Ubiquity / UniFi AP Setup

Discussion in 'Networking & Security' started by T4rd, Dec 26, 2019.

  1. T4rd

    T4rd [H]ard as it Gets

    Messages:
    16,872
    Joined:
    Apr 8, 2009
    After making this thread to see how I could combine my 2 ISP connections, I got an Edgerouter X to do so and it's been working great so far with my 2 crappy ISP modem/routers to dish out their own WiFI (effectively bypassing the Edgerouter) until I picked up a few UniFi APs to run off of it to get adequate WiFI coverage throughout my house, because my walls are concrete and an single AP struggles to reach past one wall so I need at least 3 to reach through the whole house.

    I just got one of them today and Jesus Christ is this thing fighting me every step of the way to work properly; I almost wish I would have just picked up an overpriced mesh system from Google or something now after just trying to get it set up.

    First, I had to re-order the network cables on my Edgerouter interfaces so that I could run PoE into Eth0 (to power both the router and AP) and out of Eth4 (to the AP) as required by the router since that's the only way it supports PoE. I initially had both my WAN/ISP connections on Eth3/4 with load balancing and it was working great; even was combining my connections of certain downloads so I was getting nearly double the speed on downloads.

    Since I got my AP now, I moved my WAN/ISP connections to Eth0/1 and I guess since one of my ISPs are down right now (hence the want/need for two different ISPs for failover because ISPs are very unreliable here), I couldn't get internet access anymore after running the wizard to configure both the first two Eth ports as WAN links, so after an hour of troubleshooting that, I submitted and relented to only setting up Eth0 for my WAN/ISP connection and got internet back on everything at least.

    Now I connect up the AP to Eth4 (the only PoE port on the router) and enable PoE on the interface in the web interface and it powers up. Look at the installer guide and it tells me to install the controller software on my PC so that I can manage/configure the AP... well that's garbage, I thought with it being a Ubiquiti product, the Edgerouter would be the controller and it would be a relatively seamless setup with the UniFi phone app or something.. but ooooooh boy was I wrong. Despite saying right here on the app's description: "Provision a UniFi Access Point (AP) for basic functionality without configuring a UniFi Controller", that app still rely's on a dedicated controller to set it up because I couldn't get it to detect a damn thing while my AP was lit up right in front of me and my phone. Only after I ran the UniFi installer on my Windows box and get the AP function for my phone to connect to, did that app let me do anything. But that was a long process in itself that included a nice chat with their tech support to see why my AP wouldn't provision (or "adopt") or update its firmware on my network. Here's that whole transcription if that may give you some more info that I forget to mention otherwise:

    Code:
    (06:02:03 PM) Abby P.: Hello there.
    (06:02:09 PM) Abby P.: Is the Edge router configured?
    (06:02:12 PM) T4rd: Heya, Abby
    (06:02:19 PM) T4rd: Yes, and working fine otherwise
    (06:02:52 PM) T4rd: I configured it to do port forwarding on switch0 and enabled PoE passthrough on it to get power to the AP
    (06:03:08 PM) Abby P.: While adoption the AP and controller PC both should be connected hard wired to same switch or router.
    (06:04:10 PM) T4rd: Yes, the controller software is installed on my desktop, which is hardwired directly to the Edgerouter X along with the AP. My desktop is on eth2, while the AP is on eth4
    (06:05:03 PM) T4rd: My dashboard says "No UniFi security gateway detected. Routing info unavailable.
    (06:05:08 PM) Abby P.: Are the ports configured?
    (06:05:18 PM) Abby P.: Both the ports should be on same network.
    (06:07:23 PM) T4rd: I did exactly this: https://youtu.be/psakurWSotw?t=161
    (06:08:39 PM) T4rd: I have no port forwarding rules configured though.
    (06:11:48 PM) T4rd: Still there..?
    (06:12:12 PM) Abby P.: Yes I am there.
    (06:12:27 PM) T4rd: Can you see that video?
    (06:13:18 PM) Abby P.: Try to access edge router CLI and share the output of:
    
    show interfaces
    (06:13:58 PM) T4rd: Interface IP Address S/L Description
    --------- ---------- --- -----------
    eth0 192.168.178.128/24 u/u Internet
    eth1 - u/D Local
    eth2 - u/u Local
    eth3 - u/u Local
    eth4 - u/u AP
    lo 127.0.0.1/8 u/u
    ::1/128
    switch0 10.7.7.1/24 u/u Local
    (06:14:23 PM) T4rd: Eth0 is my WAN/ISP, Eth4 is the AP
    (06:14:57 PM) T4rd: My controller/desktop is on Eth2
    (06:16:25 PM) Abby P.: https://help.ubnt.com/hc/en-us/articles/115002531728-EdgeRouter-Beginners-Guide-to-EdgeRouter
    here is the help article which will help you to configure the ports of edge router.
    (06:20:12 PM) T4rd: That article is for initial setup and doesn't specify anything to do with the ports. I've already done everything in that article to get my Edgerouter working in the first place. The issue is that my AP isn't detecting the network.
    (06:20:51 PM) T4rd: That article doesn't mention anything about access points either.
    (06:24:30 PM) Abby P.: The ports are not cofigured.
    (06:24:43 PM) Abby P.: *configured
    (06:28:20 PM) T4rd: Please cite on that page where it specifies how to configure the ports for an AP. I don't see anything about port configuration on that page.
    (06:29:00 PM) Abby P.: What is the LED status of the AP?
    (06:29:10 PM) T4rd: Solid blue right now.
    (06:29:30 PM) Abby P.: It means it is already adopted in any other controller software.
    (06:29:51 PM) Abby P.: Try to hard reset the AP and get it managed under you controller.
    
    https://help.ubnt.com/hc/en-us/articles/205143490-UniFi-How-to-Reset-the-UniFi-Access-Point-to-Factory-Defaults
    (06:31:24 PM) T4rd: Ok, just reset it now with the button on the back.
    (06:33:14 PM) Abby P.: Let it come is steady white color.
    (06:33:20 PM) T4rd: It said "adopting" for a min on the devices page, then "updating (failed)
    (06:33:35 PM) T4rd: It's solid blue again now
    (06:33:48 PM) T4rd: Was white while it was attempting to adopt it
    (06:34:56 PM) Abby P.: What is the firmware of the AP?
    (06:35:31 PM) T4rd: UniFi AP-AC-Lite 4.0.69.10871
    (06:35:53 PM) Abby P.: What is the IP of the controller PC?
    (06:36:22 PM) T4rd: 10.7.7.38
    (06:36:51 PM) T4rd: I'm using 10.7.7.0/24 as my DHCP subnet on my router
    (06:37:07 PM) Abby P.: What is the IP of the AP?
    (06:38:45 PM) T4rd: 10.7.7.49 according to my DHCP leases, I don't see where it says on the controller page though
    (06:40:33 PM) Abby P.: Try to SSH in AP via putty and run this command:
    
    set-inform http://10.7.7.38:8080/inform
    
    Run this whole command multiple times.
    (06:41:53 PM) T4rd: What credentials do I use on it?
    (06:42:18 PM) T4rd: I never set a username/password on it
    (06:42:30 PM) Abby P.: Try to use ubnt/ubnt
    (06:43:33 PM) T4rd: BZ.v3.7.58# set-inform http://10.7.7.38:8080/inform
    
    Adoption request sent to 'http://10.7.7.38:8080/inform'.
    
    1. please adopt it on the controller
    2. issue the set-inform command again
    3. <inform_url> will be saved after device is successfully managed
    (06:43:38 PM) T4rd: That's what I get
    (06:44:05 PM) Abby P.: Try to run that command multiple times.
    (06:46:42 PM) T4rd: Ok, I just ran it like 50 times
    (06:47:07 PM) Abby P.: I need to take you on email and check with my team.
    (06:47:20 PM) Abby P.: Get back to you shortly on email.
    (06:47:33 PM) T4rd: Ok...
    (06:49:35 PM) T4rd: Can I talk on the phone instead?
    (06:49:52 PM) Abby P.: I apologize, we do not provide phone support. I will certainly be able to help you via chat or email.
    (06:51:13 PM) T4rd: Ok, I'd like to stay in chat if possible so I can do this faster and get it fixed ASAP.
    (06:52:37 PM) Abby P.: i need to escalate your case to internal team and they will update you shortly on email.
    (06:52:57 PM) T4rd: Ok, thanks, Abby
    (06:53:31 PM) Abby P.: You're welcome.
    (06:53:35 PM) Abby P.: Thanks for your time.
    (06:53:41 PM) Abby P.: We will see you on email shortly.
    
    A few hours later, I have yet to hear anything from them, but I've got it mostly figured out now except for the controller software crapping out on me. It ran fine for hours right up until I got the AP working by basically going into the controller network settings and pointing DHCP and the gateway info all to my router and then figuring out that I forgot to set DNS on the Edgerouter's DHCP server after another hour or two of troubleshooting because I had DNS specified on my PC's NIC, but thought it was getting it via DHCP so my phone or wireless devices wouldn't have internet access through the AP still.

    So now that I have the AP functional and providing internet, the damn controller software refuses to stay running on my PC; I've reinstalled it a few times and it will work and it retains my network/AP config for a few mins seemingly and then throws a "websocket connection error" and times out from connecting to my localhost server after that. I've tried:

    • Disabling my firewall
    • Installing both 32 and 64-bit Java after seeing it recommended in another online post about this issue.
    • Looking up the UniFi service in my services.msc console to see if it's running, which it isn't listed there at all even after reinstalling the controller software and getting it to connect/function for another few mins.
    Most people I see after searching this issue recommend running this controller software on a VM or Linux host, which is just too stupid for me... this setup has been complicated enough for me as it is and I don't want to dedicate more resources/hardware just to manage a couple APs; the Edgerouter should have done that in the first place but it doesn't. So that's my fault for assuming these two products from the same company would work together easily.

    So if anyone here has any experience with these APs and the controller software on Windows, I would really appreciate some insight or assistance on how to get this all running properly with as little headache as possible, else I'm tempted to just send them back and get a mesh kit from another vendor and call it done.

    TIA.

    Edit: Jesus, just found this article to install the controller software as a service and it seems to work for now again without having to reinstall the software again. Dafuq, I thought it installed it as a service in the first place, but apparently not. Doesn't make sense to me that it doesn't install as an automatic service by default if you want to be able to manage the AP at any point.. :confused:
     
    Last edited: Dec 26, 2019
  2. Shockey

    Shockey [H]ard|Gawd

    Messages:
    1,998
    Joined:
    Nov 24, 2008
    I use UBNT cloud key to manage my router, switch, and access point. Dedicated POE device that run the controller software and allows remote access to management interfaces. Had similar challenges adopting the AP as you. It all connected now to cloud key and working as expected once i found cli command to tell it where to report to.
     
  3. EniGmA1987

    EniGmA1987 Limp Gawd

    Messages:
    259
    Joined:
    May 2, 2017
    Your combining two separate product lines. Edge and UniFi are different things and you would need one of the UniFi Security Gateway products as your router if you wanted to integrate fully. The UniFi Gateway is basically the exact same thing as one of the various EdgeRouter products, only with firmware for the UniFi lineup.
     
  4. bman212121

    bman212121 [H]ard|Gawd

    Messages:
    1,548
    Joined:
    Aug 18, 2011
    Yes the management side of the Unifi line is a bit odd. Despite it supporting vlans they assume you'll have broadcast access to the management interface of the AP. You can in fact put the management of it onto a vlan, but you'll need to connect it to the Unifi software via SSH. There is a way to add devices in manually this way, which is how you'd need to do it in that scenario.

    Honestly once you have the AP up and running, there really isn't a need for the software anymore. I've put the software onto a VM, then usually just power down that VM and forget how to log into it. Then I hit the reset button on the AP, and make a new VM and reconnect it again. I'm actually at that point right now, I just haven't had the will to reset the AP again. Unless you're using a bunch of APs and want them to talk to each other, you'll use the software exactly once, then probably forget it exists.

    The ER-X though, yes that is quite a difficult device to configure. The best advice I can say is that in your case where you need to run the wizard is you absolutely have to do that first. I made similar mistakes where I was trying to use the wizard after configuring some things, and the wizard will wipe out all of your configuration, or otherwise break it beyond repair. Sounds like you've gone through the pain of getting it going. The good news is that having a config backup should hopefully mean you won't need to figure it out again. The big issue you had was putting in an AP after the fact. For $20 you could also just have bought a POE adapter and saved the hassle of re configuring it to use pass through.

    Glad you were able to get it all going. Now that it's up I probably wouldn't worry about messing with it, I've had one in service with an ER-X and pass through to an AC Lite going for years. It is generally hands off once it's configured. I've even been moved locations and it was just a matter of unplugging and plugging the cables back in.
     
    T4rd likes this.
  5. Grentz

    Grentz [H]ard as it Gets

    Messages:
    17,131
    Joined:
    May 5, 2006
    The Edge(Router) line is really designed for people that know networking well. They are extremely powerful devices, but not designed for ease of set up and configurations if you do not know networking. That said, if you do, it is significantly easier than say a Cisco IOS device.

    Unifi is a completely different family. It is designed to be controller based, whether that be the APs, Router, Switches, etc. One correction, you CAN direct configure a single AP with the mobile app and no controller (newer feature in the last few years), but that really is more of a temporary solution and not meant for full deployment. The controller can run on a Unifi Cloud Key Device, Server/Computer, Online Cloud Service, or the Unifi Dream Machine (which is an all in one Router/AP/Controller part of the Unifi family).

    It is definitely unique, but once you get to understand the topology and way it communicates, it is extremely powerful for the price point. It is far from a normal consumer solution though. If you want plug and play, the Ubiquiti Amplifi lineup is what you want.

    I run a couple dedicated controllers and manage Unifi across 20+ locations for clients. One of the awesome things is that you can actually deploy Unifi Devices to a normal network and have them speak over the internet to the internet facing controller without any VPN/site-to-site fanciness.
     
    T4rd likes this.
  6. T4rd

    T4rd [H]ard as it Gets

    Messages:
    16,872
    Joined:
    Apr 8, 2009
    Thanks for the replies, guys.

    I got the controller service figured out and running consistently on my PC, but I still hate that it's not ran on the AP or Edgerouter itself regardless of them being from different product lines.

    The only reason I got the Edgerouter was because it was recommended to me from the forum members in the thread I linked to in OP since it can combine my ISP connections and do load balancing. Had I known at the time I could have got a UniFi router or something (I assume? Haven't looked it up yet), I probably would have got that so I don't have to leave my PC running 24/7 just to manage the APs. Which I DO have to manage the APs constantly too because of another thing I wish the Edgerouter could do; block clients on demand and on a timed schedule. I like to restrict internet access to my kids whenever they're not listening and also at bed time, which I can do the former on the AP controller page, but no time scheduling that I see whatsoever on neither the Edgerouter or the AP controller. I can only block clients manually and it's not a very intuitive interface to do so at least on the mobile app; there's two different pages where you can only block on one and unblock on another for some reason. If any of you have a good solution to that that I may be missing too, I'm all ears.
     
  7. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    12,945
    Joined:
    Jun 13, 2003
    Unifi Security Gateways (USGs) are ass. They're slow, and if you turn on the features that make them unique like IPS, performance plummets.

    And that's for all of the accessibly priced units.

    Basically, aside from that neat -- but also fairly useless -- single pane of glass in the controller, which is not hosted on the USG, you're better off with an Edgerouter with more features on the device and better performance.


    My recommendation is simple: get a Pi 4, load up Pihole for your DNS filtering, and put the Unifi controller on it for your APs. Problem solved.
     
    T4rd likes this.
  8. EniGmA1987

    EniGmA1987 Limp Gawd

    Messages:
    259
    Joined:
    May 2, 2017
    Exactly the same as EdgeRouterX though no? Everyone talks about how you cant use any of the advanced features on them too and both units are identical hardware and just run different firmware.
    All the old models suck. You have to step up to the EdgeRouter4/USG-4 Pro before you get performance that can run advanced features without choking.
     
  9. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    12,945
    Joined:
    Jun 13, 2003
    Sort of? The ER-X is more flexible due to its different firmware. I'd still take it over a USG.

    These aren't the same thing: the Edgerouter 4 and a few newer models that share the same platform are significantly more powerful than the USG 4, which shouldn't have 'Pro' anywhere in its name. Or a place on the shelf, really.

    Ubiquiti has a new line of USGs coming, which have built-in controllers and 1Gbps IPS capability. Whenever those become available, they'll be the USG you actually want. Till then, use a cheap Edgerouter or whatever else.

    As standalone appliances, I will say that the Edgerouters are quite capable. Their terminal interfaces are very good, their web interfaces are effective, and the UNMS software which works similarly to the Unifi controller is nice, if limited to x86 Linux installs.
     
    EniGmA1987 and T4rd like this.
  10. T4rd

    T4rd [H]ard as it Gets

    Messages:
    16,872
    Joined:
    Apr 8, 2009
    This is exactly what I was thinking of doing. Thanks for reinforcing my idea and I shall do that.
     
    xx0xx and IdiotInCharge like this.
  11. jeremyshaw

    jeremyshaw [H]ardForum Junkie

    Messages:
    12,158
    Joined:
    Aug 26, 2009
    I use the iOS app for the AP controller.
     
  12. Vengance_01

    Vengance_01 [H]ardness Supreme

    Messages:
    5,879
    Joined:
    Dec 23, 2001
    you still need the controller software running somewhere for the app to connect to
     
  13. jeremyshaw

    jeremyshaw [H]ardForum Junkie

    Messages:
    12,158
    Joined:
    Aug 26, 2009
    I only used the application on my iPhone to setup my UniFi AP AC LR, without any other controller software running somewhere (unless if that controller was built into my EdgeRouter-X SFP or the AP itself).
     
  14. Machupo

    Machupo Gravity Tester

    Messages:
    5,001
    Joined:
    Nov 14, 2004
    You only really need the controller software to make config changes, so once you get it set the way you want you are good. Having a key or the software running is more interesting if you use the UI monitoring aspect.

    Now, doing firmware updates is a bit more of a PITA without a running key (especially if you have to re-adopt everything due to life happening, lol), but those are few and far between.

    I use a key mainly b/c i have one and i have a spare poe port. If I didn't, I probably wouldn't feel the need to expend the effort to use one.
     
    IdiotInCharge likes this.
  15. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    12,945
    Joined:
    Jun 13, 2003
    Yeah, for a single or small deployment, you can get away without a controller.

    However, when it comes to keeping track of everything, it's nice to have, and Raspberry Pis are cheap.