Ghosts in our 6 New Ubiquity Pros - provision issues.

Brielle Bruns bruns at 2mbit.com
Fri Jun 19 18:21:17 UTC 2015


On 6/19/15 10:57 AM, Bob Evans wrote:
> Thank You Charles,
> Been on NANOG a while - all the basic stuff we know well. Like, cables,
> cluster occurrences etc. Looking for the UniFi specific experience. Its
> not the switches, power, cables, ports show no CRC issues etc.
>
> We even setup another network with just 2 and it happens randomly - so its
> some code or something.  Think I'm going to let one of the guys here login
> the the controller and see if we missed a setting in the latest code.
> NANOGs real good at having someone with specific targeted knowledge
> appear.
>

I've got a bunch of regular UAPs spread out over multiple customers with 
various network setups including ERLs as routers, CenturyLink POS modems 
of various generations, Dink routers, etc.

My controller is hosted off-site in Tacoma in our data center.

Some issues I've run into, particularly on the consumer devices like the 
older CenturyLink/Qwest modems...

1) Broken MTU clamping/fixing on PPPoE links, causing the UAPs to have 
problems making a connection to the remote controller.

Worked around by messing with the MSS using iptables on specifically the 
tcp/8080 and tcp/8443 port on the controller end.

Other devices, had to make sure to disable the firewall feature on 
modem, in order to get it to stop eating ICMP packets (and thus breaking 
pmtu).

2) Faulty DNS server daemons on the routers.  The UAPs would have issues 
randomly resolving the controller's IP address from hostname.  Have this 
problem time to time with anyone using the built in DNS servers on the 
CenturyLink/Qwest modems.

Resolved this issue by statically defining IP and DNS servers on the 
UAPs (DNS server set to 8.8.8.8).  Also had to disable the firewall on 
one of the routers to get it to not intercept/mangle DNS packets.

These two issues alone have caused me major issues with the devices 
randomly being unable to get new configurations or download firmware 
updates.


On network switches connected to the UAPs, make sure that you've got the 
port set to whatever the switches' version of cisco 'portfast' is.

In the Site Settings under the Unifi controller, disable "Enable 
connectivity monitor and wireless uplink" and see if the problem eases 
up.  If you need to use the uplink monitor, manually set the IP you want 
to check with, and make sure the UAPs can actually ping said IP.


I'm the head mod for /r/Ubiquiti, so feel free to bounce things off of 
me privately with your Unifi setup, and I'll be happy to give you a 
hand.  I can also direct you to the unofficial Ubnt IRC channel where 
you can get a bunch more opinions.


-- 
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org    /     http://www.ahbl.org



More information about the NANOG mailing list