Ubiquiti AirOS 5.6 Virtual SSID Step by Step
One of the big gripes that people have with Ubiquiti is the lack of support for Virtual SSIDs. Here is a step by step tutorial for setting up VSSIDs on Airos 5.6 devices with Vlans back to the upstream router. Please note that you will not be able to use Airmax when you have Virtual SSIDs.
This tutorial is based on information from the Ubiquiti Forums, specifically this post by AnubisSL.
Step 1 - Make sure you are running the latest version of AirOS
Step 2 - Configure the first SSID as you would under normal circumstances
Step 3 - Download the config file from the device and open it using a text editor
Step 4 - Edit the config file
4.1a - Without VLAN use this if you don't need to vlan the second SSID
Under the "bridge" section, create a new bridge port. The port number, "3" in this example should be incremented by one from the previous highest number. The devname, in this case "ath1" is also one more than the previous, in this case "ath0"
Under the "bridge" section, create a new bridge port. The port number, "3" in this example should be incremented by one from the previous highest number. The devname, in this case "ath1" is also one more than the previous, in this case "ath0"
bridge.1.port.3.devname=ath1
bridge.1.port.3.prio=20
bridge.1.port.3.status=enabled
bridge.1.port.3.prio=20
bridge.1.port.3.status=enabled
4.1b - With VLAN use this if you want to place the clients on the second SSID in a VLAN
Under the "bridge" section, create a new bridge, incrementing the last used by one. Add the ethernet interface, as well as the new (virtual) wireless interface (created later on). The ethernet device name is noted as eth0.vlanid (in this case vlan10).
The device name for bridge.2 would be br1 for bridge.3 it would be br2 and so on.
bridge.2.comment=Management
bridge.2.devname=br1
bridge.2.port.1.devname=eth0.10
bridge.2.port.1.status=enabled
bridge.2.port.2.devname=ath1
bridge.2.port.2.status=enabled
bridge.2.status=enabled
bridge.2.stp.status=disabled
bridge.2.devname=br1
bridge.2.port.1.devname=eth0.10
bridge.2.port.1.status=enabled
bridge.2.port.2.devname=ath1
bridge.2.port.2.status=enabled
bridge.2.status=enabled
bridge.2.stp.status=disabled
4.2 Under the "ebtables" section, add the new device, incrementing the number "2" as appropriate, and using the device name created above.
Without VLAN
Without VLAN
ebtables.sys.eap.2.status=enabled
ebtables.sys.eap.2.devname=ath1
ebtables.sys.arpnat.2.status=enabled
ebtables.sys.arpnat.2.devname=ath1
ebtables.sys.eap.2.devname=ath1
ebtables.sys.arpnat.2.status=enabled
ebtables.sys.arpnat.2.devname=ath1
With VLAN (note, you can also create the VLAN using the web interface)
ebtables.sys.eap.2.status=enabled
ebtables.sys.eap.2.devname=ath1
ebtables.sys.arpnat.2.status=enabled
ebtables.sys.arpnat.2.devname=ath1
ebtables.sys.vlan.1.comment=VirtualSSID
ebtables.sys.vlan.1.devname=eth0
ebtables.sys.vlan.1.id=10
ebtables.sys.vlan.1.status=enabled
ebtables.sys.vlan.status=enabled
ebtables.sys.eap.2.devname=ath1
ebtables.sys.arpnat.2.status=enabled
ebtables.sys.arpnat.2.devname=ath1
ebtables.sys.vlan.1.comment=VirtualSSID
ebtables.sys.vlan.1.devname=eth0
ebtables.sys.vlan.1.id=10
ebtables.sys.vlan.1.status=enabled
ebtables.sys.vlan.status=enabled
4.3 Under the "netconf" section add the information below incrementing "4" as needed. make sure you use the same device name as above
netconf.4.up=enabled
netconf.4.status=enabled
netconf.4.role=bridge_port
netconf.4.promisc=enabled
netconf.4.netmask=255.255.255.0
netconf.4.mtu=1500
netconf.4.ip=0.0.0.0
netconf.4.hwaddr.status=disabled
netconf.4.hwaddr.mac=
netconf.4.devname=ath1
netconf.4.autoip.status=disabled
netconf.4.allmulti=enabled
netconf.4.status=enabled
netconf.4.role=bridge_port
netconf.4.promisc=enabled
netconf.4.netmask=255.255.255.0
netconf.4.mtu=1500
netconf.4.ip=0.0.0.0
netconf.4.hwaddr.status=disabled
netconf.4.hwaddr.mac=
netconf.4.devname=ath1
netconf.4.autoip.status=disabled
netconf.4.allmulti=enabled
4.4 Add the following under the "radio" section, specifying radio.1 as the parent device, and incrementing the virtual device number as needed
radio.1.virtual.1.status=enabled
radio.1.virtual.1.devname=ath1
radio.1.virtual.1.mode=master
radio.1.virtual.1.devname=ath1
radio.1.virtual.1.mode=master
4.5 Add the following under the "wireless" section, using the next available number, and choose a sensible SSID name
wireless.2.wmm=enabled
wireless.2.wds.status=disabled
wireless.2.status=enabled
wireless.2.ssid=NEWSSID <= CHANGE TO ACTUAL SSID OF VIRTUAL AP
wireless.2.l2_isolation=enabled <= CHANGE TO 'disabled' IF NO ISOLATION IS REQUIRED
wireless.2.hide_ssid=disabled
wireless.2.autowds=disabled
wireless.2.authmode=1
wireless.2.ap=
wireless.2.addmtikie=enabled
wireless.2.devname=ath1
wireless.2.wds.status=disabled
wireless.2.status=enabled
wireless.2.ssid=NEWSSID <= CHANGE TO ACTUAL SSID OF VIRTUAL AP
wireless.2.l2_isolation=enabled <= CHANGE TO 'disabled' IF NO ISOLATION IS REQUIRED
wireless.2.hide_ssid=disabled
wireless.2.autowds=disabled
wireless.2.authmode=1
wireless.2.ap=
wireless.2.addmtikie=enabled
wireless.2.devname=ath1
4.6 Unless you need security, you can save the file and upload it to your device. That is all.
4.6 If you want to enable security, add the following under the "aaa" section, changing the values appropriately
aaa.2.devname=ath1 <= CHANGE TO ACTUAL DEVICE OF VIRTUAL AP
aaa.2.driver=madwifi
aaa.2.radius.auth.1.status=disabled
aaa.2.ssid=NEWSSID <= CHANGE TO ACTUAL SSID OF VIRTUAL AP
aaa.2.status=enabled
aaa.2.wpa.1.pairwise=TKIP CCMP
aaa.2.wpa.key.1.mgmt=WPA-PSK
aaa.2.wpa.psk=PASSWORD <= CHANGE TO REQUIRED PASSWORD OF VIRTUAL AP
aaa.2.wpa.mode=2
aaa.2.driver=madwifi
aaa.2.radius.auth.1.status=disabled
aaa.2.ssid=NEWSSID <= CHANGE TO ACTUAL SSID OF VIRTUAL AP
aaa.2.status=enabled
aaa.2.wpa.1.pairwise=TKIP CCMP
aaa.2.wpa.key.1.mgmt=WPA-PSK
aaa.2.wpa.psk=PASSWORD <= CHANGE TO REQUIRED PASSWORD OF VIRTUAL AP
aaa.2.wpa.mode=2
That's it, you can now upload the new config, and reboot the device!
Limitations:
NO AIRMAX!
NO 10MHZ channels
i think that's it
Comments
Post a Comment