer.deb
and to install the .deb package,
sudo dpkg -i ~/unifi/downloads/5.7.3-installer.deb
Once applied its usually worth rebooting. It can take a few minutes for a new install to be accessible due to database conversions so don’t panic if it isn’t accessible immediately.
Access Point firmware
To upgrade an access point with new firmware, click on the access point to be upgraded and navigate to Config > Manage Device > Custom Upgrade. Here is where you enter the link to the firmware and then click Upgrade. In case of issues, its worth noting HTTPS transfers require accurate time to be set. If you are having trouble verify your NTP settings are correct.
Its impossible to produce a guide for tuning access point radios that would work in anything but a small selection of setups, not only are homes and offices wildy different in terms of area and construction, but radio frequency utilisation and pollution will be different too. I want to share a few concepts and ideas that have worked well for me and are likely to work well for a fair percentage of readers.
Access point positioning
Generally keeping the access points with a clear line of sight to the locations where clients are likely to be used, typically this means ceiling mounting. Using a site survey tool like Netspot equips you with actual reading of your access points signal strength across your space. This info can really help establishing the optimal number and placement of access points.
Avoid congested frequency bands
Higher channel widths can support a higher data rates, however the downside is that there are fewer non-overlapping channels available which can lead to congestion problems.
Make use of the inbuilt Unifi RF environment scan which can be accessed under each access points tool menu. Pick non overlapping channels for each access point. How to mark on download on macbook pro.
Adrian Grando’s Wifi Explorer is excellent for wifi network inspection. The recently released pro version also enables the use of Metageek’s Wi-spy DBx for frequency analysis.
For 2.4Ghz there are only three non-overlapping channel, 1, 6 & 11, stick to 20Mhz channel widths as increasing to 40Mhz reduces the number of non-overlapping channels and makes using multiple access points difficult. You can see in the above image my 3 access points use 2.4Ghz channels 1, 6 & 11 and 5.4Ghz 36, 52 & 100 to prevent congestion.
For 5Ghz there are many more non-overlapping channels and its possible to configure 40Mhz or even 80Mhz channel widths in certain environments without congestion.
If using the DFS frequency ranges, ensure you aren’t being impacted by nearby RADAR installations or other sources of interference that could cause your access point to reallocate to another channels causing congestion. The Unifi software will alter you in the logging section if this is happening.
For 5Ghz there are many more non-overlapping channels and its possible to configure 40Mhz or even 80Mhz channel widths in certain environments without congestion.
If using the DFS frequency ranges, ensure you aren’t being impacted by nearby RADAR installations or other sources of interference that could cause your access point to reallocate to another channels causing congestion. The Unifi software will alter you in the logging section if this is happening.
Tuning for optimal 5Ghz network usage is more challenging than 2.4Ghz, see this FCC document for a more thorough detailed breakdown of the range.
Radio power
Radio communications depend on clear signals both ways between access point and client. Turning up the transmit power on the access point doesn’t magically solve range problems because although the clients can hear the access point more clearly, they don’t usually have the radio power to be able to transmit back as loudly. You are likely better off turning down the broadcast power and enabling devices to migrate to other more optimal access points where a more balanced communication stream can occur.
Click on each access point in turn and under config, set the transmit powers as follows:
- Radio 2G Transmit power = Low
- Radio 5G Transmit power = Medium
Verify your devices, especilally mobile devices, can still access wifi across your area and verify they transfer to hotspots with better SNR sensibly.
Disable unused 802.11 rates
Depending on the devices in use on your network, you may see some benefits in disabling some of the rates associated with older wifi devices. To disable these frequencies navigate to Settings > Wireless Networks. Edit settings and change the 802.11 rate options as follows:
Unifi Controller 4.0 3 Download Mac Os
2G Data rate control
- Enable minimum data rate control = [x]
- Set slider to 12Mbps
- Also require clients to use rates at or above the specified value = [x]
5G Data rate control
- Enable minimum data rate control = [x]
- Set slider to 12Mbps
- Also require clients to use rates at or above the specified value = [x]
Save and verify your devices still function correctly.
Block LAN to WLAN Multicast and Broadcast Data
Multicast/Broadcast data is sent at the lowest modulation rate and can negatively affect performance. Unless you absolutely need this feature, it is recommended to block this traffic. If after blocking this traffic you notice difficulty connecting to certain wifi devices, for example printers which may rely on this system for detection, consider adding specfic MAC addresses to the excepted devices before reverting to disabling the block completely. I’ve added an exception for my printer (HP8600), a portable audio speaker (A7) and the subnet gateway (unknown hostname) to support reliable discovery in the image below. See this Ubiquiti document for further information.
21 November 2017
Refined Block LAN to WLAN section
Refined Block LAN to WLAN section
18 November 2017
Added Block LAN to WLAN Multicast and Broadcast Data section
Added Block LAN to WLAN Multicast and Broadcast Data section
This article describes installation and configuration steps for Ubiquiti UniFi Cloud Controller ( v5.7 or above). Our test was performed with Unifi controller 5.13.32 and Unifi AP-AC-Lite firmware version 4.0.54.10625.
( previous test was performed with v5.11.50, v5.9.29 and v5.10.23.11668-1 controllers and Unifi AP-AC-Lite v4.0.9.9639.)
Log in to your UniFi controller and click the Setting icon.
Create a Wireless Network that will be enabled for Guest Access.
Go to Settings / Wireless Networks, click Create New Wireless Network and configure following:
Name/SSID: Your SSID ( it’s your choice what will be set as SSID Name, Guest WiFi in our case)
Enabled: Enabled
Security: Open
Guest Policy: Enabled
Enabled: Enabled
Security: Open
Guest Policy: Enabled
Click Save to apply changes.
Go to Guest Control page and on the Guest Policies section set following:
Enable Guest Portal: Enabled
Authentication: Hotspot
Default Expiration: 8 Hours
Landing Page: Promotion URL – insert desired URL
Use Secure Portal: Disabled
Redirect using hostname: Disabled
Enable HTTPS Redirection: Disabled
Enable encrypted redirect URL: Disabled
Authentication: Hotspot
Default Expiration: 8 Hours
Landing Page: Promotion URL – insert desired URL
Use Secure Portal: Disabled
Redirect using hostname: Disabled
Enable HTTPS Redirection: Disabled
Enable encrypted redirect URL: Disabled
On the Portal Customization section as Template Engine set Angular JS and enable Override Default Templates.
Later, when you change index.html and auth.html files Desktop preview will change to:
In the Hotspot section enable Radius-based authorization
Override Default Template should be disabled in the Voucher Customization section.
From the Radius section select previously created Profile . ( check Configuring parameters section to learn how to create new Radius profile)
As Authentication type select CHAP.
Accept incoming disconnect request: DISABLED
As Authentication type select CHAP.
Accept incoming disconnect request: DISABLED
On the Access Control / Pre-Authorization section enter the Walled garden IP’s.
wifihotspot.io
cdn.wifihotspot.io
starthotspot.com
13.92.228.228
40.117.190.72
cdn.wifihotspot.io
starthotspot.com
13.92.228.228
40.117.190.72
Go to the ProfilesRadius section and click Create new RADIUS profile button.
Click Create New RADIUS Profile and configure following:
Click Create New RADIUS Profile and configure following:
Profile Name: Starthotspot
RADIUS Auth Server: 13.92.228.228
Port: 1812
Password / Shared secret: (contact our office)
Click Add Auth Server and configure Radius server 2:
RADIUS Account Server: 13.92.228.228
Port: 1813
Password / Shared secret: (contact our office)
Interim update: Enabled
Interim update interval: 86400 Adobe acrobat x pro download mac free.
RADIUS Auth Server: 13.92.228.228
Port: 1812
Password / Shared secret: (contact our office)
Click Add Auth Server and configure Radius server 2:
RADIUS Account Server: 13.92.228.228
Port: 1813
Password / Shared secret: (contact our office)
Interim update: Enabled
Interim update interval: 86400 Adobe acrobat x pro download mac free.
Save changes.
If you want to enable Social network login feature or use Paypal as payment gateway, add further IP’s as per below for each network you plan to support.
Please note, these IP ranges are subject to change depending on the social network setup.
31.13.24.0/21
www.facebook.com
staticxx.facebook.com
connect.facebook.net
static.xx.fbcdn.net
157.240.0.0/16
31.13.0.0/16
– if it does not work, try adding:
45.64.40.0/22
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
103.4.96.0/22
129.134.0.0/16
173.252.64.0/18
179.60.192.0/22
185.60.216.0/22
204.15.20.0/22
www.facebook.com
staticxx.facebook.com
connect.facebook.net
static.xx.fbcdn.net
157.240.0.0/16
31.13.0.0/16
– if it does not work, try adding:
45.64.40.0/22
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
103.4.96.0/22
129.134.0.0/16
173.252.64.0/18
179.60.192.0/22
185.60.216.0/22
204.15.20.0/22
199.16.156.0/22
199.59.148.0/22
199.96.56.0/21
192.133.76.0/22
199.59.148.0/22
199.96.56.0/21
192.133.76.0/22
Unifi Controller 5.6.42 Download
91.225.248.0/23
www.linkedin.com
static.licdn.com
184.51.0.0/16
108.174.0.0/16
– if it does not work, try adding:
103.20.94.0/23
108.174.0.0/22
108.174.4.0/24
108.174.8.0/22
108.174.12.0/23
144.2.0.0/22
144.2.192.0/24
216.52.16.0/23
216.52.18.0/24
216.52.20.0/23
216.52.22.0/24
65.156.227.0/24
8.39.53.0/24
185.63.144.0/24
185.63.147.0/24
199.101.161.0/24
64.152.25.0/24
8.22.161.0/24
www.linkedin.com
static.licdn.com
184.51.0.0/16
108.174.0.0/16
– if it does not work, try adding:
103.20.94.0/23
108.174.0.0/22
108.174.4.0/24
108.174.8.0/22
108.174.12.0/23
144.2.0.0/22
144.2.192.0/24
216.52.16.0/23
216.52.18.0/24
216.52.20.0/23
216.52.22.0/24
65.156.227.0/24
8.39.53.0/24
185.63.144.0/24
185.63.147.0/24
199.101.161.0/24
64.152.25.0/24
8.22.161.0/24
paypal.com
sandbox.paypal.com
paypalobjects.com
paypalssl.doubleclick.net
paypal.112.2o7.net
securepics.ebaystatic.com
mobile.paypal.com
m.paypal.com
sandbox.paypal.com
paypalobjects.com
paypalssl.doubleclick.net
paypal.112.2o7.net
securepics.ebaystatic.com
mobile.paypal.com
m.paypal.com
Apply changes to save.
At the end, you will need to modify two html files on the controller so that it correctly redirects and authenticates.
Last, very important step:
Download this fileand unzip contents (index.html and auth.html) it in your app-unifi-hotspot-portal directory
Depending of the OS, it is usually located at the location bellow:
Download this fileand unzip contents (index.html and auth.html) it in your app-unifi-hotspot-portal directory
Depending of the OS, it is usually located at the location bellow:
Windows: C:UsersUbiquiti UniFidatasitesdefaultapp-unifi-hotspot-portal
MAC: ~/Library/Application Support/UniFi/data/sites/default/app-unifi-hotspot-portal
Linux: /usr/lib/unifi/data/sites/default/app-unifi-hotspot-portal
MAC: ~/Library/Application Support/UniFi/data/sites/default/app-unifi-hotspot-portal
Linux: /usr/lib/unifi/data/sites/default/app-unifi-hotspot-portal
If you are using Cloud key, please upload our index and auth files into appropriate site folder. By default it’s:
/srv/unifi/data/sites/default/app-unifi-hotspot-portal
Troubleshooting Having troubles? Here is a quick check list:
1. Make sure that you selected CHAP and not MS-CHAP
2. Make sure that you replaced index and auth files.
– If it’s local controller installation files are on your computer. See paths above.
– If it’s Cloud Key installation, upload these files into appropriate folder
– If it’s Hostifi, send your files to the admin to replace original ones.
– If it’s local controller installation files are on your computer. See paths above.
– If it’s Cloud Key installation, upload these files into appropriate folder
– If it’s Hostifi, send your files to the admin to replace original ones.
3. Make sure that you typed AP MAC address into our cloud portal
4. If the mobile you are testing is not reaching our Hotspot splash page, but instead you get ERR_CONNECTION_REFUSED with address like http://yourpublicip:8880/guest/s/…. please make sure that your AP can reach machine where controller is being hosted. If it’s your personal computer, do a port forwarding, unblock firewall etc…
5. Make sure to match exact model of your AP. In some cases mistakes are not obvious, for example:
6. Client MAC is not received
If you are getting the splash page, but can not login and receive “Invalid password” or other errors, please check if the AP is sending client MAC address.
Some versions of Unifi AP firmware are buggy and do not send client MAC.
In such a case, downgrade AP firmware to the earlier version.
At the time of writing, downgrade from v4.3.20 to v4.0.54 resolved the issue.
Some versions of Unifi AP firmware are buggy and do not send client MAC.
In such a case, downgrade AP firmware to the earlier version.
At the time of writing, downgrade from v4.3.20 to v4.0.54 resolved the issue.
If your attempts to downgrade via web links (SSH or Unifi Controller) continuously fail, please do it this way: SCP into the AP, copy the firmware file to /tmp, then SSH in and run command.
7. Make sure that you configured Ubiquity AP (Unifi Controller) when you deploy APs with the controller.
8. If you get URL similar to this one on the client device ( IP address instead wifihotspot.io domain)
http://192.168.1.7:8880/guest/s/default/?ap=b4:hg:04:73:de:8f&id=01:37:10:98:12:44&t=1597065764&url=http://www.msftconnecttest.com%2fredirect&ssid=UnifiGuest
How to download netflix episodes onto mac. it means that the controller isn’t started or there are no communications between the controller and APs.
9. SSID name should contain only letters and numbers—don’t use spaces or special characters, such as !, @, #, $, ?, *, ‘,-, etc.
If you need help with configuration, please go to starthotspot.com and contact our tech support. We’ll be glad to help you.