Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless Reviews

WLAN and User Groups

WLAN Groups are a nice feature in the UniFi controller. WLAN Groups make it easy to configure wireless settings to a lot of APs quickly and easily. To provision one or more SSIDs on multiple APs, create a WLAN Group with the desired SSIDs and security values, then apply the Group to the desired APs.

As you configure a WLAN, you'll see the options for configuring each SSID. UniFi supports all typical forms of wireless security, including WEP, WPA/WPA2 (TKIP and AES), and WPA-Enterprise utilizing RADIUS authentication.

I tested WLAN Groups by creating Group1 with two SSIDs, one called Smallnet1 and the other called Guest1, shown below. I set up the SSID called Smallnet1 with WPA2 security and I set up the SSID called Guest1 with guest restrictions. I then selected one of my APs and set its WLAN Group to Group1. Once the controller pushed the configs to the AP, it started broadcasting both SSIDs.

WLAN Group

WLAN Group

Using WLAN Groups also makes it possible to apply more advanced SSID configurations. To associate individual SSIDs with different VLANs, click the VLAN checkbox as shown below and enter the VLAN ID to be associated with the SSID.

VLANs

VLANs

I successfully tested UniFi's VLAN functionality. I connected one of the UniFi APs to an 802.1q trunk from one of my network switches with VLAN1 as the untagged VLAN and VLAN3 as the tagged VLAN. Via the UniFI controller, I left the Smallnet1 SSID without VLANs enabled, meaning it should be on the untagged VLAN. I modified the Guest1 SSID to be on VLAN 3.

I then wirelessly connected to my two SSIDs, Smallnet1 and Guest1. Clients on Smallnet1 were given an IP address from VLAN1 and clients on Guest1 were given an IP address from VLAN3 as expected, thus successfully demonstrating the UniFi controller's VLAN option and the UniFi AP's support for 802.1q trunking.

Another group feature is the ability to create a bandwidth restriction to a specific SSID. I created a user group called GuestUsers and applied upload and download bandwidth limits as shown below. I configured the Guest1 SSID to use the GuestUsers bandwidth controls.

User Bandwidth

User Bandwidth

I verified this feature by connecting to the Guest1 SSID, browsing to and running a speed test on speedtest.net, and obseved my results closely matched the settings I applied in the GuestUsers group.

There are a few other controls buried in the Settings > WLAN Group screen that may come in handy for optimizing user experience. The Minimum RSSI is kind of interesting. When enabled, it issues a de-auth packet to a client when it falls below the set RSSI threshold. Ubiquiti describes this as a "soft" approach in that it doesn't force the client to another AP. If the client decides to connect back to the same AP, the AP will allow it. But then the client will get de-authed again after "a duration".

User Bandwidth

User Bandwidth

The Load Balancing control sets a per AP limit for clients so that APs don't get overloaded. Note that there is no auto channel selection or auto power adjustment. The Wiki says each AP finds "a best channel" on power up and that "background-scanning and automatic runtime channel change is on the road map".

Guest/Hotspot Support

UniFi guest configuration, shown below, does not create a guest SSID or WLAN, but instead activates the guest security policy that can be applied to an SSID. A device connected to a UniFi SSID is considered a "guest" if connected to a UniFi SSID configured with the guest option, otherwise the device is considered a "user."

Guest networks by default restrict guests from accessing all private IP addresses. Additional IP address ranges can be configured as blocked or permitted on guest networks. Guest networks can optionally require password authentication, be configured as a hotspot, or interact with an external portal server for which Ubiquiti provides an API (application program interface).

Enable Guest Network

Enable Guest Network

In the previous discussion on WLAN Groups, the SSID Guest1 was created with guest restrictions. So when I connected to the Guest1 SSID, I was prompted to agree to the terms and conditions with the simple web page shown below. Once I clicked agree, I was able to surf the Internet but unable to ping or access any devices on the LAN, as would be expected. I configured my guest SSID with the default expiration of eight hours. But you can configure it so users have to re-authenticate on shorter or longer intervals.

Guest Authorization

Basic Guest Authorization

The hotspot and external portal server options allow creating addtional restrictions/controls to be placed on guest users. With the UniFi hotspot feature, you can customize portal login pages and bill user's PayPal account or credit card. Enabling the hotspot option provides options for voucher and payment configurations.

UniFi includes prebuilt payment options (shown below) for PayPal, plus credit card options including Stripe, Quickpay, Authorize.net, and Merchant Warrior. You need to set up your own account with one of these credit card payment providers, first. For example, if you select Authorize.net to create a credit card billed hotspot, additonal options become available to enter your Authorize.net API login ID and transaction key.

Paymnents

Payment Options

To further customize the guest portal and experience, UniFi can interact with an external server for managing guest customers. Ubiquiti provides an API to integrate the UniFi controller with applications such as billing software or other authentication programs.

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I'm looking at upgrading to the DS918+ from my DS413 due to the failure of a third power supply giving out in the 6+ years I've owned it, however, thi...
Let's start with the firmware question. I don't have a lot of experience with routers but I've read that some custom firmwares can limit certain route...
Hi all,I'd like to hear if any of you do have a "best" to do around Wireless settings on router ASUS RT-AC88U.Have installed Asuswrt Merlin newest ver...
I sadly found that my device is no longer supported (although it is not so old). I tried to build a new build from source codes (mainline branch), and...
I have a "Dark fighter" Hikvision camera and watch it through Open VPN with VPN server on an Asus 68u with asuswrt-merlin latest version. And before t...

Don't Miss These

  • 1
  • 2
  • 3