Wednesday, 9 September 2015

Ubiquiti AirOS 5.6 Virtual SSID Step by Step

14:18 Posted by Jurgens Krause , , , , , , 10 comments

One of the big gripes that people have with Ubiquiti is the lack of support for Virtual SSIDs. Here is a step by step tutorial for setting up VSSIDs on Airos 5.6 devices with Vlans back to the upstream router. Please note that you will not be able to use Airmax when you have Virtual SSIDs.

This tutorial is based on information from the Ubiquiti Forums, specifically this post by AnubisSL.

Step 1 - Make sure you are running the latest version of AirOS


Step 2 - Configure the first SSID as you would under normal circumstances

Step 3 - Download the config file from the device and open it using a text editor

Step 4 - Edit the config file

4.1a - Without VLAN use this if you don't need to vlan the second SSID
Under the "bridge" section, create a new bridge port. The port number, "3" in this example should be incremented by one from the previous highest number. The devname, in this case "ath1" is also one more than the previous, in this case "ath0"
bridge.1.port.3.devname=ath1
bridge.1.port.3.prio=20
bridge.1.port.3.status=enabled

4.1b - With VLAN use this if you want to place the clients on the second SSID in a VLAN
Under the "bridge" section, create a new bridge, incrementing the last used by one. Add the ethernet interface, as well as the new (virtual) wireless interface (created later on). The ethernet device name is noted as eth0.vlanid (in this case vlan10).
The device name for bridge.2 would be br1  for bridge.3 it would be br2 and so on.
bridge.2.comment=Management
bridge.2.devname=br1
bridge.2.port.1.devname=eth0.10
bridge.2.port.1.status=enabled
bridge.2.port.2.devname=ath1
bridge.2.port.2.status=enabled
bridge.2.status=enabled
bridge.2.stp.status=disabled
4.2 Under the "ebtables" section, add the new device, incrementing the number "2" as appropriate, and using the device name created above.

Without VLAN
ebtables.sys.eap.2.status=enabled
ebtables.sys.eap.2.devname=ath1
ebtables.sys.arpnat.2.status=enabled
ebtables.sys.arpnat.2.devname=ath1

With VLAN (note, you can also create the VLAN using the web interface)
ebtables.sys.eap.2.status=enabled
ebtables.sys.eap.2.devname=ath1
ebtables.sys.arpnat.2.status=enabled
ebtables.sys.arpnat.2.devname=ath1
ebtables.sys.vlan.1.comment=VirtualSSID
ebtables.sys.vlan.1.devname=eth0
ebtables.sys.vlan.1.id=10
ebtables.sys.vlan.1.status=enabled
ebtables.sys.vlan.status=enabled
4.3 Under the "netconf" section add the information below incrementing "4" as needed. make sure you use the same device name as above
netconf.4.up=enabled
netconf.4.status=enabled
netconf.4.role=bridge_port
netconf.4.promisc=enabled
netconf.4.netmask=255.255.255.0
netconf.4.mtu=1500
netconf.4.ip=0.0.0.0
netconf.4.hwaddr.status=disabled
netconf.4.hwaddr.mac=
netconf.4.devname=ath1
netconf.4.autoip.status=disabled
netconf.4.allmulti=enabled

4.4 Add the following under the "radio" section, specifying radio.1 as the parent device, and incrementing the virtual device number as needed
radio.1.virtual.1.status=enabled
radio.1.virtual.1.devname=ath1
radio.1.virtual.1.mode=master

4.5 Add the following under the "wireless" section, using the next available number, and choose a sensible SSID name

wireless.2.wmm=enabled
wireless.2.wds.status=disabled
wireless.2.status=enabled
wireless.2.ssid=NEWSSID     <= CHANGE TO ACTUAL SSID OF VIRTUAL AP
wireless.2.l2_isolation=enabled    <= CHANGE TO 'disabled' IF NO ISOLATION IS REQUIRED
wireless.2.hide_ssid=disabled
wireless.2.autowds=disabled
wireless.2.authmode=1
wireless.2.ap=
wireless.2.addmtikie=enabled
wireless.2.devname=ath1

4.6 Unless you need security, you can save the file and upload it to your device. That is all.

4.6 If you want to enable security, add the following under the "aaa" section, changing the values appropriately
aaa.2.devname=ath1     <= CHANGE TO ACTUAL DEVICE OF VIRTUAL AP
aaa.2.driver=madwifi
aaa.2.radius.auth.1.status=disabled
aaa.2.ssid=NEWSSID     <= CHANGE TO ACTUAL SSID OF VIRTUAL AP
aaa.2.status=enabled
aaa.2.wpa.1.pairwise=TKIP CCMP
aaa.2.wpa.key.1.mgmt=WPA-PSK
aaa.2.wpa.psk=PASSWORD     <= CHANGE TO REQUIRED PASSWORD OF VIRTUAL AP
aaa.2.wpa.mode=2

That's it, you can now upload the new config, and reboot the device!

Limitations:
NO AIRMAX!
NO 10MHZ channels
i think that's it

10 comments:

  1. Other limitation would be the amount of VAP's you can do.. as long as i remember was 8 doesn't it?

    ReplyDelete
  2. hi, sorry but for my not work, work with 1 ssid wpa2 an 1 virtual open, but is impossible for my make two ssid with wpa2 security, how I will can make this work? I am use ver 5.5.6

    ReplyDelete
    Replies
    1. You should check that you use minimum 8 printable ASCII chars, maximum 63 for WPA passphrase.

      Delete
  3. This comment has been removed by the author.

    ReplyDelete
  4. Hi!
    Can someone explain me briefly the real benefits of the hyped AirMax technology in I'm using a single airRouter at home ?

    I mean, what would I lose if AirMax is disabled ?

    ReplyDelete
  5. Don't forget to check the config setting:
    ebtables.sys.arpnat.status=enabled
    Without this (at least in Bridge mode) my additional virtual SSIDs were visible, and could be associated with, but had no network connectivity.

    ReplyDelete
  6. was up dudes, it work in XM and XW firmwares? and 5.6.8 version?

    ReplyDelete
  7. Hi, I have been trying to get a Ubiquiti bullet to have multiple SSID's and it keeps failing. Could you lend me a hand? How do I get in touch?

    ReplyDelete