Ubiquiti AirOS 5.6 Virtual SSID Step by Step



One of the big gripes that people have with Ubiquiti is the lack of support for Virtual SSIDs. Here is a step by step tutorial for setting up VSSIDs on Airos 5.6 devices with Vlans back to the upstream router. Please note that you will not be able to use Airmax when you have Virtual SSIDs.

This tutorial is based on information from the Ubiquiti Forums, specifically this post by AnubisSL.

Step 1 - Make sure you are running the latest version of AirOS


Step 2 - Configure the first SSID as you would under normal circumstances

Step 3 - Download the config file from the device and open it using a text editor

Step 4 - Edit the config file

4.1a - Without VLAN use this if you don't need to vlan the second SSID
Under the "bridge" section, create a new bridge port. The port number, "3" in this example should be incremented by one from the previous highest number. The devname, in this case "ath1" is also one more than the previous, in this case "ath0"
bridge.1.port.3.devname=ath1
bridge.1.port.3.prio=20
bridge.1.port.3.status=enabled

4.1b - With VLAN use this if you want to place the clients on the second SSID in a VLAN
Under the "bridge" section, create a new bridge, incrementing the last used by one. Add the ethernet interface, as well as the new (virtual) wireless interface (created later on). The ethernet device name is noted as eth0.vlanid (in this case vlan10).
The device name for bridge.2 would be br1  for bridge.3 it would be br2 and so on.
bridge.2.comment=Management
bridge.2.devname=br1
bridge.2.port.1.devname=eth0.10
bridge.2.port.1.status=enabled
bridge.2.port.2.devname=ath1
bridge.2.port.2.status=enabled
bridge.2.status=enabled
bridge.2.stp.status=disabled
4.2 Under the "ebtables" section, add the new device, incrementing the number "2" as appropriate, and using the device name created above.

Without VLAN
ebtables.sys.eap.2.status=enabled
ebtables.sys.eap.2.devname=ath1
ebtables.sys.arpnat.2.status=enabled
ebtables.sys.arpnat.2.devname=ath1

With VLAN (note, you can also create the VLAN using the web interface)
ebtables.sys.eap.2.status=enabled
ebtables.sys.eap.2.devname=ath1
ebtables.sys.arpnat.2.status=enabled
ebtables.sys.arpnat.2.devname=ath1
ebtables.sys.vlan.1.comment=VirtualSSID
ebtables.sys.vlan.1.devname=eth0
ebtables.sys.vlan.1.id=10
ebtables.sys.vlan.1.status=enabled
ebtables.sys.vlan.status=enabled
4.3 Under the "netconf" section add the information below incrementing "4" as needed. make sure you use the same device name as above
netconf.4.up=enabled
netconf.4.status=enabled
netconf.4.role=bridge_port
netconf.4.promisc=enabled
netconf.4.netmask=255.255.255.0
netconf.4.mtu=1500
netconf.4.ip=0.0.0.0
netconf.4.hwaddr.status=disabled
netconf.4.hwaddr.mac=
netconf.4.devname=ath1
netconf.4.autoip.status=disabled
netconf.4.allmulti=enabled

4.4 Add the following under the "radio" section, specifying radio.1 as the parent device, and incrementing the virtual device number as needed
radio.1.virtual.1.status=enabled
radio.1.virtual.1.devname=ath1
radio.1.virtual.1.mode=master

4.5 Add the following under the "wireless" section, using the next available number, and choose a sensible SSID name
wireless.2.wmm=enabled
wireless.2.wds.status=disabled
wireless.2.status=enabled
wireless.2.ssid=NEWSSID     <= CHANGE TO ACTUAL SSID OF VIRTUAL AP
wireless.2.l2_isolation=enabled    <= CHANGE TO 'disabled' IF NO ISOLATION IS REQUIRED
wireless.2.hide_ssid=disabled
wireless.2.autowds=disabled
wireless.2.authmode=1
wireless.2.ap=
wireless.2.addmtikie=enabled
wireless.2.devname=ath1

4.6 Unless you need security, you can save the file and upload it to your device. That is all.

4.6 If you want to enable security, add the following under the "aaa" section, changing the values appropriately
aaa.2.devname=ath1     <= CHANGE TO ACTUAL DEVICE OF VIRTUAL AP
aaa.2.driver=madwifi
aaa.2.radius.auth.1.status=disabled
aaa.2.ssid=NEWSSID     <= CHANGE TO ACTUAL SSID OF VIRTUAL AP
aaa.2.status=enabled
aaa.2.wpa.1.pairwise=TKIP CCMP
aaa.2.wpa.key.1.mgmt=WPA-PSK
aaa.2.wpa.psk=PASSWORD     <= CHANGE TO REQUIRED PASSWORD OF VIRTUAL AP
aaa.2.wpa.mode=2

That's it, you can now upload the new config, and reboot the device!

Limitations:
NO AIRMAX!
NO 10MHZ channels
i think that's it

Comments

Popular posts from this blog

DMASOFTLAB RADIUS MANAGER BILLING SYSTEM v 4.1 Finally Released

How To Configure Nano Station M2 As Access point