Optimize Your Network: https://help.ui.com/hc/en-us/articles/360012947634-UniFi-Network-Optimizing-Wireless-Speeds

User Guide: http://dl.ubnt.com/guides/UniFi/UniFi_Controller_V4_UG.pdf

Web Site: http://www.ubnt.com/unifi

Wiki: http://wiki.ubnt.com/UniFi

KnowledgeBase: http://community.ubnt.com/t5/tkb/communitypage

Blogs: https://community.ubnt.com/t5/custom/page/page-id/Blogs

Videos: http://www.youtube.com/results?search_query=unifi

Unifi is a controller-based wireless networking platform:

• Cost-effective
• Software controller (free)
• Various APs
  • Indoor
  • Outdoor
  • 2.4GHz and 5GHz
  • Single and dual radio
• Controller can be local or cloud based
• Multiple sites supported
  • Version 3.0+
• Integrated billing system available

Server Prep

Unifi Controller seems to be easy to install, run and update under Docker. See below.

https://pimylifeup.com/ubuntu-unifi-controller/

This is for a minimal Ubuntu 22.04 LTS Server with 2 vCPU, 2GB RAM and a 20GB vHD.

apt install curl haveged gpg openjdk-8-jre-headless

# This library is not in the default repos
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4_amd64.deb
dpkg -i ./libssl1.1_1.1.0g-2ubuntu4_amd64.deb
rm -f libssl1.1_1.1.0g-2ubuntu4_amd64.deb

curl https://dl.ui.com/unifi/unifi-repo.gpg | sudo tee /usr/share/keyrings/ubiquiti-archive-keyring.gpg > /dev/null

echo 'deb [signed-by=/usr/share/keyrings/ubiquiti-archive-keyring.gpg] https://www.ui.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list > /dev/null

curl https://pgp.mongodb.com/server-3.6.asc | gpg --dearmor | tee /usr/share/keyrings/mongodb-org-server-3.6-archive-keyring.gpg > /dev/null

echo 'deb [signed-by=/usr/share/keyrings/mongodb-org-server-3.6-archive-keyring.gpg] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/3.6 multiverse' | tee /etc/apt/sources.list.d/mongodb-org-3.6.list > /dev/null

apt update && apt install -y mongodb-org-server && systemctl enable mongod && systemctl start mongod

apt install unifi -y

ufw allow 22/tcp
ufw allow 8080/tcp
ufw allow 8443/tcp
ufw allow 8880/tcp
ufw allow 8843/tcp
ufw allow 3478/udp

ufw --force enable

ufw status numbered

https://ip.of.controller:8443

Once an AP is managed, you configure the SSH username and password for the APs using the web interface.

Be aware that under Settings → Networks → Edit you will find a DHCP Server enabled.

Select the site → Settings → Site

• Site Name
• Country
• Time Zone
• Device Authentication

Select the site → Settings → Wireless Networks

• Name/SSID
• Enabled
• Security → WPA2
• Security Key

• Log into Unifi Controller and select correct client/site
• Bottom left select settings
• Select Wireless Networks
• Click Edit
• Click in Security Key field to expose the current password

Perform as part of installation or during scheduled down-time. An RF Scan will disconnect all users.

Re-provisioning after changing settings will disconnect all users.

Available on newer 802.11ac APs.

https://youtu.be/Vi_6YvQ4tNg

Unifi Controller → Devices → <AP> → Tools → RF Environment → Scan

Simple guest access uses single DHCP server and restricts access to Internet only.

• To restrict bandwidth of guests, create a “Guests” User Group
  • Unifi → Settings → User Groups
  • Set bandwidth restrictions
• Create and enable a Wireless Network
  • Unifi → Settings → Wireless Networks
  • Set SSID
  • Set Security authentication protocol to WPA Personal
  • Assign your desired Security Key
• Tick Apply Guest Policy option
  • Restricts guest access to Internet only
• Under Advanced Options
  • Select the User Group you created previously
  • Deselect Block LAN to WLAN Multicast and Broadcast Data to permit DHCP

Click in Security Key field to expose the current password.

Add an end-user (site) administrator:

• Unifi → <site> → Settings → Admins → Create New Admin
• Enter Users email and Users first name (first name is used for greeting in invite email)
• Select Role, read only or Admin
• Click Invite

End user will receive and email with a link that will allow them to select a password and login name.

http://wiki.ubnt.com/UniFi_FAQ#L3_.28Layer_3.29_Management

http://www.youtube.com/watch?v=y5tkToD_nds

1. Install AP
2. Configure networking to controller (Internet, DHCP)
3. Determine IP address of the AP (DHCP log)
4. SSH into the AP
5. Default configuration
6. Drop into mca-cli
7. Set inform URL to cloud controller
8. Adopt the AP at the controller (after selecting site and configuring map)
9. Reset the Inform URL again at the AP
10. Controller should show the AP as Connected

gcooper@snoopy:~$ ssh -l ubnt 192.168.0.72
ubnt@192.168.0.72's password: 


BusyBox v1.11.2 (2013-03-22 03:26:44 PDT) built-in shell (ash)
Enter 'help' for a list of built-in commands.

BZ.v2.4.1# help
UniFi Command Line Interface - Ubiquiti Networks

   info                      disaplay AP information
   set-default               restore to factory default
   set-inform <inform_url>   attempt inform URL (e.g. set-inform http://192.168.0.8:8080/inform)
   upgrade <firmware_url>    upgrade firmware (e.g. upgrade http://192.168.0.8/unifi_fw.bin)
   reboot                    reboot the AP

BZ.v2.4.1# info

Model:       UniFi_AP-AC
Version:     2.4.1.2004
MAC Address: dc:9f:db:fc:0e:a1
IP Address:  192.168.0.72
Uptime:      3096 seconds

Status:      Unable to resolve (http://unifi:8080/inform)

BZ.v2.4.1# syswrapper.sh restore-default

BZ.v2.4.1# mca-cli

UniFi# set-inform http://"ip or url of unifi controller":8080/inform 

Adoption request sent to 'http://"ip or url of unifi controller":8080/inform'.
 
1. please adopt it on the controller
2. issue the set-inform command again
3. <inform_url> will be saved after device is successfully managed

Adopt the AP at the controller. Go to the site that you want the device in and click Devices. The device should show. Click the Adopt option to the right. After the device comes back online SSH and re-run the inform command.

BZ.v2.4.1# mca-cli

UniFi# set-inform http://"ip or url of unifi controller":8080/inform

Adoption request sent to 'http://"ip or url of unifi controller":8080/inform'.
 
1. please adopt it on the controller
2. issue the set-inform command again
3. <inform_url> will be saved after device is successfully managed

After the AP is adopted at the controller, SSH into it using the same credentials specified at the controller.

The password is configurable via the controller at Settings → Site → Device Password. If you change the password and click apply, it will reboot and provision the APs.

1. You must ssh into the AP. Use login/pass specified in the controller
2. Default the AP using set-default
3. Let the unit disconnect (it will take a few minutes) from the controller.
4. SSH back into the AP (using ubnt ubnt for login/pass).
5. Set inform url with set-inform. The AP will reconnect.

The set-default command does not change some of the settings. A wireless uplink configured AP reconnected to the controller after changing the inform url and being disconnected from the wired connection without any reconfiguration.

http://wiki.ubnt.com/UniFi_and_switch_VLAN_configuration

http://wiki.ubnt.com/UniFi_FAQ#Wireless_Uplink

http://www.youtube.com/watch?v=oA6m0P-NDnA

http://community.ubnt.com/t5/UniFi-Configuration-Examples/UniFi-Set-up-UAPs-in-wireless-uplink-topology/ta-p/529779

Switch -----(wired)----- Uplink AP (((((wireless))))) Island AP

http://community.ubnt.com/t5/UniFi-Wireless/Your-own-SSL-key-and-cert/m-p/862990#M64454

https://help.ubnt.com/hc/en-us/articles/204911354-UniFi-Set-traffic-bandwidth-limits

• To impose limits on bandwidth used at the WAN interface, you should consider traffic-shaping policies at the gateway
• Limits are applied at the UAP
• Layer-2 traffic shaping policies can be applied for either:
  • Groups - SSID, VLAN
    • Can be applied automatically as users join a particular WLAN when configured at the WLAN itself
  • Individuals - Individual WLAN clients

If you have an AP showing as Disconnected in the console, try this:

1. Log into the problem AP using SSH
   1. The username and password are at Unifi Controller Console → Settings → Device Authentication
2. Issue the inform command twice in quick succession
   1. set-inform http://unifi.virtualarchitects.com:8080/inform
   2. The AP will reboot and show as Connected

If wireless clients connect but do not have network access for example NLA shows unidentified:

1. Disable the uplink connectivity monitor. (Disable this if not using wireless uplink) System → Uplink Connectivity Monitor
2. Enable the Multicast Enhancement. WIFI → SSID → Advanced
3. Enable Fast Roaming. WIFI → SSID → Advanced → Enable Fast Roaming

Unifi Controller seems to be easy to install, run and update under Docker.

version: "2.1"
services:
  unifi-controller:
    image: lscr.io/linuxserver/unifi-controller:latest
    container_name: unifi-controller
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Arizona/Phoenix
      - MEM_LIMIT=1024 #optional
      - MEM_STARTUP=1024 #optional
    volumes:
      - /root/docker/unifi/config:/config
    networks:
      - unifi-net
    ports:
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
      - 8080:8080
#      - 1900:1900/udp #optional
#      - 8843:8843 #optional
#      - 8880:8880 #optional
#      - 6789:6789 #optional
#      - 5514:5514/udp #optional
    healthcheck:
      test: curl --fail -k https://localhost:8443/ || exit 1
      interval: 5m
      timeout: 15s
    restart: unless-stopped

networks:
  unifi-net:
    name: unifi-net