Ubiquity / UniFi AP Setup & Edgerouter X Load Balacing

T4rd

Fully [H]
Joined
Apr 8, 2009
Messages
20,104
After making this thread to see how I could combine my 2 ISP connections, I got an Edgerouter X to do so and it's been working great so far with my 2 crappy ISP modem/routers to dish out their own WiFI (effectively bypassing the Edgerouter) until I picked up a few UniFi APs to run off of it to get adequate WiFI coverage throughout my house, because my walls are concrete and an single AP struggles to reach past one wall so I need at least 3 to reach through the whole house.

I just got one of them today and Jesus Christ is this thing fighting me every step of the way to work properly; I almost wish I would have just picked up an overpriced mesh system from Google or something now after just trying to get it set up.

First, I had to re-order the network cables on my Edgerouter interfaces so that I could run PoE into Eth0 (to power both the router and AP) and out of Eth4 (to the AP) as required by the router since that's the only way it supports PoE. I initially had both my WAN/ISP connections on Eth3/4 with load balancing and it was working great; even was combining my connections of certain downloads so I was getting nearly double the speed on downloads.

Since I got my AP now, I moved my WAN/ISP connections to Eth0/1 and I guess since one of my ISPs are down right now (hence the want/need for two different ISPs for failover because ISPs are very unreliable here), I couldn't get internet access anymore after running the wizard to configure both the first two Eth ports as WAN links, so after an hour of troubleshooting that, I submitted and relented to only setting up Eth0 for my WAN/ISP connection and got internet back on everything at least.

Now I connect up the AP to Eth4 (the only PoE port on the router) and enable PoE on the interface in the web interface and it powers up. Look at the installer guide and it tells me to install the controller software on my PC so that I can manage/configure the AP... well that's garbage, I thought with it being a Ubiquiti product, the Edgerouter would be the controller and it would be a relatively seamless setup with the UniFi phone app or something.. but ooooooh boy was I wrong. Despite saying right here on the app's description: "Provision a UniFi Access Point (AP) for basic functionality without configuring a UniFi Controller", that app still rely's on a dedicated controller to set it up because I couldn't get it to detect a damn thing while my AP was lit up right in front of me and my phone. Only after I ran the UniFi installer on my Windows box and get the AP function for my phone to connect to, did that app let me do anything. But that was a long process in itself that included a nice chat with their tech support to see why my AP wouldn't provision (or "adopt") or update its firmware on my network. Here's that whole transcription if that may give you some more info that I forget to mention otherwise:

Code:
(06:02:03 PM) Abby P.: Hello there.
(06:02:09 PM) Abby P.: Is the Edge router configured?
(06:02:12 PM) T4rd: Heya, Abby
(06:02:19 PM) T4rd: Yes, and working fine otherwise
(06:02:52 PM) T4rd: I configured it to do port forwarding on switch0 and enabled PoE passthrough on it to get power to the AP
(06:03:08 PM) Abby P.: While adoption the AP and controller PC both should be connected hard wired to same switch or router.
(06:04:10 PM) T4rd: Yes, the controller software is installed on my desktop, which is hardwired directly to the Edgerouter X along with the AP. My desktop is on eth2, while the AP is on eth4
(06:05:03 PM) T4rd: My dashboard says "No UniFi security gateway detected. Routing info unavailable.
(06:05:08 PM) Abby P.: Are the ports configured?
(06:05:18 PM) Abby P.: Both the ports should be on same network.
(06:07:23 PM) T4rd: I did exactly this: https://youtu.be/psakurWSotw?t=161
(06:08:39 PM) T4rd: I have no port forwarding rules configured though.
(06:11:48 PM) T4rd: Still there..?
(06:12:12 PM) Abby P.: Yes I am there.
(06:12:27 PM) T4rd: Can you see that video?
(06:13:18 PM) Abby P.: Try to access edge router CLI and share the output of:

show interfaces
(06:13:58 PM) T4rd: Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 192.168.178.128/24 u/u Internet
eth1 - u/D Local
eth2 - u/u Local
eth3 - u/u Local
eth4 - u/u AP
lo 127.0.0.1/8 u/u
::1/128
switch0 10.7.7.1/24 u/u Local
(06:14:23 PM) T4rd: Eth0 is my WAN/ISP, Eth4 is the AP
(06:14:57 PM) T4rd: My controller/desktop is on Eth2
(06:16:25 PM) Abby P.: https://help.ubnt.com/hc/en-us/articles/115002531728-EdgeRouter-Beginners-Guide-to-EdgeRouter
here is the help article which will help you to configure the ports of edge router.
(06:20:12 PM) T4rd: That article is for initial setup and doesn't specify anything to do with the ports. I've already done everything in that article to get my Edgerouter working in the first place. The issue is that my AP isn't detecting the network.
(06:20:51 PM) T4rd: That article doesn't mention anything about access points either.
(06:24:30 PM) Abby P.: The ports are not cofigured.
(06:24:43 PM) Abby P.: *configured
(06:28:20 PM) T4rd: Please cite on that page where it specifies how to configure the ports for an AP. I don't see anything about port configuration on that page.
(06:29:00 PM) Abby P.: What is the LED status of the AP?
(06:29:10 PM) T4rd: Solid blue right now.
(06:29:30 PM) Abby P.: It means it is already adopted in any other controller software.
(06:29:51 PM) Abby P.: Try to hard reset the AP and get it managed under you controller.

https://help.ubnt.com/hc/en-us/articles/205143490-UniFi-How-to-Reset-the-UniFi-Access-Point-to-Factory-Defaults
(06:31:24 PM) T4rd: Ok, just reset it now with the button on the back.
(06:33:14 PM) Abby P.: Let it come is steady white color.
(06:33:20 PM) T4rd: It said "adopting" for a min on the devices page, then "updating (failed)
(06:33:35 PM) T4rd: It's solid blue again now
(06:33:48 PM) T4rd: Was white while it was attempting to adopt it
(06:34:56 PM) Abby P.: What is the firmware of the AP?
(06:35:31 PM) T4rd: UniFi AP-AC-Lite 4.0.69.10871
(06:35:53 PM) Abby P.: What is the IP of the controller PC?
(06:36:22 PM) T4rd: 10.7.7.38
(06:36:51 PM) T4rd: I'm using 10.7.7.0/24 as my DHCP subnet on my router
(06:37:07 PM) Abby P.: What is the IP of the AP?
(06:38:45 PM) T4rd: 10.7.7.49 according to my DHCP leases, I don't see where it says on the controller page though
(06:40:33 PM) Abby P.: Try to SSH in AP via putty and run this command:

set-inform http://10.7.7.38:8080/inform

Run this whole command multiple times.
(06:41:53 PM) T4rd: What credentials do I use on it?
(06:42:18 PM) T4rd: I never set a username/password on it
(06:42:30 PM) Abby P.: Try to use ubnt/ubnt
(06:43:33 PM) T4rd: BZ.v3.7.58# set-inform http://10.7.7.38:8080/inform

Adoption request sent to 'http://10.7.7.38:8080/inform'.

1. please adopt it on the controller
2. issue the set-inform command again
3. <inform_url> will be saved after device is successfully managed
(06:43:38 PM) T4rd: That's what I get
(06:44:05 PM) Abby P.: Try to run that command multiple times.
(06:46:42 PM) T4rd: Ok, I just ran it like 50 times
(06:47:07 PM) Abby P.: I need to take you on email and check with my team.
(06:47:20 PM) Abby P.: Get back to you shortly on email.
(06:47:33 PM) T4rd: Ok...
(06:49:35 PM) T4rd: Can I talk on the phone instead?
(06:49:52 PM) Abby P.: I apologize, we do not provide phone support. I will certainly be able to help you via chat or email.
(06:51:13 PM) T4rd: Ok, I'd like to stay in chat if possible so I can do this faster and get it fixed ASAP.
(06:52:37 PM) Abby P.: i need to escalate your case to internal team and they will update you shortly on email.
(06:52:57 PM) T4rd: Ok, thanks, Abby
(06:53:31 PM) Abby P.: You're welcome.
(06:53:35 PM) Abby P.: Thanks for your time.
(06:53:41 PM) Abby P.: We will see you on email shortly.

A few hours later, I have yet to hear anything from them, but I've got it mostly figured out now except for the controller software crapping out on me. It ran fine for hours right up until I got the AP working by basically going into the controller network settings and pointing DHCP and the gateway info all to my router and then figuring out that I forgot to set DNS on the Edgerouter's DHCP server after another hour or two of troubleshooting because I had DNS specified on my PC's NIC, but thought it was getting it via DHCP so my phone or wireless devices wouldn't have internet access through the AP still.

So now that I have the AP functional and providing internet, the damn controller software refuses to stay running on my PC; I've reinstalled it a few times and it will work and it retains my network/AP config for a few mins seemingly and then throws a "websocket connection error" and times out from connecting to my localhost server after that. I've tried:

  • Disabling my firewall
  • Installing both 32 and 64-bit Java after seeing it recommended in another online post about this issue.
  • Looking up the UniFi service in my services.msc console to see if it's running, which it isn't listed there at all even after reinstalling the controller software and getting it to connect/function for another few mins.
Most people I see after searching this issue recommend running this controller software on a VM or Linux host, which is just too stupid for me... this setup has been complicated enough for me as it is and I don't want to dedicate more resources/hardware just to manage a couple APs; the Edgerouter should have done that in the first place but it doesn't. So that's my fault for assuming these two products from the same company would work together easily.

So if anyone here has any experience with these APs and the controller software on Windows, I would really appreciate some insight or assistance on how to get this all running properly with as little headache as possible, else I'm tempted to just send them back and get a mesh kit from another vendor and call it done.

TIA.

Edit: Jesus, just found this article to install the controller software as a service and it seems to work for now again without having to reinstall the software again. Dafuq, I thought it installed it as a service in the first place, but apparently not. Doesn't make sense to me that it doesn't install as an automatic service by default if you want to be able to manage the AP at any point.. :confused:
 
Last edited:
I use UBNT cloud key to manage my router, switch, and access point. Dedicated POE device that run the controller software and allows remote access to management interfaces. Had similar challenges adopting the AP as you. It all connected now to cloud key and working as expected once i found cli command to tell it where to report to.
 
Look at the installer guide and it tells me to install the controller software on my PC so that I can manage/configure the AP... well that's garbage, I thought with it being a Ubiquiti product, the Edgerouter would be the controller and it would be a relatively seamless setup with the UniFi phone app or something
Your combining two separate product lines. Edge and UniFi are different things and you would need one of the UniFi Security Gateway products as your router if you wanted to integrate fully. The UniFi Gateway is basically the exact same thing as one of the various EdgeRouter products, only with firmware for the UniFi lineup.
 
Yes the management side of the Unifi line is a bit odd. Despite it supporting vlans they assume you'll have broadcast access to the management interface of the AP. You can in fact put the management of it onto a vlan, but you'll need to connect it to the Unifi software via SSH. There is a way to add devices in manually this way, which is how you'd need to do it in that scenario.

Honestly once you have the AP up and running, there really isn't a need for the software anymore. I've put the software onto a VM, then usually just power down that VM and forget how to log into it. Then I hit the reset button on the AP, and make a new VM and reconnect it again. I'm actually at that point right now, I just haven't had the will to reset the AP again. Unless you're using a bunch of APs and want them to talk to each other, you'll use the software exactly once, then probably forget it exists.

The ER-X though, yes that is quite a difficult device to configure. The best advice I can say is that in your case where you need to run the wizard is you absolutely have to do that first. I made similar mistakes where I was trying to use the wizard after configuring some things, and the wizard will wipe out all of your configuration, or otherwise break it beyond repair. Sounds like you've gone through the pain of getting it going. The good news is that having a config backup should hopefully mean you won't need to figure it out again. The big issue you had was putting in an AP after the fact. For $20 you could also just have bought a POE adapter and saved the hassle of re configuring it to use pass through.

Glad you were able to get it all going. Now that it's up I probably wouldn't worry about messing with it, I've had one in service with an ER-X and pass through to an AC Lite going for years. It is generally hands off once it's configured. I've even been moved locations and it was just a matter of unplugging and plugging the cables back in.
 
  • Like
Reactions: T4rd
like this
The Edge(Router) line is really designed for people that know networking well. They are extremely powerful devices, but not designed for ease of set up and configurations if you do not know networking. That said, if you do, it is significantly easier than say a Cisco IOS device.

Unifi is a completely different family. It is designed to be controller based, whether that be the APs, Router, Switches, etc. One correction, you CAN direct configure a single AP with the mobile app and no controller (newer feature in the last few years), but that really is more of a temporary solution and not meant for full deployment. The controller can run on a Unifi Cloud Key Device, Server/Computer, Online Cloud Service, or the Unifi Dream Machine (which is an all in one Router/AP/Controller part of the Unifi family).

It is definitely unique, but once you get to understand the topology and way it communicates, it is extremely powerful for the price point. It is far from a normal consumer solution though. If you want plug and play, the Ubiquiti Amplifi lineup is what you want.

I run a couple dedicated controllers and manage Unifi across 20+ locations for clients. One of the awesome things is that you can actually deploy Unifi Devices to a normal network and have them speak over the internet to the internet facing controller without any VPN/site-to-site fanciness.
 
  • Like
Reactions: T4rd
like this
Thanks for the replies, guys.

I got the controller service figured out and running consistently on my PC, but I still hate that it's not ran on the AP or Edgerouter itself regardless of them being from different product lines.

The only reason I got the Edgerouter was because it was recommended to me from the forum members in the thread I linked to in OP since it can combine my ISP connections and do load balancing. Had I known at the time I could have got a UniFi router or something (I assume? Haven't looked it up yet), I probably would have got that so I don't have to leave my PC running 24/7 just to manage the APs. Which I DO have to manage the APs constantly too because of another thing I wish the Edgerouter could do; block clients on demand and on a timed schedule. I like to restrict internet access to my kids whenever they're not listening and also at bed time, which I can do the former on the AP controller page, but no time scheduling that I see whatsoever on neither the Edgerouter or the AP controller. I can only block clients manually and it's not a very intuitive interface to do so at least on the mobile app; there's two different pages where you can only block on one and unblock on another for some reason. If any of you have a good solution to that that I may be missing too, I'm all ears.
 
Unifi Security Gateways (USGs) are ass. They're slow, and if you turn on the features that make them unique like IPS, performance plummets.

And that's for all of the accessibly priced units.

Basically, aside from that neat -- but also fairly useless -- single pane of glass in the controller, which is not hosted on the USG, you're better off with an Edgerouter with more features on the device and better performance.


My recommendation is simple: get a Pi 4, load up Pihole for your DNS filtering, and put the Unifi controller on it for your APs. Problem solved.
 
  • Like
Reactions: T4rd
like this
Unifi Security Gateways (USGs) are ass. They're slow, and if you turn on the features that make them unique like IPS, performance plummets.
Exactly the same as EdgeRouterX though no? Everyone talks about how you cant use any of the advanced features on them too and both units are identical hardware and just run different firmware.
All the old models suck. You have to step up to the EdgeRouter4/USG-4 Pro before you get performance that can run advanced features without choking.
 
Exactly the same as EdgeRouterX though no?

Sort of? The ER-X is more flexible due to its different firmware. I'd still take it over a USG.

You have to step up to the EdgeRouter4/USG-4 Pro

These aren't the same thing: the Edgerouter 4 and a few newer models that share the same platform are significantly more powerful than the USG 4, which shouldn't have 'Pro' anywhere in its name. Or a place on the shelf, really.

Ubiquiti has a new line of USGs coming, which have built-in controllers and 1Gbps IPS capability. Whenever those become available, they'll be the USG you actually want. Till then, use a cheap Edgerouter or whatever else.

As standalone appliances, I will say that the Edgerouters are quite capable. Their terminal interfaces are very good, their web interfaces are effective, and the UNMS software which works similarly to the Unifi controller is nice, if limited to x86 Linux installs.
 
you still need the controller software running somewhere for the app to connect to
I only used the application on my iPhone to setup my UniFi AP AC LR, without any other controller software running somewhere (unless if that controller was built into my EdgeRouter-X SFP or the AP itself).
 
I only used the application on my iPhone to setup my UniFi AP AC LR, without any other controller software running somewhere (unless if that controller was built into my EdgeRouter-X SFP or the AP itself).

You only really need the controller software to make config changes, so once you get it set the way you want you are good. Having a key or the software running is more interesting if you use the UI monitoring aspect.

Now, doing firmware updates is a bit more of a PITA without a running key (especially if you have to re-adopt everything due to life happening, lol), but those are few and far between.

I use a key mainly b/c i have one and i have a spare poe port. If I didn't, I probably wouldn't feel the need to expend the effort to use one.
 
Yeah, for a single or small deployment, you can get away without a controller.

However, when it comes to keeping track of everything, it's nice to have, and Raspberry Pis are cheap.
 
Well one of my ISPs (TIM) messed my account up and took it down for over a month. I received Now that I have it back up and both ISPs connected, it seems my Edgerouter refuses to use my first ISP (Eolo) to route any traffic through, even after disconnecting my TIM router to try to force it to fail over, it won't do it and I've also tried to set the load balancing weight to 100/0 on Eth0/Eth1 (Eolo/TIM respectively) and it still routes all traffic through the Eth1/TIM connection.

I've tried running the Wizard again for Load Balacing, which wipes the existing config and starts from scratch. After that and every reboot it will temporarily route traffic through Eth0/Eolo for a min or so, then revert back to all traffic going through my Eth1/TIM connection regardless of its load or connection status.

Another oddity is when I SSH into the router and run the command "show load-balance status" (a command shown on this Ubnt config page), it doesn't seem to be a valid command and shows me this as possible commands:

1580654727408.png


So dunno what's up with that command not being valid either. When I see what commands are available after "show load-balance" and follow that tree down, here's what options I have until I get to the end to see the interface and its output:

1580654735591.png


Any suggestions?

Edit:

Forgot I was in configure mode when I ran those commands. Exited conf mode and ran the command with these results:

272848_1580656048318.png


The weights of 0 are the default config, but I've played around with them setting to 50/50 and 100/0 to force routing through Eth0 with no different results in load balancing.

When I run "show load-balancing watchdog" it says:

1580656340066.png



Not sure why it says "DOWN" for pinging that "ping.ubnt.com" URL on both interfaces, because I can ping it just fine still from my PC. I wonder if that's part of the issue? I'll try to change that default test to Google's DNS server or something to see if that makes a difference.

Edit 2:

Ok, guess I figured it out and fixed it by changing the default address for load balancing/failover from ping.ubnt.com to Google's DNS of 8.8.8.8. It's showing traffic going through both WAN interfaces now and seems to fail over correctly once I disconnect one of the WAN connections. Love when I post/bump threads needing help only to figure it out myself. :D
 
Last edited:
Back
Top