* Official Ubiquiti Discussion Thread *

Martynt74 · 1 Jun 2018 at 08:12

Haha yeah that always helps!

Glad you've got it sorted.

lmfy2k · 2 Jun 2018 at 13:22

WJA96 said:
Mikrotik recommend the antennae be set at 90 degrees from one another - the infamous rabbit-ears!

From what I can see, the antennae are at 90 degrees, which is what I would also have done, except I would have put one standing straight up and the other lying flat down. My understanding is that it is more important for the 5GHz than the 2.4GHz, but I don’t know why.

Hey mate, just out of interest, do you have any switch level security for the external Ethernet? ie, to stop someone unplugging the cable from the AP and plugging into a laptop to get access to the network?

any ideas what can be done to make this more secure? ive enabled MAC ACL on the 1 port on my managed switch (Zyxel GS1900) but that is not very secure.

Caged · 2 Jun 2018 at 17:02

You could tag a random VLAN on the port and tell the AP to tag packets with the same VLAN, then set the untagged VLAN to something that doesn't go anywhere.

It's a bit security through obscurity but there's not much else you can do without 802.1x.

WJA96 · 2 Jun 2018 at 17:32

lmfy2k said:
Hey mate, just out of interest, do you have any switch level security for the external Ethernet? ie, to stop someone unplugging the cable from the AP and plugging into a laptop to get access to the network?

any ideas what can be done to make this more secure? ive enabled MAC ACL on the 1 port on my managed switch (Zyxel GS1900) but that is not very secure.

On the VLAN it’s on, the CIDR block is severely restricted, DHCP is turned off and all fixed IP addresses are reserved. So it’s pretty locked down. And for physical security - no, I don’t have anything but apparently there is a simple locking device you can fit to the RJ45 ports - Portblocker.

lmfy2k · 2 Jun 2018 at 18:24

Thanks guys. Il look into it.

ChrisD. · 4 Jun 2018 at 15:19

Caged said:
You could tag a random VLAN on the port and tell the AP to tag packets with the same VLAN, then set the untagged VLAN to something that doesn't go anywhere.

It's a bit security through obscurity but there's not much else you can do without 802.1x.

Not hugely secure if someone really wants to get it, it's just a tag in the header.

Caged · 4 Jun 2018 at 20:19

Yeah I think I acknowledged that by admitting it was just security through obscurity. Anything is, shy of physically locking the AP away in a plastic box or implementing 802.1x.

Martynt74 · 6 Jun 2018 at 20:13

I'm having a weird issue.

My wife and sons mobile phones (one Android, one Iphone), has suddenly lost connection to my network. It sees the network but shows as connected with no internet. However it doesn't show in my controller software.

My phone (iphone), connects perfectly fine, as do all computers and other devices (Amazon Fire tvs, Alexa devices and Xbox).

I've ended up creating a second network which they can connect to and use the internet ok.

Any ideas what i can try as this whole second network isn't ideal.

Cheers

the-evaluator · 7 Jun 2018 at 06:55

What firmware do you have on your access points? I had a very similar problem in the past and a firmware update sorted it.

Martynt74 · 7 Jun 2018 at 07:04

I seem to have lost one of them!

But the one that’s still up is on 3.9.27.8537

I don’t see an option to upgrade it so I assume it’s the latest.

the-evaluator · 7 Jun 2018 at 09:00

Yeah, that's the latest. As I said, it was quite some time ago I had that problem so I would have been surprised if you were using firmware that old.

Have you tried to delete the network connection from the phone and then reconnect?

Martynt74 · 7 Jun 2018 at 09:04

Yes, tried that.

It happened very briefly on my phone too but then seemed to fix itself quite quickly. I think i'll give it a few days and see if it sorts itself out!

Kol · 7 Jun 2018 at 09:24

When they're connected, can you go into the connection and check everything is there (IP, DNS, gateway etc.)?

Martynt74 · 7 Jun 2018 at 09:26

Yeah everything was populated as expected (i assume you mean the AP)

As soon as a created a secondary "Test" network, the phones picked it up and connected to the AP straight away.

lmfy2k · 7 Jun 2018 at 09:51

Marvt74 said:
Yeah everything was populated as expected (i assume you mean the AP)

As soon as a created a secondary "Test" network, the phones picked it up and connected to the AP straight away.

Think he means on the phone, when your connected to Wifi, you can go into Wifi settings on the phone and it will show you IP details, need to confirm its getting everything from DHCP, my guess maybe DNS issues?

Martynt74 · 7 Jun 2018 at 09:52

Ok i'll check tonight when i get home. Seems weird to have suddenly stopped working though?

Kol · 7 Jun 2018 at 10:02

Yup, that's right @lmfy2k - just worth checking nothing has been adjusted by accident. You don't have pi hole or anything running do you / anything that's required the DNS manually setting?

Martynt74 · 7 Jun 2018 at 10:15

No, nothing like that. Just a laptop running the controller software and a few HD's plugged in as a server. The whole thing has been running beautifully for about a month and then suddenly this.

Steveocee · 7 Jun 2018 at 13:56

Not mine but one I'm setting up for a client at work. 7 AC Pro's, 2 of the 8 port 150W switches and a MikroTik RB2011 to route them.

lmfy2k · 7 Jun 2018 at 15:18

very nice

any VLANs?

*** Official Ubiquiti Discussion Thread ***

* Official Ubiquiti Discussion Thread *