Business WIFI Planning and Deployment
-
@black3dynamite said in Business WIFI Planning and Deployment:
Have anyone ever used Aruba http://www.arubanetworks.com/?
we have aruba stuff at work.
switches are ok, no problem nice stuff.
APs are also great, I really like the virtual controlled embedded in APs and set inHA by default (the virtual controller dies? it its respawn on another AP).
main issue you must find a tech which is able to tune the load balancing... we are still struggling at it...
an UI is terrible. -
@tim_g said in Business WIFI Planning and Deployment:
Just curious why nobody likes or recommends Mikrotiks?
our ISP uses mikrotik grear. we have radio backup un mikrotik antennas.
-
@tim_g if you look at the mikrotik switch offering it is quite limited wrt Ubiquiti
-
I purchased the access points... Do I need a "Cloud Key"?
-
@ccwtech No, most of us spin up a virtual machine and install the controller on it.
-
Ok, so it's software (and not hardware?)
Can it be installed on an existing server?
I have two virtual servers 1 DC/DHCP/DNS and 1 is Applications server.
-
@ccwtech said in Business WIFI Planning and Deployment:
I purchased the access points... Do I need a "Cloud Key"?
For the cost of a cloud key, you can have a Vultr VPS running for well over a year.
-
@ccwtech said in Business WIFI Planning and Deployment:
Ok, so it's software (and not hardware?)
Can it be installed on an existing server?
I have two virtual servers 1 DC/DHCP/DNS and 1 is Applications server.
If you have additional storage space ( say 30 GB) and some RAM/CPU left over, you can spin up another Linux VM for free on your virtual platform and install it there.
-
@dashrender Any particular 'flavor' of linux?
-
@ccwtech Debian or Ubuntu is what is supported.
-
If I don't want to go the VM option, is this the only other thing that I need? The router is Meraki and the switches are Netgear.
-
@ccwtech It is a waste of money...
Here is a how to @JaredBusch put together on setting up the controller on Debian
https://mangolassi.it/topic/14601/how-to-install-the-ubiquiti-unifi-controller-on-debian-9-1
-
If I go cloud based, can I have 1 VM for all of my different clients (different companies) or do I need to have one for each client?
-
@ccwtech You can use 1 and create sites for each client. That is what I do.
-
@brianlittlejohn said in Business WIFI Planning and Deployment:
@ccwtech You can use 1 and create sites for each client. That is what I do.
Exactly, JB has like 20 clients on one VM.
-
Ok, how do I tell the AP's to look to a cloud based server instead of a local one for the controller?
-
@ccwtech said in Business WIFI Planning and Deployment:
Ok, how do I tell the AP's to look to a cloud based server instead of a local one for the controller?
DNS entry for "unifi"
Or manually log into them and repoint them.
Or the UniFi apps.
-
Ok, and the DNS for "unifi" would point to the public IP of the virtual server on the Vultr is that right?
What port forwarding needs to be done? (If any)
-
@ccwtech said in Business WIFI Planning and Deployment:
Ok, and the DNS for "unifi" would point to the public IP of the virtual server on the Vultr is that right?
What port forwarding needs to be done? (If any)
on your office networks? nothing . the APs make outbound connections to the controller.
On the UniFi Controller side? 80/443 for the web interface (i recommend only 443 obviously). Then 8080 for the inform
-
Looks like my UniFi controller is listening on 8443 for web traffic. I am not sure why. But this was setup years and years ago when I did not have the resources I do now.
I guess I need to make a new controller for myself to verify defaults and put this back to whatever those defaults are.
This is the config of my Nginx Reverse proxy in front of the UniFi controller.
[jbusch@nginxproxy ~]$ sudo cat /etc/nginx/conf.d/unifi.bundystl.com.conf [sudo] password for jbusch: server { client_max_body_size 40M; listen 443 ssl; server_name unifi.bundystl.com; ssl on; ssl_certificate /etc/letsencrypt/live/support.bundystl.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/support.bundystl.com/privkey.pem; ssl_stapling on; ssl_stapling_verify on; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_dhparam /etc/ssl/certs/dhparam.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.254.0.32:8443/; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } server { client_max_body_size 40M; listen 80; server_name unifi.bundystl.com; rewrite ^ https://$server_name$request_uri? permanent;
