Adding a Ubiquity UniFi Access Point

tomashk

@NogBadTheBad said in Adding a Ubiquity UniFi Access Point:

Please don't install the controller on your pfSense box its a router not an appliance server.

I agree. It is OK to install it only if you like experiments :)

johnpoz

As experiment.. Sure he can do this in his "lab" <rolleyes>

I run my controller on VM on my NAS, it doesn't need much... You can run it on your main PC as well.. It runs on multiple OSes.. Windows, Mac, Linux..

They don't even support a BSD version... That is completely on you and not support by unifi, etc.

Buy one of their little key (usb stick computer) to run it on... Or yeah if all you want to do is setup the 1 AP, you can do that with their phone AP... There is zero reason to run it on your firewall!

occamsrazor

In addition to the docker options, which I personally found harder to maintain, if you happen to have a QNAP NAS there is a .qpkg package that is a one-click install and has proved very reliable for me.

johnpoz

Im not running it on docker, Im running in it full VM running on VMM, on a ubuntu server min install. But yes those are all valid places to run it - vs trying to shoehorn it on to your "firewall"

occamsrazor

I did look at the option of running it on pfSense when I first started. The attraction of running on the same device is appealing, until you look at the details. Everyone seems to agree that conceptually it is a bad idea, as well as likely being much harder to maintain and posing more risks. The thing about the controller is it doesn't need to be running 24/7 for the switches and access points to continue working, so it's fine to have it on a device that reboots occasionally, or you need to do other stuff with. pfSense on the other hand is critical for the running of my network and internet access, so I'd rather not take any risks messing up pfSense.
I've been running both the Unifi SDN controller and Unifi Video .qpkg packages on my QNAP NAS for a while and so far so good. Had no issues at all with the SDN controller. That said I am tempted by the Cloud Key Gen2 to perform these two functions....

stephenw10

I don't use them but as I understand it there are some functions that require the controller to be always on. Captive portal?

Of course you can just do that in pfSense anyway...

Steve

Grimson

If you have an unused Raspberry Pi you can use it for the controller just fine.

johnpoz

There are some features that want it to run all the time for yes.. The big one for me is information!!! Easy to see who is on, what AP they are connected too, how much bandwidth they are using.. History of such info, etc. etc

I blocked out part of my ssid names... It is possible to look up location based upon war driving db on where a specific SSID is, etc.

I just updated the AP to current beta firmware, which is why the connected times are no longer than a day, etc.

The controller provides a wealth of information, which can just be interesting or can be invaluable in troubleshooting an issue, etc. etc.

But sure the captive portal stuff could just be run on pfsense..

rawla

Is the port AP is connected to needs to have the native VLAN?

NogBadTheBad

@rawla

It used to, but I think you can used a tagged VLAN now.

Best check the Ubiquity forums.

tman222

I would strongly recommend keeping pfSense and the Unifi controller software separate (i.e. either on separate machines or at least in separate VM's). While I do use Ubiquiti AP's myself and have generally been pleased with their performance, I am not as impressed with the stability of the Unifi controller software. I used to run it on a Ubiquiti Cloud Key but have since upgraded and now run the controller on a Debian Linux VM on top of Proxmox. This works a lot better because it allows me to take regular snapshots of the VM to roll back to in any there are issues with an update.

You can see in this script here what is installed:

https://github.com/gozoinks/unifi-pfsense/tree/master/install-unifi

This adds quite a few extra packages to a stock pfSense install - again, I really recommend against doing this. Cloud keys aren't that expensive, and a VM to run the controller requires very few resources. The software controller software can also be run on a local machine and even in the cloud.

Hope this helps.

jdeloach

If you just have ONE Access Point and are not interested in all the charts, logs and graphs that is generated with the controller software, just use the Apple IOS app to install and setup the access point. Since the app is FREE, it's a lot cheaper than the Cloud Key and easier than configuring the controller software.

That's what I did and it works great. You can change IP addresses, update the firmware, etc all from the IOS app.