Unifi APs PPSK function
-
@mcury yeah see my edits maybe you missed my later ones? From my 30 second look at the ppsk settings in unifi controller - it seems to be only a partial implementation of all the features of ppsk.
I was under the impression when the ppsk stuff first started showing up that one of its features was the ability to tie to mac address, to prevent sharing of the psk between devices. I have not looked very deep into it though.
-
@johnpoz said in Unifi APs PPSK function:
But also have the ability to create one that allows the first mac to auth and puts them on vlan X or Y, etc. but then no other new macs may use that psk. Or the ability to limit to mac when setting the psk.
Unifi just recently enabled any sort of ppsk, so its possible it is not yet complete. But ppsk has been around for a few years in other wifi systems.
That would be pretty good indeed.
I think that they are just starting..@johnpoz said in Unifi APs PPSK function:
I was under the impression when the ppsk stuff first started showing up that one of its features was the ability to tie to mac address, to prevent sharing of the psk between devices. I have not looked very deep into it though.
Now, today, the only way of doing that in Unifi APs is with Radius and SQL (simultaneous-use).
-
@mcury so a quick google shows that omada (unifi clone/alternative) has the ability to tie ppsk to radius and also has the ability to set a mac on your ppsk.
https://www.tp-link.com/us/support/faq/3386/
From quick look at that article seems omada is ahead of unifi in implementation of ppsk for sure.
-
@johnpoz said in Unifi APs PPSK function:
From quick look at that article seems omada is ahead of unifi in implementation of ppsk for sure.
Hmm, that is interesting. I'm not familiar with Omada APs but now they are in my radar to check..
-
@mcury I took a look at their controller software a while back.. Some of the things I dislike about unifi they fixed a long time ago. For starters the ability to use your own ssl cert is much easier than the nonsense it is to change the ssl cert in unifi.
Also they support tls 1.3, while unifi is still using 1.2..
You can install it just like the unifi controller software and take a look without having to actually have omada AP..
If I was in the market for APs right now - I would for sure take a look at them..
-
@johnpoz said in Unifi APs PPSK function:
You can install it just like the unifi controller software and take a look without having to actually have omada AP..
If I was in the market for APs right now - I would for sure take a look at them..
I'm looking for a new AP right now, I'll definitely look at them.
Pretty nice, and they are cheaper than the Unifi ones.I'll take a look at their controller and options today, Saturday, just found something to do :)
-
@mcury said in Unifi APs PPSK function:
and they are cheaper than the Unifi ones.
There is that too.. A few months back when changing the ssl on my unifi controller.. I was like WTF have they not made this easier yet, and why is it still using tls 1.2, and I looked for a way to use tls 1.3..
I was like I wonder how omada does it.. Clicky Clicky install new ssl cert, and look at that out of the box using tls 1.3..
Another thing that blows my skirt up is their APs are using a very old version of ssh in dropbear
Hallway-BZ.6.6.38# ssh -V Dropbear v2020.81 Hallway-BZ.6.6.38#2022.83 is current..
Not sure what omada APs use - but come on unifi, you come out with new firmware for your APs all the time.. Update the basics..
The tls 1.3 thing really sort of ticks me off, I mean its been around since 2018, why does the controller not default to use it, and ok not default but there seems to be no way to use it.
-
@johnpoz said in Unifi APs PPSK function:
The tls 1.3 thing really sort of ticks me off, I mean its been around since 2018, why does the controller not default to use it, and ok not default but there seems to be no way to use it.
It is not only that, mongodb version is EOL too.
They have the hardware but their software side could be improved, and by a lot.I recently checked their USW Enterprise PoE switch for the L3 features, and I found this same problem, software side is not there yet..
Edit: But the switch is so good, I mean, 8 2.5Gbps ports with PoE+, two 10Gbps SFP+..
If you get it for L2 only, it will be one hell of a switch to use.. -
@mcury said in Unifi APs PPSK function:
mongodb version is EOL too.
I thought I manually updated mine at some point.. Let me check real quick..
user@NewUC:~$ mongod --version db version v3.6.8 git version: 8e540c0b6db93ce994cc548f000900bdc740f80a OpenSSL version: OpenSSL 1.1.1f 31 Mar 2020 allocator: tcmalloc modules: none build environment: distarch: x86_64 target_arch: x86_64 user@NewUC:~$Yeah that is way EOL ;)
-
@johnpoz said in Unifi APs PPSK function:
Yeah that is way EOL ;)
They have the budget to work on that side, but they don't..
Really don't know why.Perhaps that now Omada is taking the edge, the market will push them to work on that front, lets see.
-
@mcury so quick look at what version of mongodb for omada and it says v4, which I would hope means you could be running 4.4 which is good until early 2024 at least ;)
-
@johnpoz said in Unifi APs PPSK function:
it says v4, which I would hope means you could be running 4.4 which is good until early 2024 at least ;)
One more reason to go for Omada APs..
Today I'll check their controller and their APs line, perhaps take a look at their switches too.
I need a better coverage here in my house and since my house is my lab, that will give more options to use in some customers, which is always good. -
@mcury looking at some install instructions - shows installing mongo 6.. So I take it will work with current versions, etc.
I show the eap 670 for 140$ on amazon.. Hmmmm? Maybe I should get one to play with ;)
-
@johnpoz said in Unifi APs PPSK function:
I show the eap 670 for 140$ on amazon.. Hmmmm? Maybe I should get one to play with ;)
I'll probably get one in the following weeks :)
I just need a little more research about it, check for prices and things like that..Perhaps sell my nanoHD and go for an Omada environment here.. I mean, two controllers wouldn't be a good thing to have, even so with different mongodb versions..
Edit: Raspberry PI 5 just released, Cortex A76 - ARMv8.2-A 64-bit, it will work with Mongodb v5 and above.
The timing couldn't be better huh ? -
There is something in Unifi that Omada doesn't have.. LTS support, I think that this is enough for me to choose Unifi instead of Omada..
-
@mcury I had to roll back the .41 firmware yesterday.. And they pulled it - was causing issues with auth.. First time I have had to rollback a beta firmware in a long time to be honest.
The price of the eap670 is pretty freaking attractive compared to the unifi devices.
-
@johnpoz said in Unifi APs PPSK function:
I had to roll back the .41 firmware yesterday.. And they pulled it - was causing issues with auth.. First time I have had to rollback a beta firmware in a long time to be honest.
They pulled for the gen2 APs only, I have here a nanoHD that is working fine with that release, gen4 ap..
@johnpoz said in Unifi APs PPSK function:
The price of the eap670 is pretty freaking attractive compared to the unifi devices.
Yes, this is why I'm so attracted to those.. Low budget, very good options and a powerful AP is indeed a very good side of it..
-
@mcury I have gen 2 devices.. Pro, Lite and LR.. I do have a flexHD but its not currently being used. I had gotten for my sons house where it made sense with where he wanted to put it.. But I have no place to put it that makes sense.
-
@johnpoz I'm now going to buy a 30 meters cat5e cable, to pass through the walls..
Mannn, I don't want to do it heheheheh, I hate passing cables..I want a better coverage at the other side of my house.
I have been delaying this for ever
-
@mcury I ran cables for my APs long time ago.. While its a pain, it should really only ever have to be done once.. And then your good to go..
Once you get it done, you will be glad you did it.. While I do have some new phones and tablet that support new wifi 6 (ax).. None of my other wifi stuff does, and my internet is only 500 down anyway. Which my current APs do without any problem. So upgrading my APs doesn't make a lot of sense at this time - other than something new to play with. I don't do any moving of files over wifi anyway.. So don't really have need for anything faster on my wifi at this time.. AC is more than sufficient..
But if one of mine went out - I would prob go the with omada and just change out all 3 of mine..