Category Archives: Hardware

UniFi’s Advanced Wi-Fi Settings Explained

UniFi’s Advanced Wi-Fi settings are often misunderstood. The defaults are usually safe, but it’s helpful to understand what these settings do while setting up a network or troubleshooting an issue. Ubiquiti doesn’t do the best job at explaining, so lets go through them one by one.
These settings and descriptions are using the default “new” interface, and they are current as of UniFi Network Application version 6.5.53. I also list the settings that are only available in the classic/old interface at the end.

UniFi’s Wi-Fi Settings
Table of Contents

  • Creating a New UniFi Wi-Fi Network
  • Advanced Wi-Fi Settings
    • Wi-Fi Band
    • Optimize IoT Wi-Fi Connectivity
    • AP Groups
    • UAPSD
    • High Performance Devices
    • Proxy ARP
    • Legacy Support
    • Multicast Enhancement (IGMPv3)
    • BSS Transition
    • L2 Isolation
    • Enable Fast Roaming
  • Bandwidth Profile
  • Security Settings
    • Security Protocol
    • If WPA3 is selected…
    • Hide Wi-Fi Name
    • PMF (Protected Management Frame)
    • Group Rekey Interval
  • MAC Authorization Settings
  • 802.11 Rate and Beacon Controls
    • Override DTIM Period
    • 2.4. GHz Data Rate Control
    • 5 GHz Data Rate Control
  • Wi-Fi Scheduler
  • Settings only available in the old UI

Creating a New UniFi Wi-Fi Network
In the UniFi interface, network settings are divided into Wi-Fi, Networks, and Internet.

  • Wi-Fi controls your wireless connections, including SSID, password, and other advanced settings.
  • Networks controls your LAN networks and VLANs, including DHCP, DNS, and IP addresses.
  • Internet controls your WAN connections, including VLANs, IP addresses, and Smart Queues for QoS.

By default, UniFi has one LAN network, which is used for all wired and wireless connections. Creating additional networks allows you to segment and restrict traffic. This is commonly used for guest or IoT devices, or separating devices or areas into different network groups. Before diving into wireless settings, setup your networks and VLANs first. This can be done by modifying the default LAN, or by creating a new network under the Networks tab.
If the network you want to use for Wi-Fi has been created, go to Settings → Wi-Fi → Add New Network.

Creating a new Wi-Fi network
Give it a name (SSID), password, and specify which network it is going to use. If you don’t want to use the default of a WPA2 password for the network, open the advanced options and scroll down to the “Security” tab and modify the settings there. Otherwise, you can save it, and it will be added to all of your APs by default.
If you want a basic network, that’s all you need to do. If you want more, the good stuff is hidden under the advanced tab.
UniFi’s Advanced Wi-Fi Settings
WI-FI Band

  • 2.4 GHz: Slower, longer range, more wall penetration.
  • 5 GHz : Faster, shorter range, less wall penetration.
  • Default: Both
  • Effect: This setting controls which band your Wi-Fi network broadcasts on. You can pick one, or enable both.
  • Note: Dual-band SSIDs can lead to roaming issues, with some clients not using 5 GHz, or not roaming to the nearest AP. There are several ways to combat this – usually adjusting AP placement, lowering 2.4 GHz transmit power, enabling band steering, fast roaming, or the “high performance devices” settings can be effective. You can also create a separate 2.4 GHz and 5 GHz network if you want guaranteed, manual control over which band is used by which device.

Optimize IoT Wi-Fi Connectivity

  • Improves the connection reliability of IoT devices.
  • Default: On
  • Effect: Forces DTIM settings to default values of 1 for 2.4 GHz and 3 for 5 GHz. More on DTIM below, under the 802.11 Rate and Beacon Controls section.

AP Groups

  • Allows grouping of APs and selecting which will broadcast this Wi-Fi network.
  • Default: All APs
  • Note: UniFi has a limit of 4 SSIDs per band, per AP group. You can stretch this to 8 total SSIDs if you limit your networks to a single band. You can have up to four 2.4 GHz and up to four 5 GHz networks, or four dual-band SSIDs. You can always create additional SSIDs, but each AP or AP group can only broadcast a total of four SSIDs, per band, at a time.
    • Edit: Thanks u/fictionaldisc711 for pointing out the limit can vary by model. The limit is 8 per band with the AC-HD. I don’t have a AC-SHD or UAP-XG to test, but those should allow for 8 SSIDs per band as well.
    • Edit #2: Thanks u/SmokingCrop- for pointing out that enabling wireless uplink connectivity monitor (under system -> application configuration, or old UI -> Site -> Services) also limits the total number of SSIDs to 4.

Setting Wi-Fi Band and AP Group
Scrolling below AP Groups is where things get fun, and the acronyms take over.
UAPSD

  • Unscheduled Automatic Power Save Delivery, also known as WMM power save.
  • Default: Off
  • Effect: Enabling allows devices that support UAPSD to save battery power by keeping their Wi-Fi radio in sleep mode for more time. Like a lot of features that are off by default, this can cause issues for some clients, especially older or IoT devices.
  • Recommendation: Turn on if battery life is important, and older/IoT device connectivity is not.

High Performance Devices

  • Connect high performance clients to 5 GHz only.
  • Default: On
  • Effect: Disabling this allows “high performance” clients to join 2.4 GHz. This can fix (or make worse!) some issues with dual-band SSIDs and poor roaming performance, at the cost of less throughput when devices connect to 2.4 GHz.
  • Recommendation: Disable if you have areas which are only covered by 2.4 GHz, or have issues with 2.4 GHz clients not being able to join the network.
  • Note: Ubiquiti doesn’t specify what “high performance” is, but I would assume this applies to devices that support Wi-Fi 5 or 6, and multiple spatial streams. Modern phones and laptops, basically.

Proxy ARP

  • Remaps ARP table for station. ARP is the Address Resolution Protocol, which is used to learn the MAC address for a given IP address.
  • Default: Off
  • Effect: Enabling allows the AP to answer ARP requests for client devices, which helps to limit broadcast traffic. This is mainly relevant in larger, higher density networks.
  • Recommendation: Enable for high-density networks.

Legacy Support

  • Enable legacy device support (i.e. 11b).
  • Default: Off
  • Effect: Enabling this allows connections to older devices that don’t support 802.11g or newer standards.
  • Recommendation: Only enable if you need devices that only support 802.11a or 802.11b to connect to the network.

Advanced Settings
Multicast Enhancement (IGMPV3)

  • Permit devices to send multicast traffic to registered clients at higher data rates by enabling the IGMPv3 protocol.
  • Default: Off
  • Effect: Enabling this might improve performance with smart home products such as smart speakers or streaming devices. Some have reported the opposite. Sonos speakers for example, usuallyfunction better when…
    • Spanning Tree is set to regular STP mode on your switches. I’d also recommend lowering the priority of your switches so they continue to be the Spanning Tree root bridge.
    • IGMP Snooping is on under network settings -> advanced. This allows switches to identify multicast groups used in each port. Multicast streams are forwarded only to network devices that should receive them.
    • Multicast Enhancement (IGMPv3) is on under Wi-Fi settings -> advanced. This enables the IGMP querier service on a UniFi gateway such as the USG or UDM, letting it create multicast groups which should improve Multicast traffic such as video or audio streams. Some people have had better luck with this disabled, and there may be other issues at fault, such as network topology. Multicast is hard to troubleshoot without a packet capture and knowledge of the protocols involved.
    • Multicast DNS is on under advanced features -> advanced gateway settings. mDNS allows for converting host names to IP addresses in a local network without a DNS server. An example of mDNS is Apple’s Bonjour, which is used to quickly setup sharing between computers and other devices. UniFi’s mDNS service allows you to discover devices on other networks.
  • Recommendation: Enabling this setting may help issues with Chromecast, AirPlay, or other smart home gear. Another option is to enable mDNS and create a separate SSID for these devices and follow Ubiquiti’s help article steps here.

BSS Transition

  • Allow BSS Transition with WNM, which stands for Wireless Network Management. WNM allows the AP to send messages to clients to give them information about the network, and the details of other APs. This includes the current utilization and number of clients, allowing the client to make more informed roaming decisions.
  • Default: On
  • Effect: Enables 802.11v. This assists with saving power and the roaming process, but it’s up to the client to device to make a decision based on the given information.
  • Recommendation: Leave enabled, especially in networks with multiple APs.

L2 Isolation

  • Isolates stations on layer 2 (Ethernet) level
  • Default: Off
  • Effect: Restricts clients from communicating with each other.
  • Recommendation: Enable for high-security guest networks, or IoT networks which would benefit from this restriction. This can also lead to unintended consequences, so test the devices behavior before and after changing this setting.

Enable Fast Roaming

  • Faster roaming for modern devices with 802.11r compatibility. It does this by speeding up the security key negotiation process, allowing both the negotiation and requests for resources to occur in parallel. With 802.1X, keys are cached rather than the client needing to check with the RADIUS server with each roam. With pre-shared key networks such as WPA2, the client goes through the normal 4-way handshake authentication process.
  • Default: Off
  • Effect: Enables OTA (Over-the-air) Fast BSS Transition, which allows devices that support it to roam between APs faster. Without this setting enabled, roaming from AP to AP may take a few seconds, and during that time data cannot be sent or received. In most cases you won’t notice this, but latency sensitive and real-time applications like a voice call perform poorly. Slow roaming behavior with a VoIP call may result in gaps in the audio. With 802.11r Fast Roaming enabled, the roams should be nearly unnoticeable.
  • Note: Fast BSS Transition works with both preshared key (PSK) and 802.1X authentication methods. Older devices should not experience connectivity issues with this enabled.

Bandwidth Profile

  • Default, or select existing profile.
  • Default: Bandwidth is unlimited.
  • Effect: Allows you to set default per client download and upload bandwidth limits.
  • Note: Create new profiles under Advanced features → Bandwidth Profile

New Bandwidth Profiles are created under Advanced Features -> Bandwidth Profile
Security Settings
Security Protocol

  • Open. No password needed to join the network.
  • WPA-2. The older pre-shared key security method, which requires a password to join the network. WPA-2 is less secure than WPA-3, but is more universally supported, especially on older devices.
  • WPA-2 Enterprise. The older 802.1X security method, which requires a RADIUS server to allow users to join the network with a username or password. Usually common in larger networks which need to grant or revoke permission to join without changing other people’s access by changing the pre-shared key.
  • WPA-2/WPA-3. Allows for a mix of WPA-2 and WPA-3 connections. Devices that support WPA-3 will use the newer and more secure standard, while older clients will fallback to WPA-2. This is less secure overall than requiring WPA-3, but it is more flexible and less likely to cause issues as we transition to WPA-3 as a default.
  • WPA-3. The newer pre-shared key security method, which does a lot of magic behind the scenes to be more secure than WPA-2. WPA-3 is still vulnerable to certain attacks, so still make sure to use a complex password and restrict access to that if it matters
  • WPA-3 Enterprise. The newer 802.1X security method, which like WPA-3 personal allows for more secure connections.

If WPA3 is selected…

  • WPA3 SAE anti-clogging threshold in seconds
    • Default: 5
    • Note: SAE is Simultaneous Authentication of Equals, and anti-clogging is designed to prevent denial of service (DoS) attacks on the AP. This setting affects the time threshold for what the AP considers “too many” requests.
  • WPA3 Sync in seconds
    • Default: 5
    • Note: Explaining how WPA3 works is beyond the scope of this guide. Only change these if you know what you’re doing, and have a valid reason.

Wi-Fi security and MAC Authorization settings
Hide Wi-Fi Name
This forces access points to send out beacon frames with no SSID, meaning the SSID field in the beacon frame is set to null. Beacons are still sent, and “hidden” networks are still easy to detect. To join a network with a hidden SSID, clients will have to manually enter the SSID name along with the password.
Hiding the SSID does not enhance the security of the network. Using a more complex password or moving to a newer protocol (WPA2/3 vs WPA or WEP) does.
PMF (Protected Management Frame)
Protected management frame (PMF) is a security feature which aims to prevent intercepting or forging management traffic. Management frames include authentication, de-authentication, association, dissociation, beacons, and probes. These cannot be encrypted like normal unicast traffic, so this feature protects from forgery, preventing some common security attacks.

  • Required: APs will use PMF for all stations. Stations without PMF capability will not be able to join the WLAN. Required for WPA3.
  • Optional: APs will use PMF for all capable stations, while allowing non-PMF capable stations to join the WLAN.
  • Disabled: APs will not use PMF for any stations.

Group Rekey Interval

  • This setting controls how often an AP changes the GTK, or Group Temporal Key. The GTK is a cryptographic key that is used to encrypt all broadcast and multicast traffic between APs and clients.
  • Default: 3600 seconds.
  • Note: Lower intervals mean the key changes more often, but can cause the issue of users disconnecting or unable to join the network with the message ‘wrong password’, even if the credentials are correct.

MAC Authorization Settings

  • MAC address Filter
    • Allows you to restrict clients from joining the network unless they are on the allow list, or block specific MAC addresses.
  • RADIUS MAC Authentication
    • Allows you to use a RADIUS server for client authentication.
  • RADIUS Profiles
    • Allows you to select pre-defined RADIUS profiles.
    • To create new profile, go to Advanced Features -> RADIUS -> Add RADIUS Profile. This is where you define the aspects of your RADIUS server like IP address, ports, assigned VLAN, shared secrets, and update interval.
  • MAC address format
    • Allows you to set the format for the MAC address and whether semicolons or hyphens are expected.

Override DTIM Period

  • DTIM stands for Delivery Traffic Indication Message, which is a message that is sent along with beacon frames. The role of the DTIM is to let a sleeping client know that it has buffered data waiting for it. Higher numbers buffer longer, potentially saving battery life. Altering these values can cause a variety of issues though, so change them at your own risk.
  • Default for 2.4 GHz: 1, meaning every 2.4 GHz beacon will include a DTIM
  • Default for 5 GHz: 3, meaning every third 5 GHz beacon will include a DTIM
  • Note: You cannot modify the default values when “Optimize IoT Wi-Fi Connectivity” is on.

802.11 Rate and Beacon Controls
2.4 and 5 GHz Data Rate Control

  • Disabling the lowest data rates is a common setting to consider for high density networks where airtime conservation is important. Lower data rates are less efficient. When data is sent at a low rate, it uses more airtime, limiting the performance of all the other devices using that AP. This does not limit the range of your AP, and the details are complicated. Rob Krumm has a great analysis of what changing your rate does and does not change if you want more details.
  • Default for 2.4 GHz: All rates allowed (1 to 54 Mbps)
  • Default for 5 GHz: All rates allowed (6 to 54 Mbps)
  • Recommendation: Leave at default for most networks. Disabling rates below 6 or 11 Mbps can improve the efficiency of higher-density networks.

WiFi Scheduler
Allows you to turn an SSID on or off at a certain time, or setup a weekly schedule.

Creating a new schedule in Wi-Fi Scheduler
Settings only available in the old UI (as of version 6.5.53)
These settings are missing in the new interface, or have been moved/renamed.

  • Apply Guest Policies
  • Beacon Country
  • Add 802.11d county roaming enhancements
  • TLDS Prohibit
  • Block Tunneled Link Direct Setup (TDLS) connections
  • Point to Point, also referred to as P2P
  • Send beacons at 1 Mbps

Test Phone Lines on NEC SV8100

How to test the individual phone lines on an NEC SV8100 phone system

  • Press the Speaker button
  • dial #0
  • dial 01, 01 corresponds to the first phone line on the system

Each following line is 02, 03, 04 etc. depending on how many lines attached to the system. I frequently feel phone system documentation is hard to find online especially things to do basic testing like this.

Webserver on Raspberry Pi

As an experiment this site is now running on my Raspberry Pi.

Assumptions you have setup your Raspberry Pi with Raspbian with a static IP, and allowed port 80 through your firewall to that static IP address.

Please remember to make sure you OS is up to date:

sudo apt-get update; sudo apt-get upgrade

Installing Nginx

The first peace of software you will need to install is Nginx

sudo apt-get install nginx

Now we can start Nginx

sudo /etc/init.d/nginx start

You can now test if it’s working by putting in the IP address of your server in a browser to see if it works e.g. http://192.168.0.1

The browser will now display a Page saying “Welcome to nginx”

Install PHP

Use the next command to install PHP

sudo apt-get install php5-fpm

Now we need to make some configuration changes, now we need to make some configuration changes

sudo nano /etc/nginx/sites-available/default

Scroll down the configuration file and uncomment by removing the #

listen 80; ## listen for ipv4; this line is default and implied

Set the serve name to your server name

server_name www.webwhitenoise.com;

Change the index line to the following

index index.php index.html index.htm;

Uncomment the next section in the configuration file

location ~ \.php$ {
 fastcgi_split_path_info ^(.+\.php)(/.+)$;
 # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
 
 # # With php5-cgi alone:
 # fastcgi_pass 127.0.0.1:9000;
 
 # # With php5-fpm:
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_index index.php;
 include fastcgi_params;
 }

Now exit from nano and remember to save the changes

Now we need to edit the php.ini configuration file

sudo nano /etc/php5/fpm/php.ini

Find cgi.fix_pathinfo in the file and change it as follows

cgi.fix_pathinfo=0

Now we need to reload PHP and Nginx

sudo /etc/init.d/php5-fpm reload && sudo /etc/init.d/nginx reload

You can now test if PHP is working on Nginx by adding a index.php file tot he root of the server

cd /usr/share/nginx/www
sudo nano index.php

Add the following line to the file

<?php phpinfo(); ?>

If you now refresh the webpage we opened earlier in the browser it shlould display the PHP info page.

Install MySQL server

Now we install MYSQL

sudo apt-get install mysql-server

As a part of this process you will be prompted to enter a password, this password will be the root password for MySQL.

Once this process completes install MySQL Client and MySQL PHP components

sudo apt-get install mysql-client php5-mysql

Now we need to setup a database and user in MySQL

Connect to the MySQL Server using the root user, you will be prompted for the password

mysql -uroot -hlocalhost -p

We now create a database, wordpressdb represents the name of the database

CREATE DATABASE wordpressdb;

Now we create a user for WordPress to use to access the database, wordpressuser represents the user id and password_here a password. Root should not be used

CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'password_here';

Now we grant this user access tot he database

GRANT ALL PRIVILEGES ON wpdb.* TO 'wordpressuser'@'localhost';

Flush the privileges for the changes to take effect

FLUSH PRIVILEGES;

Now press CTRL + C to exit MySQL

Now test the username against the database

mysql -uwordpressuser -hlocalhost wordpressdb -p

Now press CTRL + C to exit MySQL

Finished

You now have a working server server with Nginx, PHP and MySQL ready to use.

Gator DVR Car Recorder Camera DVR308

Here is a warning about the Gator DVR Car Recorder Camera DVR308 that Supercheap Auto as selling in Australia.

  • The picture quality of the video is grainy, this is not a serious problem as it’s good enough to see what is happening in the picture.Screen Grab from Video
  • Video files are broken into 15min files, a program like VirtualDub can join these files with little problem. (Join AVI files with VirtualDub)
  • The big problem is the quality of the suction cup and it’s mechanism, the plastic is heat sensitive and will deform if left in your car. The spring is strong enough for the suction cup to cause it to deform the plastic while installed in a hot car. In Australia cars get hot inside the mount just doesn’t cope.

    Heat Dent

    Dent from spring pressure and Heat

    Gator Platic Melt

    Plastic has melted around base

  • The spring loaded clip has a seam in the plastic at the hinge this breaks if you keep removing it from a surface. (Design flaw)seam

I would advise people to get something better than this camera.

Fuji Xerox WorkCentre 4250

The default username and password for the Xerox WorkCentre 4250 is as follows:

Username: admin
Password: 1111

When accessing the web interface of the Xerox WorkCentre 4250 Default if you attempt to change any settings you will be prompted for this username and password. The default that the copier is set to is in my experience not clearly identified in the manual.

When accessing the administrator menus on the copier the code 1111 is used.

Fuji Xerox DocuCentre-IV C2260 Default Password

The default username and password for the Fuji Xerox DocuCentre-IV C2260 is as follows:

Username: 11111
Password: x-admin

When accessing the web interface of the Fuji Xerox DocuCentre-IV C2260 if you attempt to change any settings you will be prompted for this username and password. The default that the copier is set to is in my experience not clearly identified in the manual.

When accessing the administrator menus on the copier the code 11111 is used.

Fuji Xerox DocuCentre-III 3007 Default Password

The default username and password for the Fuji Xerox DocuCentre-III 3007 is as follows:

Username: 11111
Password: x-admin

When accessing the web interface of the Fuji Xerox DocuCentre-III 3007 if you attempt to change any settings you will be prompted for this username and password. The default that the copier is set to is in my experience not clearly identified in the manual.

When accessing the administrator menus on the copier the code 11111 is used.

Fuji Xerox DocuCentre 1085 Default Password

The default username and password for the Fuji Xerox DocuCentre 1085 is as follows:

Username: admin
Password: x-admin

When accessing the web interface of the Fuji Xerox DocuCentre 1085 f you attempt to change any settings you will be prompted for this username and password. The default that the copier is set to is in my experience not clearly identified in the manual.

Fuji Xerox DocuCentre-III 2007 Default Password

The default username and password for the Fuji Xerox DocuCentre-III 2007 is as follows:

Username: 11111
Password: x-admin

When accessing the web interface of the Fuji Xerox DocuCentre-III 2007 if you attempt to change any settings you will be prompted for this username and password. The default that the copier is set to is in my experience not clearly identified in the manual.

When accessing the administrator menus on the copier the code 11111 is used.