Showing posts with label ubiquiti. Show all posts
Showing posts with label ubiquiti. Show all posts
Monday, September 18, 2017
Ubiquiti Aircontrol 2 Server Ubuntu Install Step by step
Ubiquiti Aircontrol 2 Server Ubuntu Install Step by step
The new version of Aircontrol may still be in beta, but it as vast improvement over the original Aircontrol. One of the best features of the software is the fact that it runs natively on linux. Here is a step by step tutorial on getting it running on Ubuntu:
1. Log in to your Ubuntu server and switch to a root user.
2. Update your apt-get resources:
apt-get update
3. Download the Aircontrol 2 Beta *.deb file. You should register on the Ubiquiti beta forums to make sure you get the latest version.:
wget http://www.ubnt.com/downloads/aircontrol2/aircontrol-v2.0-Beta14.1129.150619.1740-ubuntu.deb
3.Install the *.deb file using dpkg:
dpkg -i aircontrol-v2.0-Beta14.1129.150619.1740-ubuntu.deb
4. Run apt-get to fix missing dependencies
apt-get install -f
5. On the "Installation Type" screen, select "Server" and select "OK"
6. Configure a Username
7. Configure a Password
8. Set the port (I leave it as is)
9. Configure the service to start automatically
10. Verify that Aircontrol 2 is running by navigating to http://server-ip:9081
You should see a message saying: Welcome to Ubiquit Aircontrol 2
Thats it. You should now be able to connect using the Aircontrol Client on your PC!
download file now
Wednesday, August 30, 2017
Ubiquiti AirOS 5 6 Cacti Templates
Ubiquiti AirOS 5 6 Cacti Templates
After many requests and much procrastination, here are the templates for AirOS 5.6 for Cacti.
You will now be able to graph individual client connection details directly from the AP!
Graphs Available:
Access Point / Client Direct Polling:
- CPU
- Combined Link Details
- Uptime
- Interface Traffic
- Air Rate
- Signal
- Airmax
- Air Rate
Connected Client Graphs:
- Combined Link Details
- Airmax
- Traffic
- Signal
- Air Rate
AP Only
- Station Count
Installation:
Download from DropBox
Remember to put the following files into /cacti/resource/snmp_queries
AirOS5.6-AP.xml
AirOS5.6-CPE.xml
Combined Link Details: AP / Client / Client on AP
Combined Link Details: AP / Client / Client on AP
Station Count: AP Only
Interface Traffic: AP / Client / Client on AP
Airmax: AP / Client / Client on AP
Air Rate: AP / Client / Client on AP
CPU Usage: AP / Client
Signal: AP / Client / Client on AP
Uptime: AP / Client
download file now
Monday, August 28, 2017
Ubiquiti Airos 5 6 CPE on Cacti
Ubiquiti Airos 5 6 CPE on Cacti
PLEASE NOTE THAT THERE IS A NEW VERSION AT:
http://www.binaryheartbeat.net/2015/08/ubiquiti-airos-56-cacti-templates.html
Ubiquiti has created a new MIB definition to go with the new version of AirOS. I made myself some new templates to monitor 5.6 version AirOS devices, I will try to update the templates when the 5.6 goes final.
I am working with Cacti version 0.8.7i since that is the current version available to apt-get install on Ubuntu 12.04.
The new AirOs version allows you to graph the stats of clients connected to an AirOS AP by polling the AP itself. If you need any additional data on the graphs, or have any suggestions on how I can improve the graphs, let me know so that I can update them.
Remember to put AirOS5_6.xml and AirOS5_6_AP.xml in your /cacti/resource/snmp_queries/ directory.
You can import the host templates through the Cacti web interface.
The AirOS5_6_AP.xml specifically allows you to graph details from AP connected clients by polling the AP. Please note that currently there is still one problem, the station list returns the station names in HEX. I still have to figure out how to change that.
A note on client traffic:
At this point in time version 5.6-beta3.21929 does not seem to actually post the traffic to the snmp agent.
Client traffic, whether polled from the client itself, or the AP, will be graphed from the perspective of the client once Ubiquiti fixes the bug.
http://www.binaryheartbeat.net/2015/08/ubiquiti-airos-56-cacti-templates.html
Ubiquiti has created a new MIB definition to go with the new version of AirOS. I made myself some new templates to monitor 5.6 version AirOS devices, I will try to update the templates when the 5.6 goes final.
I am working with Cacti version 0.8.7i since that is the current version available to apt-get install on Ubuntu 12.04.
 |
| Client Signal - Polled From AP |
 |
| AP CPU Uage |
 |
| AP Station Count |
 |
| AP Uptime |
 |
| Client Connection Details - Polled from AP |
 |
| Client Connection Details - Polled from Client |
The new AirOs version allows you to graph the stats of clients connected to an AirOS AP by polling the AP itself. If you need any additional data on the graphs, or have any suggestions on how I can improve the graphs, let me know so that I can update them.
Remember to put AirOS5_6.xml and AirOS5_6_AP.xml in your /cacti/resource/snmp_queries/ directory.
You can import the host templates through the Cacti web interface.
The AirOS5_6_AP.xml specifically allows you to graph details from AP connected clients by polling the AP. Please note that currently there is still one problem, the station list returns the station names in HEX. I still have to figure out how to change that.
A note on client traffic:
At this point in time version 5.6-beta3.21929 does not seem to actually post the traffic to the snmp agent.
Client traffic, whether polled from the client itself, or the AP, will be graphed from the perspective of the client once Ubiquiti fixes the bug.
Download Version 0.1 from DropBox
download file now
Monday, August 21, 2017
Ubiquiti AirOS 5 6 Virtual SSID Step by Step
Ubiquiti AirOS 5 6 Virtual SSID Step by Step
One of the big gripes that people have with Ubiquiti is the lack of support for Virtual SSIDs. Here is a step by step tutorial for setting up VSSIDs on Airos 5.6 devices with Vlans back to the upstream router. Please note that you will not be able to use Airmax when you have Virtual SSIDs.
This tutorial is based on information from the Ubiquiti Forums, specifically this post by AnubisSL.
Step 1 - Make sure you are running the latest version of AirOS
Step 2 - Configure the first SSID as you would under normal circumstances
Step 3 - Download the config file from the device and open it using a text editor
Step 4 - Edit the config file
4.1a - Without VLAN use this if you dont need to vlan the second SSID
Under the "bridge" section, create a new bridge port. The port number, "3" in this example should be incremented by one from the previous highest number. The devname, in this case "ath1" is also one more than the previous, in this case "ath0"
Under the "bridge" section, create a new bridge port. The port number, "3" in this example should be incremented by one from the previous highest number. The devname, in this case "ath1" is also one more than the previous, in this case "ath0"
bridge.1.port.3.devname=ath1
bridge.1.port.3.prio=20
bridge.1.port.3.status=enabled
bridge.1.port.3.prio=20
bridge.1.port.3.status=enabled
4.1b - With VLAN use this if you want to place the clients on the second SSID in a VLAN
Under the "bridge" section, create a new bridge, incrementing the last used by one. Add the ethernet interface, as well as the new (virtual) wireless interface (created later on). The ethernet device name is noted as eth0.vlanid (in this case vlan10).
The device name for bridge.2 would be br1 for bridge.3 it would be br2 and so on.
bridge.2.comment=Management
bridge.2.devname=br1
bridge.2.port.1.devname=eth0.10
bridge.2.port.1.status=enabled
bridge.2.port.2.devname=ath1
bridge.2.port.2.status=enabled
bridge.2.status=enabled
bridge.2.stp.status=disabled
bridge.2.devname=br1
bridge.2.port.1.devname=eth0.10
bridge.2.port.1.status=enabled
bridge.2.port.2.devname=ath1
bridge.2.port.2.status=enabled
bridge.2.status=enabled
bridge.2.stp.status=disabled
4.2 Under the "ebtables" section, add the new device, incrementing the number "2" as appropriate, and using the device name created above.
Without VLAN
Without VLAN
ebtables.sys.eap.2.status=enabled
ebtables.sys.eap.2.devname=ath1
ebtables.sys.arpnat.2.status=enabled
ebtables.sys.arpnat.2.devname=ath1
ebtables.sys.eap.2.devname=ath1
ebtables.sys.arpnat.2.status=enabled
ebtables.sys.arpnat.2.devname=ath1
With VLAN (note, you can also create the VLAN using the web interface)
ebtables.sys.eap.2.status=enabled
ebtables.sys.eap.2.devname=ath1
ebtables.sys.arpnat.2.status=enabled
ebtables.sys.arpnat.2.devname=ath1
ebtables.sys.vlan.1.comment=VirtualSSID
ebtables.sys.vlan.1.devname=eth0
ebtables.sys.vlan.1.id=10
ebtables.sys.vlan.1.status=enabled
ebtables.sys.vlan.status=enabled
ebtables.sys.eap.2.devname=ath1
ebtables.sys.arpnat.2.status=enabled
ebtables.sys.arpnat.2.devname=ath1
ebtables.sys.vlan.1.comment=VirtualSSID
ebtables.sys.vlan.1.devname=eth0
ebtables.sys.vlan.1.id=10
ebtables.sys.vlan.1.status=enabled
ebtables.sys.vlan.status=enabled
4.3 Under the "netconf" section add the information below incrementing "4" as needed. make sure you use the same device name as above
netconf.4.up=enabled
netconf.4.status=enabled
netconf.4.role=bridge_port
netconf.4.promisc=enabled
netconf.4.netmask=255.255.255.0
netconf.4.mtu=1500
netconf.4.ip=0.0.0.0
netconf.4.hwaddr.status=disabled
netconf.4.hwaddr.mac=
netconf.4.devname=ath1
netconf.4.autoip.status=disabled
netconf.4.allmulti=enabled
netconf.4.status=enabled
netconf.4.role=bridge_port
netconf.4.promisc=enabled
netconf.4.netmask=255.255.255.0
netconf.4.mtu=1500
netconf.4.ip=0.0.0.0
netconf.4.hwaddr.status=disabled
netconf.4.hwaddr.mac=
netconf.4.devname=ath1
netconf.4.autoip.status=disabled
netconf.4.allmulti=enabled
4.4 Add the following under the "radio" section, specifying radio.1 as the parent device, and incrementing the virtual device number as needed
radio.1.virtual.1.status=enabled
radio.1.virtual.1.devname=ath1
radio.1.virtual.1.mode=master
radio.1.virtual.1.devname=ath1
radio.1.virtual.1.mode=master
4.5 Add the following under the "wireless" section, using the next available number, and choose a sensible SSID name
wireless.2.wmm=enabled
wireless.2.wds.status=disabled
wireless.2.status=enabled
wireless.2.ssid=NEWSSID <= CHANGE TO ACTUAL SSID OF VIRTUAL AP
wireless.2.l2_isolation=enabled <= CHANGE TO disabled IF NO ISOLATION IS REQUIRED
wireless.2.hide_ssid=disabled
wireless.2.autowds=disabled
wireless.2.authmode=1
wireless.2.ap=
wireless.2.addmtikie=enabled
wireless.2.devname=ath1
wireless.2.wds.status=disabled
wireless.2.status=enabled
wireless.2.ssid=NEWSSID <= CHANGE TO ACTUAL SSID OF VIRTUAL AP
wireless.2.l2_isolation=enabled <= CHANGE TO disabled IF NO ISOLATION IS REQUIRED
wireless.2.hide_ssid=disabled
wireless.2.autowds=disabled
wireless.2.authmode=1
wireless.2.ap=
wireless.2.addmtikie=enabled
wireless.2.devname=ath1
4.6 Unless you need security, you can save the file and upload it to your device. That is all.
4.6 If you want to enable security, add the following under the "aaa" section, changing the values appropriately
aaa.2.devname=ath1 <= CHANGE TO ACTUAL DEVICE OF VIRTUAL AP
aaa.2.driver=madwifi
aaa.2.radius.auth.1.status=disabled
aaa.2.ssid=NEWSSID <= CHANGE TO ACTUAL SSID OF VIRTUAL AP
aaa.2.status=enabled
aaa.2.wpa.1.pairwise=TKIP CCMP
aaa.2.wpa.key.1.mgmt=WPA-PSK
aaa.2.wpa.psk=PASSWORD <= CHANGE TO REQUIRED PASSWORD OF VIRTUAL AP
aaa.2.wpa.mode=2
aaa.2.driver=madwifi
aaa.2.radius.auth.1.status=disabled
aaa.2.ssid=NEWSSID <= CHANGE TO ACTUAL SSID OF VIRTUAL AP
aaa.2.status=enabled
aaa.2.wpa.1.pairwise=TKIP CCMP
aaa.2.wpa.key.1.mgmt=WPA-PSK
aaa.2.wpa.psk=PASSWORD <= CHANGE TO REQUIRED PASSWORD OF VIRTUAL AP
aaa.2.wpa.mode=2
Thats it, you can now upload the new config, and reboot the device!
Limitations:
NO AIRMAX!
NO 10MHZ channels
i think thats it
download file now
Sunday, August 13, 2017
Ubiquiti AirOS Hairpin NAT
Ubiquiti AirOS Hairpin NAT
When setting up a port forward (Destination NAT) on a Ubiquiti AirOs device, you will find that users inside your network will not be able to use the WAN IP to access the internal device. This is because you need to add what is known as a "Hairpin NAT". Read below for instructions on how to do that, and why it is necessary.
Picture the network below:
In order for a user from the internet (wan) side of the router to be able to access the webserver, you would add the following port forward to your router:
This would immediately work for users outside the network, but if you wanted to access the webserver from the workstation inside the lan by using the ip 12.34.56.78, it would fail. Why?
Let us picture the process as follows:
This explains why the workstation never receives the response, and why a connection isnt opened.
To fix this, we need to make sure that the server responds via the router. We do this by telling the router to not only change the Destination IP, but also the Source IP in step one above.
Unfortunately as of version 5.6 of AirOs, Ubiquiti still hasnt implemented a hairpin function in the web interface, but you can do it from the command line.
What you need to do is open up a telnet or ssh session to the router, and run the following commands:
echo iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 12.34.56.78 -j MASQUERADE >> /etc/persistent/rc.poststart
This will add a rule to your routers firewall that says when anyone tries to connect to 12.34.56.78 from inside the 10.0.0.0/24 subnet, the SOURCE IP will be replaced with the Source IP of the router.
Run the following command to save the change:
cfgmtd -w -p /etc/
And reboot the router.When you open the web interface for the router you will now see that it shows that you are running custom scripts, do not be alarmed, this is normal.
You should now be able to connect to the device using the public ip of your router.
download file now
Subscribe to:
Posts (Atom)