Академический Документы
Профессиональный Документы
Культура Документы
1 Student Labs
Updated 2017.04.07
ONLY FOR AUTHORIZED PRINTING; NO PDF SHARING
Note to Student: Unless otherwise stated, disable all other network adapters (including Wi-Fi) on
your laptop except the Ethernet adapter, which will be used throughout the lab activities. At the
conclusion of this lab, you should have full Internet connectivity.
Note to Student: Also make sure that you have disabled any software firewalls (e.g., Windows
Firewall, AV Firewall) for the duration of the training course.
2. Configure the Ethernet adapter on your laptop with the following static IP settings:
- IP Address: 192.168.1.(200+X) (where X = your student number)
- Subnet Mask: 255.255.255.0
Note to Student: You will temporarily assign this IP address to your laptop in order to
configure your airMAX-ac radio, then restore DHCP configuration to your laptop network
settings.
Note to Student: All airMAX devices feature a Reset button to restore to factory
default settings. While powered on, perform a runtime reset by pressing and holding the
Reset button for about 15 seconds, until the Ethernet LED turns off.
Note to Student: After 60 seconds of releasing the Reset button, your airMAX radio will
return to its default IP address of 192.168.1.20.
3. Open a web browser and navigate to 192.168.1.20. Log into your airMAX radio web GUI
using the default username / password (ubnt / ubnt), agree to the terms and conditions,
and make sure that correct country code is selected for your class.
Note to Student: It is important that your radio’s country code matches the country code
of the Trainer Radio, since the available frequencies are based on this characteristic.
4. Navigate to the Wireless Tab and make the following changes (but do not click SAVE
CHANGES yet):
– Wireless Mode: Station-PTMP
– SSID: ubnt-class-link
– Output Power: 1 dBm
– Security: ubntrocks (WPA2)
5. Navigate to the Network Tab and make the following changes (but do not click SAVE
CHANGES yet):
– Network Mode: Bridge
– Configuration Mode: Advanced
1
6. While still on the Network tab under the “VLAN Network” section, click “Add”.
Then begin configuring the Student VLAN network (but do not click SAVE CHANGES
yet):
– Enabled
– Interface: WLAN0
– VLAN ID: X0 (where X = your student number; for example student 9 = 90)
– Comment: MGMT VLAN X0 (where X = your student number; for example student 12
= 120)
2
Note to Student: Your Management VLAN network will now appear under the listed
VLAN Networks.
7. While still on the Network tab, under the Bridge Network section click for the
interface BRIDGE0 and make the following changes (but do not click SAVE CHANGES
yet):
– Enabled
– STP: Disabled
– Available Ports: LAN0 (Remove from “Selected Ports”)
– Selected Ports: WLAN0
– Comment: Removed LAN0 from the existing Bridge interface.
3
8. While still on the Network tab, under the Bridge Network section, make the following
changes (but do not click SAVE CHANGES yet):
4
Note to Student: After you have removed LAN0 from the existing BRIDGE0 interface,
and created the new BRIDGE1 interface with LAN0 & WLAN0.X0 (your Student VLAN),
the Bridge Interfaces should populate according to the following screen:
9. While still on the Network tab, make the following changes (but do not click Save
Changes yet):
– Management Interface: BRIDGE1
– Management IP Address: DHCP
– DHCP Fallback IP: 192.168.1.(100+X)
5
Note to Student: With these network settings, your airMAX-ac radio will receive a
DHCP-assigned IP address from the DHCP pools for each Student MGMT network,
10.X.0.0/24.
10. Navigate to the System tab and make the following changes:
– Device Name: student-X-radio (where X = your Student number)
– Username: student-X (where X = Student Number)
– Password: ubnt1234ubnt (changed from default password ubnt)
11. Finally, click SAVE CHANGES in the bottom right corner of the web GUI to apply the
changes.
6
Note to Student: You will lose access to your airMAX-ac radio web GUI until your final
topology is configured. However, wait for your airMAX-ac radio to reboot and
re-associate with the Trainer Radio. If your airMAX-ac radio is properly configured, the
Ethernet LED should begin to glow.
12. Return to your Laptop network settings and set the IP of your laptop to the following
address:
- IP Address: 10.X.0.2 (where X = your student number)
- Subnet Mask: 255.255.255.0
- Router/Gateway: 10.X.0.1
- DNS/Name Server: 10.X.0.1
Note to Student: You are assigning a static IP address to your laptop so you know the
exact web address on which your UniFi Controller will run, after installation in the next
lab activity (https://10.X.0.2:8443).
Note to Student: Your trainer will provide you with the necessary files for the course (via USB,
via Internet, etc.).
Note to Student: If you already have the UniFi Controller software installed with live sites
configured, create a backup file called “base-config.unf” before completely removing the UniFi
software from your laptop (so that you can restore the backup after performing the lab activities
in this class).
Note to Student: If using Mac OS, you will also need to delete the /Application Support/UniFi
folder.
Note to Student: Rather than wait for the UniFi software to download from the Internet,
7
your Trainer can provide you with the installer file.
4. Open the UniFi software, then click Launch Browser to Manage the Network.
Note to Student: The default directory of the UniFi software bundle follows below,
according to Operating System:
8
Note to Student: The UniFi Controller is web-based server software, which runs in the
background and can be accessed via any web browser (optimized for Google Chrome &
Mozilla Firefox).
Note to Student: Because the UniFi Controller runs locally on your laptop, you can now
access the Controller software via your web browser on any related network address
belonging to the Controller (e.g., https://10.X.0.2:8443/; https://localhost:8443/)
5. Upon launching your web browser, a warning will appear, informing that the UniFi Web
Server (on its hostname, FQDN, or IP) is not trusted—click Advanced, then click
Proceed.
9
Note to Student: The UniFi Controller uses HTTPS for secure web connections, meaning
that your browser will check for valid certificates while connecting to the UniFi web
server software. While there’s no risk to the user with the default Controller, you can use
SSL certificates to avoid this error (see appendix).
10
Note to Student: Your UAP should appear with an IP address from your MGMT DHCP Pool,
10.X.0.0/24 (where X = your Student number). Click the checkbox to ensure your UAP is
adopted & configured at the conclusion of the Setup Wizard.
Note to Student: Assign a primary WLAN with the name “S.0X-WLAN” (where X = your Student
number) and the passkey “ubntrocks” (for example, Student 1 = S.01-WLAN, Student 13 =
S.13-WLAN).
11
Note to Student: Assign the admin username “student-X” and password “ubnt1234ubnt” to log in
and begin using the UniFi Controller software, as well as your email address.
Note to Student: Review the settings, then click Finish to complete the Setup Wizard.
7. Skip the “Cloud Access” step during the Setup Wizard process.
12
Note to Student: You will configure the Cloud account later in the UEWA course.
8. After typing the “student-X” username and “ubnt1234ubnt” password you created during
during Setup Wizard, click SIGN IN.
Note to Student: The Controller Admin Username / Password is separate from the
WLAN Passkey you configured during the Setup Wizard.
13
9. Once logged in, select Preferences, change the Refresh Rate to 15 seconds.
Note to Student: The Refresh Rate cycles the reported data by the UniFi Controller,
including statistics, device status, and user traffic.
10. Click the Devices tab, then, if necessary, proceed to “Upgrade” your UAP to the latest
version.
Note to Student: If the Upgrade text/icon does not appear, then your device is running
the latest version supported by the UniFi Controller.
14
Note to Student: After your UAP is upgraded, it will temporarily reboot, then return to its
“Connected” state.
11. Click Settings in the bottom-left corner of the GUI to review that the following Site
settings are correct:
- Country: Your Country (until further instructions)
- Timezone: UEWA Class Timezone
- Username: student-X
- Password: ubnt1234ubnt
Note to Student: The username/password here will match the username/password of the
controller, originally. Changing the username/password here will affect the device
credentials for SSH and Adoption, but NOT the Controller credentials, which are
changed under the Admins settings.
12. Still in the Site settings, under SERVICES, check the box to Enable Advanced Features.
15
Note to Student: Advanced features (e.g., Load Balancing, Minimum RSSI) are disabled
by default. When improperly configured, the Advanced features can cause widespread
connectivity problems for WLAN clients. Make sure you fully understand the
implementation, limits, and effect before enabling and configuring Advanced features in
real-world deployments.
13. While still under the Settings tab, under Maintenance, click DOWNLOAD BACKUP to
create a backup file of the UniFi Controller, then name it “student-X-default.unf”
(where X = your Student number).
Note to Student: Be sure to create a backup file so that you can restore your original
UniFi Controller after different lab activities to restore desired settings.
16
2. The UniFi Controller can manage thousands of UniFi devices, regardless of their
physical location. T / F
3. A WLAN Controller is installed and configured on the UAP itself. T / F
4. All Ubiquiti products are backed by a 1-year manufacturer warranty. T / F
5. What to check in case UniFi Controller fails to load?
6. When/where can you restore a previous backup during the UniFi Setup Wizard?
7. Is the UniFi Controller required to be running for UAPs to service clients?
8. What methods does the Controller use to upgrade UAPs?
9. In general, the 5 GHz spectrum is more flexible due to greater channel availability. T / F
10. Larger bandwidths (VHT80, HT40) allow for potentially greater throughput and farther
range. T / F
11. Assuming all other variables remain constant, 2.4 GHz channels 1 and 11 interfere less
with each other than 2.4 GHz channels 1 and 6. T / F
12. 802.11 wireless protocol is based on CSMA/CD (Collision Detection). T / F
13. Wireless networks are based on a listen first, then talk design. T / F
14. Draw a picture explaining the hidden node problem.
1. Return to the UniFi Controller in your web browser, under Devices tab, then click your
UAP to open the “PROPERTIES” panel.
2. Click Configuration in the device “PROPERTIES” panel, then click Radios to write down
the available 2G/5G “Channels” configurable to your UAP for the selected Country you
configured at time of under Settings >> Site. Leave Channel set to “Auto” in the
meantime.
17
Note to Student: You are writing down the available channels when United States is the
selected Country under Site settings.
- 2G Channels: _________________________________________________
- 5G Channels: _________________________________________________
Note to Student: With Auto s elected, your UAP will automatically choose the best
wireless channel for each radio every time the UAP reboots. The UAP determines the
best channel based on Interference Levels and Channel Utilization % (more on these
topics later).
18
3. For now, apply the following channel assignments to your UAP radios:
2G 1 6 11
4. Click Queue Changes at the bottom of the device “PROPERTIES” panel, then click
PENDING CHANGE at the top of the device “PROPERTIES” panel, then click Apply.
Note to Student: Your UAP will temporarily provision with the new settings, then reboot.
5. Return to the Details tab under the “Properties” panel of your UAP to review the Radio
settings for both 2G & 5G radios—then write down the “Transmit Power” and “Channels”
below.
19
- 2G Channel: ______
- 5G Channel: ______
Note to Student: The EIRP value represents the combined Antenna Gain (fixed for all
UAP-AC models except UAP-AC-M) + Transmit Power level (adjustable) of your UAP.
To figure out the Transmit Power level (in dBm), subtract the Antenna Gain level (dBi),
which for 2G & 5G = 3 dBi.
20
Note to Student: EIRP = 4 dBm, then the actual Transmit Power level = 1 dBm (4 dBm -
3 dBi = TX Power)
Note to Student: Decibels represent power ratios. “dBm” represents “decibels over
milliwatts”, where 0 dBm = 1 mW. Each time you add 3 dBm of power, you double the
milliwatts.
6. Next, set the Transmit Power to “Low” for both the 2G & 5G radios.
7. Click Queue Changes at the bottom of the device “PROPERTIES” panel, then click
PENDING CHANGE at the top of the device “PROPERTIES” panel, then click Apply.
21
Note to Student: Your UAP will temporarily provision with the new settings, then reboot.
8. Return to the Details tab under the “Properties” panel of your UAP to review the Radio
settings for both 2G & 5G radios—then write down the “Transmit Power” and “Channels”
below.
- 2G Channel: ______
- 5G Channel: ______
22
Note to Student: The EIRP value represents the combined Antenna Gain (fixed for all
UAP-AC models except UAP-AC-M) + Transmit Power level (adjustable) of your UAP.
To figure out the Transmit Power level (in dBm), subtract the Antenna Gain level (dBi),
which for 2G & 5G = 3 dBi.
Note to Student: EIRP = 4 dBm, then the actual Transmit Power level = 1 dBm (4 dBm -
3 dBi = TX Power)
Note to Student: Decibels represent power ratios. “dBm” represents “decibels over
milliwatts”, where 0 dBm = 1 mW. Each time you add 3 dBm of power, you double the
milliwatts.
23
If...3 dBm + 3 = 6 dBm
Then...(2 mW x 2 = 4 mW)
Therefore...6 dBm = 4 mW
59 29 -64 -93
10 -80
8 -93
17 -93
85 -85
32 -87
99 -83
24
and two 802.11ac 3x3. Use the file UBNT_WLAN_Planning_Sheets in the Student Lab
Materials and fill in the missing information on the sheet Estimate_Throughput.
Client 802.11 Streams Signal % SNR (dB) Data Rate Airtime % Throughput
Version (Mbps) (Mbps)
1 N 1x1 99 10
2 N 2x2 25 10
3 N 2x2 50 10
4 N 2x2 75 10
5 N 2x2 99 10
6 AC 2x2 33 10
7 AC 2x2 66 10
8 AC 2x2 99 10
9 AC 3x3 50 10
10 AC 3x3 99 10
Aggregate 100
Req. Number of Dual-Band UAPs Req. Bandwidth per Radio Avg. Clients per Radio
1. Return to the UniFi Controller in your web browser, under Map tab, then click Configure
Maps to see the available maps for the UniFi site, then check that the “Sample” map is
selected.
25
Note to Student: By default, new UniFi sites use the “Sample” map, a sample, single
floor plan schematic. For multi-floor sites, use the Configure Maps tool to add floorplans
for each floor of the site.
2. Click Unplaced Devices to list your UAP, then drag it to the “Sample” map.
Note to Student: Any adopted, unplaced UniFi devices will appear in this list.
3. After dragging to the map, click the Gears icon to open the “PROPERTIES” panel for
your UAP, then click the Locate icon to identify your UniFi device (the LED will flash &
the map will center on the UAP). Then click Locate again and the LED will stop flashing.
Note to Student: The “Locate” feature is useful for identifying a UniFi device among man
managed devices in the UniFi network. For example, on the Devices tab of a busy UniFi
site, click the “Locate” button to find the most populous UAPs, then make configuration
changes to improve user load-balancing & performance of the WLAN.
4. Click Configuration, then enter the name “S.X-UAP” (where X = your Student number),
then click SAVE.
26
Note to Student: By default, UniFi devices use their MAC Address as the name. The
MAC Address for your UAP is written on a label on its backside, which is useful in case
you need an absolute way to identify your device among other devices of the same
model.
5. Click the “Details”, “Coverage”, and “Topology” buttons to see details about your UAP,
including the “2G Coverage” area, then click “5G Coverage” to see the cell size at 5 GHz
of your UAP.
Note to Student: The Coverage areas relate the size of the wireless cell based on 1)
EIRP, 2) “Receiver Sensitivity”, and, 3) Map Scale.
6. To properly scale Coverage area to the respective map size, click the Map Scale icon,
draw a 10m line on the map, then click SET SCALE.
27
7. Click the 5G Coverage button to see the new 5 GHz coverage area of your UAP based
on the new Map Scale.
8. Next, reduce the “Receiver Sensitivity” level (dBm) to -86 to see the extent of the cell
where typical clients may see the “Signal” level, -86 dBm.
9. Click the “Gears” icon to return to the “PROPERTIES” tab for your UAP, then under
Details, write down its IP Address:
28
– IP Address: ________________
Note to Student: Your UAP should receive a DHCP address from the trainer USG in your
Student MGMT Network IP Range, 10.X.0.0/24 (where X = your Student number).
2. Input details for the UEWA training site on the Network Planning page before clicking
“Calculate”.
29
Note to Student: Consider the maximum number of Wireless Stations, that is, the peak
number of concurrent devices on the WLAN. To better ensure Wireless Throughput /
Bandwidth requirements are met, apply User Groups at time of WLAN configuration
(more on this later).
Note to Student: The Bill of Materials produced by the UniFi Planner Simulator is a
generic estimate based on the inputted values on the previous page, and does not take
into consideration the unique site requirements that you as the Network Administrator
should consider.
Note to Student: US Customers can order UniFi & other Ubiquiti products via the online
Ubiquiti Store.
1. Return to the UniFi Controller in your web browser, under Devices tab, then click your
UAP to open the “PROPERTIES” panel.
30
2. Click Details in the device “PROPERTIES” panel, then click Radio Environment to review
previous “RF Scan” data.
Note to Student: Since your UAP is newly adopted, no “RF Scan” data has been
collected yet. Click RF Scan to begin a Spectral Analysis of the 2G and 5G radio bands,
then click CONFIRM.
Note to Student: While performing an “RF Scan”, your UAP will cease all WLAN
connections, cycling through each WLAN channel it scans. After about 5 minutes, your
UAP will resume WLAN connections, allowing clients to reconnect. For this reason, your
UniFi Controller should remain connected via Ethernet to UAPs in your network, unless
31
the UAPs are wirelessly uplinked to the network (more on “Wireless Uplink” later).
3. Based on the results of the “RF Scan” for both 2G & 5G bands of your UAP, answer
which 20/40/80* MHz Channels had the Highest Utilization %:
Note to Student: Utilization (%) relates to the Clear Channel Assessment mechanism,
where 0% means the channel is completely unoccupied; 99%, occupied all the time. For
example, if the the channel is occupied 68% of the time, then it remains available 32% of
the time.
Note to Student: Interference (dBm, a power ratio) can come from a variety of sources of
noise, including Thermal Noise (i.e., background), Receiver (RX) Operation, EMI, and
most notably, Competing, In-Band Signals (i.e., Wi-Fi).
- Utilization: ______%
- Utilization: ______%
- Utilization: ______%
- Utilization: ______%
- Utilization: ______%
33
Lab 4.4 - Client WLAN Software
In this lab activity, you will experiment with 3rd party WLAN scanning software, useful for giving
spectral analysis from the perspective of your client devices (ex. laptops, tablets, cellphones).
Note to Student: Nearly all Client WLAN Scanning software perform the same function—that is,
show signals, SSIDs and channels for all nearby wireless networks. iOS & Android users can
search the App Store & Android Store for free/paid software.
1. Windows users can freely install & run the software provided by the trainer to begin
scanning nearby wireless networks.
<wlan_analysis_sw>
2. Mac users can hold the Option key, then click the Wi-Fi icon, to show quick, detailed info
about nearby WLANs.
34
Lab 4.5 - Band-Steering & Minimum RSSI
In this lab activity, you will test your UAP’s Band-Steering & Minimum RSSI features with your
laptop and/or mobile device. The lab assumes that your client devices has dual-band radio
capabilities and can therefore, switch to 2G after the 5G radio kicks it via the Minimum RSSI
feature.
Note to Student: Some client devices may resist AP-assisted Band-Steering, so the results of
UniFi Band-Steering may be more readily apparent in large production environments. For more
information, consult the UniFi User Guide, available on the Downloads section
(ubnt.com/downloads).
1. Return to the UniFi Controller in your web browser, under “Devices” tab, then click your
UAP to open the “PROPERTIES” panel.
35
2. Click Configuration in the device “PROPERTIES” panel, then click Radios, then enable
“Minimum RSSI” for your 5G radio, and set it to -75 dBm.
Note to Student: Although some mobile devices will automatically give preference to &
associate with 5G WLANs (over 2G), Band-Steering may be required to ensure the
“S.X-WLAN” to which your mobile devices connects is in fact, 5G.
3. Click QUEUE CHANGES at the bottom of the “PROPERTIES” panel, but do not yet
Apply the changes, since you will enable Band-Steering in the next step.
36
4. While still under Configuration of the device “PROPERTIES” panel, click BAND
STEERING, then select “Prefer 5G”, then click QUEUE CHANGES before clicking
APPLY CHANGES at the bottom of the “PROPERTIES” panel.
Note to Student: Your UAP will temporarily provision with the new settings, then reboot.
5. Return to the Details tab under the “PROPERTIES” panel of your UAP to review
information about connected Users.
6. With your mobile device (not the laptop, since the Controller should remain connected
without disruption to your UAP for reporting reasons), connect to “S.X-WLAN” (where X
= your Student number).
37
Note to Student: Assuming 5G is allowed in your mobile device is dual-band, it should
appear under the appear under one of the 5G, “11ac” channels.
7. Wait one minute, then move away from the UAP with your mobile device until the signal
drops below the Minimum RSSI threshold of -75 dBm, at which point, your device
should disconnect & re-associate with 2G radio.
Note to Student: If your mobile device has associated with another SSID previously, it’s
possible that it will instead re-connect to this WLAN instead of the 2G “S.X-WLAN”.
Note to Student: For User-assisted Band-steering, you can append the "-5G" name
to the SSID via the Override function. This is particularly useful in static WLAN
environments, like offices, where users are familiar with the day-to-day WLAN and
can make an informed decision based on past/present experience.
1. Dual-band UAPs must have the same Minimum RSSI settings on both radios (2G and
5G). T/F
2. Too strict of a Minimum RSSI setting can cause clients to frequently disconnect from the
WLAN. T/F
3. 802.11ac supports only 2G networks. T/F
4. How can too much overlap cause problems for a WLAN? Too little overlap?
5. Under what circumstances would two (or more) UAPs be hidden nodes to each other?
38
Note to Student: At the conclusion of the Lab, keep the SSH session open, since you will use
the SSH protocol in the next lab.
1. Windows users should visit putty.org to download the latest SSH/Telnet software app
(free). Mac/Linux users can use their Terminal app (Utilities folder) for its SSH client.
Note to Student: Rather than wait for the UniFi software to download from the Internet,
your Trainer can provide you with the PuTTY.exe file.
2. Open your SSH client and connect to your UAP on its IP address, using the username &
password ‘student-X/ubnt1234ubnt’.
Note to Student: Logging in via SSH requires you know the Username & Password of
the UniFi device, listed under SETTINGS >> SITE >> Device Authentication. For default
sites, the Username & Password match the initial login credentials of the Controller.
However, new sites use a random string of characters for the new password. For live
production sites, it’s highly recommended that you change the Username & Password.
39
3. Connect via SSH to your UAP on its IP address, providing the Username & Password
‘student-X / ubnt1234ubnt’, then issue the command help.
Note to Student: The most common commands to use via SSH are listed with the help
command.
40
Note to Student: The Inform URL is listed next to the Status, which is useful for
debugging a UniFi device that does not appear in the GUI of the UniFi Controller to
which you would like to adopt the device.
Note to Student: The top command is useful for debugging a UniFi device if the
performance begins to slow; if too much traffic is passing on the device, consider adding
41
another device to offload some traffic.
6. Keep SSH session open, since you will use the SSH protocol in the next lab.
1. Connect your client mobile device to the S.0X-WLAN, in order to be connected to your
UAP.
Note to Student: You must be connected to your UAP in order to perform a Speed Test.
2. On your client mobile device, visit the Google Play Store (Android) or App Store (iOS) to
download the UniFi Mobile App—then open the UniFi App.
3. After opening the App, click the + button to add a new Local Controller to the
saved/managed Controllers inside your UniFi App, with the following fields:
42
4.
5. While inside the app, open the Sidebar, then begin a Speed Test on both radio bands:
43
Note to Student: In order to maximize the throughput for the WLAN, client rates should
match those of the access point (i.e., if UAP is 802.11ac, then clients should also be
802.11ac devices).
3. Using a text editor, open the “system.properties” file contained in the /data folder.
Note to Student: The prompt symbol “#” precedes comments in the text file. For
example, the entire first half of the “system.properties” files contains lines of commentary
like “ # unifi.http.port=8080 # device inform”, meaning the HTTP ports 8080 is the
default port used by adopted UniFi devices to periodically ping the Controller.
4. At the bottom of the system.properties file, add the following five entries exactly where
you see them in the screenshot below:
Note to Student: By deleting these entries later, your controller will return to the default
44
ports, mentioned in the commented out (#) section at the top of the system.properties
file.
5. Save the file, then re-open the UniFi Controller software, then check that the HTTPS
web address in the URL of your browser uses the new port “50001” instead of port
“8443”.
Note to Student: Adopted UniFi devices may take a moment to move re-provision if new
Port settings are applied.
6. Return to the UniFi directory folder, then using a text editor, open and scroll to the
bottom of the “server.log” file contained in the /logs folder.
Note to Student: Before continuing with later lab activities, you must restore the original
student-X-default.unf backup Controller file, since later lab activities rely on the original
port assignments.
45
Lab 5.2 - Site Management
In this lab activity, you will create & configure a new UniFi site, then move your already adopted
UAP to the new site. You will also practice adding maps by working the sample floor plans
“hotel_basement.png” & “hotel_1st.png” contained in the Student Lab Materials folder during
this lab activity.
1. Click the dropdown for “CURRENT SITE”, then click +Add new site to create a new site
called “Hotel”.
46
2. Browse to the Student Lab Materials folder to download the sample floor plans
“hotel_basement.png” & “hotel_1st.png”.
3. Return to the UniFi Controller in your web browser, under Map tab to click Configure
Maps, then click UPLOAD IMAGE before clicking Save to upload each floor plan, using
the following name:
47
4. With the BASEMENT map selected, navigate to the Devices tab to find your UAP, then
click Configuration, then M
ANAGE DEVICE, and under the Forget This Device section,
select “Move this Device to...” and choose “Hotel”.
48
Note to Student: Upon moving a UniFi device to a new site,
the device will return to its factory default state, move to
the new site for management, then reprovision with
settings for the new site.
5. Click the Settings icon in the bottom-left corner of the Controller GUI to review the “Site
Configuration” and “Services”.
49
Note to Student: When you create a new site, the default Username matches the initial
login credentials used (student-X), as well as a random string of characters for the
password. Your UAP will take on the new site password here.
6. Open your SSH client and connect to your UAP on its IP address (same as before),
using the new Username (student-X) & Password (random string of characters) shown
under the Site settings tab.
50
Lab 5.3 - Configure WLAN Groups
In this lab activity, you will configure WLANs under the WLAN Groups you create in the UniFi
Controller.
1. Return to Settings panel of your UniFi Controller, with the Hotel site selected, then click
User Groups to configure the following User Groups:
Name: Guests
Bandwidth Limit (Download): 1024 Kbps
Bandwidth Limit (Upload): 512 Kbps
Name: Staff
Bandwidth Limit (Download): 4096 Kbps
Bandwidth Limit (Upload): 1024 Kbps
51
2. While still under the Settings panel, click Wireless Networks then the + icon to create a
WLAN Group for the “Hotel” site.
Name: Hotel-Group-1
Mobility: Disabled
Load-Balancing: Disabled
Legacy Support: Disabled
52
3. While under the Wireless Networks section, click CREATE NEW WIRELESS
NETWORK, then add the following WLANs:
WLAN #1
Name: S.X-Hotel-Guests (where X = your Student number)
Security: Open
Guest Policy: Enabled
VLAN: X1 (where X = your Student number. For example, Student 12’s VLAN = 121)
User Group: Guests
WLAN #2
Name: S.X-Hotel-Staff (where X = your Student number)
Security: WPA-Personal
Security Key: ubntrocks
Guest Policy: Disabled
VLAN: X2 (where X = your Student number. For example, Student 14’s VLAN = 142)
User Group: Staff
53
54
Note to Student: The “Guest” & “Staff” WLANs belong to the VLANs X1 & X2 (where X =
your Student number), respectively. For example, Student 5 would apply VLANs 51 & 52
to their created WLANs.
55
4. Apply the new WLAN Group “Hotel-Group-1” to the 2G & 5G WLANs.
5. Connect your mobile device to the Guest & Staff WLAN, then check to make sure that it
receives an IP Address from the DHCP Pool for each Student VLAN:
56
S.X-Hotel-Guest: 10.X.1.0/24
S.X-Hotel-Staff: 10.X.2.0/24
57
6. Return to the Settings tab, under Maintenance, then click DOWNLOAD BACKUP to
create a backup file of the UniFi Controller, then name it “all-sites.unf”.
Note to Student: You will restore this configuration file for the final lab activity, “8.1 -
58
Guest Portal & Hotspot”.
7. Return to the Devices tab to find your UAP, then click Configuration before clicking
FORGET THIS DEVICE to “Move the Device” to the original Site, “Default”.
8. While still on the Settings tab, under Maintenance >> Restore >> Browse, click
CHOOSE FILE to restore the original backup file you created of your UniFi Controller in
the second lab activity, called “student-X-default.unf”.
59
Lab Activity Review
1. How many maximum WLANs can be configured per WLAN Group?
2. What are the different parameters that are configurable on each WLAN?
3. In what ways are overrides useful when provisioning WLANs?
4. Which settings can be overridden for each WLAN?
5. Traffic between UAP and controller is NOT encrypted. T / F
6. Each UAP’s radio can broadcast up to 4 SSIDs (WLANs) simultaneously. T / F
7. The 802.11Q standard defines VLAN ‘tagging’ of data frames. T / F
8. TKIP-based encryption allows for the best possible data rates and security. T / F
9. While not recommended for modern WLANs, WEP can be configured in Legacy
(802.11b) WLAN networks. T / F
10. What different UniFi Device Statuses exist in the UniFi Controller?
In this lab activity, you will practice adopting UniFi devices in different subnets from your own
UniFi Controller. For this lab activity, you will work in groups where Student A’s UAP will be
adopted by Student B, and vice-versa. For example, Student 1 & 2 will work together, Student 3
& 4, etc.
1. SSH into your partner’s UAP on his/her UniFi Device’s IP address (in the 10.X.0.0/24
subnet, where X = your Student number), then issue the command
set-inform http://<your_laptop_ip>:8080/inform
Note to Student: Shortly after issuing the SSH command to update the inform URL, your
partner’s UAP will appear in your UniFi Controller.
60
2. Check the Devices tab to adopt your partner’s UAP; make sure that you adopt your
partner’s UAP—not yours!
Note to Student: You will need to re-issue the Inform URL command once more before
your partner’s UAP successfully adopts to your UniFi Controller.
Note to Student: Leave your UAP in its current state. In the next lab activity, you will
restore your UAP to its factory default state.
In this lab activity, you will create your free UniFi Cloud account to manage your UniFi Sites
from anywhere in the world. You will also learn about Ubiquiti’s different Controller options: the
free, standalone software Controller, the UniFi Cloud Key, and UniFi Elite (Ubiquiti’s premiere
hosted management platform for UniFi).
1. Navigate to the Settings tab in the UniFi Controller, then click Controller then rename the
“Controller Hostname/IP” to “Student X Controller”.
2. While still under the Settings tab click Cloud Access to link your UniFi Controller to your
Ubiquiti SSO Account.
61
Note to Student: Ubiquiti SSO Accounts let you participate in the Online Community, as
well as use Ubiquiti’s free online software tools. If you don’t already have an account,
navigate to https://account.ubnt.com/ to register. If you can’t remember your
username/password, use the Recover Username/Password feature.
3. After linking your Ubiquiti SSO Account, navigate to https://unifi.ubnt.com/ to see all
UniFi Controllers (whether standalone software instances, or Cloud Key instances)
linked to your UniFi Cloud account. For new Student UniFi UniFi Controller online
62
Note to Student: Three types of Controllers can appear in the UniFi Hybrid Cloud for
management, including standard PC workstation/server (i.e., standalone free Controller
software), UniFi Cloud Key (pre-configured miniature hardware server), and UniFi Elite
(Ubiquiti’s hosted Controller platform).
4. When your Controller comes online, click the IP address, then select LAUNCH to open
the Controller.
Note to Student: Although the Controller is being accessed locally, the UniFi Hybrid
Cloud service uses the WebRTC (Web Real-Time Communications) protocol to manage
Controllers via Ubiquit’s Secure Cloud from anywhere in the world. The WebRTC
protocol is also used for online peer-to-peer applications, such as Skype and Google
Hangouts, and now, UniFi Cloud. With WebRTC, you can establish connections to
devices behind NAT & double NAT firewalls, or even with dynamic WAN IP addresses.
1. Student B should navigate to the Devices tab of their UniFi Controller, then click the UAP
to open the “PROPERTIES” panel, then click “FORGET THIS DEVICE” to restore their
63
UAP to its factory default state.
Note to Student: After “forgetting” the UAP, it will disappear from the UniFi Controller,
then after about 1 minute, re-appear as Pending Adoption.
2. Trainer should re-assign VLAN Group “S.0A” (where A = X, Student A’s number) to the
Ports connecting to Student B’s UAP.
64
Note to Trainer: Only perform this function after each Student B has successfully
“Forgotten” (unadopted/unmanaged) their UAP. For a class of 10 students, Ports 2, 4, 6,
8, and 10 should be assigned S.01, S.03, S.05, S.07, and S.09 VLAN Groups,
respectively.
3. After the Steps 1 & 2 are completed, Student B’s UAP will appear in Student A’s UniFi
Controller with an IP address in the 10.A.0.0/24 range (where A & B = X, the Student
numbers), so click Adopt to manage Student B’s UAP in Student A’s UniFi Controller.
65
4. After Student B’s UAP is successfully adopted into Student A’s UniFi Controller, Student
A should rename Student B’s UAP to “S.B-UAP (Downlink)”.
66
5. Next, Student B should disconnect their UAP from the Trainer Switch in order to connect
it physically to the Port labeled “POE” of the 24V/0.5A POE injector, then connect
Student B’s laptop to the Port labeled “LAN” of the 24V/0.5A POE injector.
Note to Student: Until the Wireless Uplink is established to Student A’s UAP, Student B’s
laptop will have limited connectivity.
6. Once Student B’s UAP appears as “Isolated” in the UniFi Controller, click Configuration,
then click WIRELESS UPLINKS to see all nearby managed UAPs to which the “Isolated”
ink icon for Student A’s
(Downlink) UAP can establish a Wireless Uplink—then click the L
UAP.
67
Note to Student: Ensure that the “Refresh Rate” is set to “15 seconds”, so that the
Controller reports Student B’s UAP “Isolated” state at the proper time.
Note to Student: Both Student A’s & B’s UAPs will provision, temporarily reboot, then
68
return to their “Connected” state.
Note to Student: After “forgetting” the UAP, it will disappear from Student A’s UniFi
Controller, then after about 1 minute, re-appear as Pending Adoption.
8. Only after Student B’s UAP-AC-LITE has returned to the “Pending Adoption” state, the
Trainer should re-assign VLAN Group “S.0B” (where B = X, Student A’s number) to the
Ports connecting to Student B’s UAP.
Note to Trainer: Only perform this function after each Student B has successfully
69
“Forgotten” (unadopted/unmanaged) their UAP. For a class of 10 students, Ports 2, 4, 6,
8, and 10 should be re-assigned S.02, S.04, S.06, S.08, and S.10 VLAN Groups,
respectively.
9. Student B should re-connect their laptop to their airMAX-ac radio, then re-connect their
UAP-AC-LITE back to the Student B Port of the UniFi Switch then proceed with
readoption.
Note to Student: When upgrading firmware on Wireless Uplink networks, make sure that
Automatic Upgrade is disabled. Always upgrade the remote UAPs before upgrading their
wired peers. Never Forget a UAP while in its Isolated state since the only way to recover
the access point will be to gain physical access the device.
70
Lab 8.1 - Guest Portal & Hotspot
In this lab activity, you will configure the UniFi Guest Portal to serve to your connecting WLAN
mobile device.
1. Return to the Settings tab, click Maintenance, then under “Restore” click CHOOSE FILE
to restore the backup configuration file you created earlier in the course called
“all-sites.unf”.
Note to Student: Your UAP will provision with the new settings, reboot, then return
online.
2. When your UAP comes back online, test connecting your mobile device (not the Student
Laptop) to the Guest WLAN. The Guest Portal is still not enabled, but Guest Policies are
applied, including L2/L3 isolation & access constraints on private network ranges.
3. Return to the Settings tab in the UniFi Controller, then click Guest Control, and enable
Hotspot Authentication. Scroll to the bottom to enable Voucher based authorization, then
click GO TO HOTSPOT MANAGER to create vouchers for Guest Access.
4. Click the Vouchers icon in the left sidebar of the UniFi Hotspot Manager, then click +
CREATE VOUCHERS and assign the following values for temporary-use vouchers:
- 10 Multi-use
- Expiration Time: 24 Hours
- Bandwidth Limit (Download): 1024 Kbps
- Bandwidth Limit (Upload): 1024 Kbps
- Byte Quota: 10 Mbytes
- Notes: Free 15-Min. Wi-Fi
71
Note to Student: Multi-use vouchers authorize multiple devices (ex. Laptop, cellphone,
tablet) via a single access code, whereas single-use vouchers may authorize only a
single device.
Note to Student: Take note of one of the Voucher Codes so that you can connect your
Guest Device later after you finish configuring the Guest Portal & Hotspot.
72
5. Return to the UniFi Controller under the Guest Control section of the Settings tab, click
AngularJS under “Template Engine” of “Portal Customization” to begin setting up your
Guest Portal page, then click APPLY CHANGES.
Note to Student: If you need to reset the Guest Portal to its Default settings (including
color schemes), click RESET next to the APPLY CHANGES button.
Note to Student: Your UAP will provision with the new settings, reboot, then return
73
online.
6. When your UAP comes back online, test connecting your mobile device (not the Student
Laptop) to the Guest WLAN, using one of the Voucher codes you created on the UniFi
Hotspot Manager page.
74
1. Hotspot Manager Accounts (Operators) have less permission to make configuration
changes to UAPs than UniFi Administrator accounts. T / F
2. The vouchers.html file is the main landing page that displays pricing, authentication
information and Terms of Use for the guest. T / F
3. A UAP can only broadcast either Guest or User WLANs on each radio, but never both
simultaneously. T / F
4. While in the Walled Garden and prior to authentication, a Guest user can receive an IP
address from the DHCP server. T / F
5. After guests finish authenticating, all HTTP/HTTPS traffic is forwarded to the UniFi
Controller. T / F
75