Ubiquiti UAP/USW Firmware Release Log: 3.8.3.6587

Here is my second attempt at creating a useful summary of release notes from Ubiquiti’s official release notes.

Some Helpful Notes

  1. The abbreviation UAPG1, UAPG2, UAPG3 standard for UniFi Access Point Generation 1, 2, 3 respectively Generation 3 includes UAP-AC-HD while Generation 2 includes UAP-AC-M and UAP-AC-M-Pro, I am unclear on where other devices fit generation wise.. See here.

Changes from 3.7.58 to 3.8.3.6587

  • UAPG3
  • UAPG3 and UAPG2
    • Improve ntpclient reliability. (My certainty that the linked to ntpclient is the one actually in use is low, there are other options available by the same name)
    • Allow Very High Throughput (VHT) VHT80 for Ukraine.
  • UAPG2
    • Fixed issue causing less than expected throughput in recent releases.
    • Wireless Uplink v3.* (Anyone know the differences between v1, v2, v3 and if any docs are available?)
  • UAPG1
    • Enable wireless uplink v3 for models which support wireless uplink.*
  • EDU
  • AC-IW/Pro/EDU/M-Pro
    • Basic switch QoS support.*
    • Add address resolution logic (ARL) caching support. (Is this equivalent to Address Resolution Protocol (ARP))?
  • UAP (aka User Access Point)
  • USW (aka Ubiquiti Switch)
  • USL2 (unsure what this denotes?)
    • Added support for US-L2-POE switches.*
    • Added Power Supply Unit (PSU) fail detection support.*
  • HW
    • Support SHA512 password for SSH password in system.cfg (except 1st gen APs).*
    • Pass HTTPS capabilities for fwupgrade process.
    • Various improvements.
    • Fix the issue preventing SSH login when the interface IP changed.

Ubiquiti UniFi Software Release Log: 5.5.19

 

Why?

  • Ubiquiti does versioning differently (I’m not saying wrong). While this is 5.5.19, most folks won’t be going from 5.5.18 to 5.5.19 and seeing only minor changes. Rather most of us are moving from 5.4.x (or earlier) to 5.5.19.
  • Ubiquiti is great in many ways, but their documentation (including release notes) are, imho, disappointing. I hope this will provide them with some ideas for how they could improve their release notes.
  • I have a hard time processing the seemingly random jumble of enhancements and fixes as found in Ubiquiti’s release notes, so this is partially to help myself understand the entirety of what is changing.
  • I hope that it will be helpful to others who use Ubiquiti and might be facing similar frustrations.

Help!

So, this really isn’t done. I’ll keep working on it, but I wanted to release something before it became too ancient and useless altogether. I’m hoping that folks will help flesh out some of the items I haven’t had a chance to flesh out in the comments and reduce the workload…really, sorting through all these release notes is quite the undertaking.

Warning

At some point these release notes may be good enough to rely upon instead of Ubiquiti’s official release notes. That time is not now. This was my first attempt, I learned a lot of lessons I’ll implement with my next set of release notes, but this is practical for me, and I don’t have unlimited oodles of time to sit around rewriting release notes. 🙂

Maybe there won’t ever need to be another set of release notes I provide. Maybe Ubiquiti will take the torch right out of my hands. Please, Ubiquit, do. 🙂

RADIUS

  • USG: Added support for FreeRADIUS (Settings –> Services –> Radius).
  • Removed RADIUS VLAN from wireless networks.
  • Allow RADIUS Profile secret to accept any string.
  • Hide RADIUS Profile secret for read-only admins.
  • Fixed RADIUS profile migration issue.
  • Added validation for RADIUS profile VLAN mode.
  • Removed BETA badge from RADIUS assigned VLAN for Wireless Network.
  • Extended RADIUS server validation so it does not allow disabling if there is a device that uses the Default Profile.
  • Used RADIUS assigned VLAN only for WPA-EAP.
  • Changed Revoke RADIUS user to Delete with new icon.

Hotspot/Guest Portal

  • Added Hotspot Analytics.
  • Relocated Hotspot 2.0 to Services section.
  • Fixed display HotSpot Analytics page when Guest Portal is disabled.
  • Added free-trial authorization column to Guests list in HotSpot Manager.
  • Added Gateway column in Payments and Social Views in HotSpot Manager.
  • Added HotSpot Manager link to site switched.
  • Disallowed SVG upload for guest portal images.
  • Changed guest authorization status to display expiration date when expired.
  • Now use Angular templates by default in Guest Authorization Settings.
  • Removed “new” badge from Angular templates and removed “beta” badge from template overrides and languages.
  • Fixed expiration dropdown on Guest Control settings page.
  • Display link to Hotspot Manager in Site Switcher only if Guest Portal is enabled.
  • Improved vouchers quota.

Statistics

  • Added Device Performance (CPU/Memory) on Statistics Page.
  • Added granularity to statistics (5m/1h/1d).
  • Fixed Statistics Overview initializer.
  • Switch Statistics now show when a device is connected to a port.
  • Now show only adopted APs in Recent Activities in Statistics.

Dashboard

  • Made Dashboard widgets configurable.
  • Made performance improvements to the Dashboard.
  • VPN status now displayed on dashboard.
  • Fixed content of tooltips on Dashboard page.
  • Increased precision of throughput chart on Dashboard page.
  • Adapt no data / no security gateway messages on Dashboard page.

VPN

  • Added L2TP over IPsec option for remote user VPN config.
  • Fixed Enabled VPN Client (VPN Network Settings).
  • Renamed vpn client to vpn type.
  • Enabled disabling of site-to-site VPN.
  • Show L2TP remote user VPN on dashboard and remote user VPN insights.
  • Improved VPN health status.

Firewall

  • Fixed changing rules order in firewall.
  • Enabled editing firewall settings when no USG is adopted.
  • Limited group name to 31 characters for firewalls.

WLAN

  • Raised the WLAN group load balance limit to 200.
  • Added WLAN broadcast/multicast blocking.
  • Added WLAN MAC ACL.
  • Added PMF controller to WLAN group settings.
  • Allow displaying WLAN schedule in 24 hour format when “Use 24-hour time” preference is on.

Insights

  • Improved Insights –> Switch stats.

APs

  • Added ability to batch restart APs.
  • Fixed group AP editing issue.
  • Added ability to mark rogue APs as known.
  • Added Access Point (AP) tagging.

DNS/DHCP

  • Added DHCP Default Domain Support.
  • Added FQDN or local validation to domain name.
  • Renamed Name Server placeholder to DNS Server.

Installs/Backups/Upgrades

  • Fixed various Auto Backup setting issues.
  • Adjusted unifi.init so it detects Oracle JDK 8 installed via PPA.
  • DB migration improvements.
  • Added progress bar for backup upload.
  • Added Migrate Site (Export Site) Wizard.

Clients

  • Rename all-time top client.
  • Allow batch editing of clients.
  • Added first seen column to Known Clients List page.

Migration/Cloud

  • Fixed a DB migration issue which caused stats to not be visible in the UI post upgrade when upgrading from <=5.4.x.
  • Showed DB migration progress.

Additional HW Support

Bundled Software

VoIP

  • USG: Removed deprecated VoIP configuration.
  • Removed VoIP option from available network purposes. (Old networks configured with VoIP are removed upon upgrade).
  • Removed VoIP Interface from Controller.

Minor Visuals

  • Updated color used for upload/download values.
  • Added special icons for UCK (aka UniFi Cloud Key) client.
  • Added color to RF scan results.
  • Added missing SFP module info tooltips for UniFi Switch.
  • Made various topology view improvements.
  • Display channel names in a new, consistent way.
  • Fixed tooltip position.
  • Animated map menu.
  • Highlighted Topology paths.
  • SVG Map zooming improved.
  • Fixed pending change tag color.
  • Allowed AP properties WLAN table to wrap.
  • Added button for toggling clients visibility on Topology View.
  • Added device configuration warning bar with real time input updates.
  • Made topology improvements.
  • Map Marker Button icon position has been tweaked.
  • Added save and close buttons to preferences.
  • Small UI improvements.
  • Updated firewall rule button styles.
  • Showed AP channel utilization in Properties and Devices list page.
  • Use bps instead of bytes per second.
  • Greyed out disabled WLAN rows in Property Panel.
  • Improved chart animations.
  • Added – as placeholder.
  • Prohibited deselecting current device in Performance view.
  • Added icon to switch port list.
  • Added admin overview (in site overview area).
  • Improve locate button behavior.
  • Improved date picker.
  • Improved Cloud Connection error tooltip.
  • Improved header icons.
  • Move the AP channel utilization graph into the header.
  • Handling ESC on cloud access modal.
  • Added expand/collapse icon to device list actions column.
  • Disallowed SVG image type in Maps.
  • Improved dynamic Dashboard.
  • Improved loading DPI statistics.
  • Improved Topology view.
  • Improved Image Map performance.

Misc Changes

  • Improved topology detection.
  • USG3: Enabled LAN2 support.
  • Minimum Rate Control now v2.
  • Added validation for USG/USW SNMP community string.
  • Set next hop for static route as default.
  • Set maximum SSDI length to 32 characters.
  • Improved Notify Device Requirement performance.
  • Removed config.properties USG ICMP items.
  • Ability to configure data retention for each granularity of statistics in settings/maintenance.
  • Added Force Provision button to Properties/Manage Device.
  • Show terminal for UAP-AC-IW.
  • Prohibited 0.0.0.0 as an address-group member (isn’t a valid entry in the firmware).
  • Improved some backend validations.
  • Enabled finding device on map in read only mode.
  • Display only historical rx/tx bytes on Known Clients page.
  • Enabled by default MSS clamping on VTI.
  • Added option to report WebRTC connection errors to the cloud.
  • Use lower scale Throughput graph to increase rendering performance on Safari/iOS.
  • Enabled tunneled reply by default.
  • Update OUI table.
  • Hid UGW port remap if UGW4 exists.
  • Use monthly value as default occurrence in Auto Backup settings.
  • Restore open panel functionality from device marker on map.
  • Enable reset button after hotspot package removal.
  • Improved placeholders and regular expressions.
  • Added pagination in Settings / Network List.
  • Security improvements.
  • Signed Windows installer package.
  • Removed restricted U-NII-2C channels when Canada country code is set.
  • Added memory and load average to device list columns.
  • Updated validation hint for maximum number of stations in wireless network group.
  • Allow cancel migration of device.
  • Improved LAN address identification on USG.
  • Restrict 5 minutes data retention.
  • Switch port usage graph: prevent displaying connected both Device and Client.
  • Improved WebRTC debugging.
  • Generated a SHA512 password if device firmware is capable of it.
  • Removed TLSv1 from default SSL protocols for Java 7/8.
  • Allowed antenna gain of 0.
  • Increased broadcast and multicast MAC limit to 256 per site.
  • Added HSTS support (disabled by default). Can be controlled via system.properties only.
  • Made various backend improvements.
  • Added user group override notice, client list user group column.
  • Added LAG support to AP > Network Configuration (AC-HD only)
  • Added limited amount of LAN DHCP leases notice.
  • Added minRSSI noise floor notice.
  • Improved email templates.

Bugs

  • Fixed a bug causing duplicate downlinks to show in controller UI.
  • Fixed issue with unused cache not clear as expected (causing controller to die because of memory leak).
  • Redesigned inputs for date picking.
  • Devices now grey out entries when WLAN group is off.
  • Fixed site settings save error.
  • Fixed issue with sending large files over WebRTC (e.g. backups).
  • Fixed an issue with fixed IP handling.
  • Fixed auto backup data retention days.
  • Fix Not Authorized/Bad Request on first launch after accepting SDN Invitation.
  • Fix WAN load balance config, so that it actually provisions to the USG.
  • Fixed initial value of data retention days.
  • Fixed slow database backup.
  • Fixed USG/USG-P4 port labels.
  • Fixed client status ordering.
  • Changed Revoke button to Delete button on Admins list.
  • Fixed success messages on saving configuration.
  • Fixed latency color in legend on Throughput graph.
  • Fixed wired uplink stats on AC-HD when using bonding.
  • Fixed an issue when trying to register controller with UniFi cloud tie in (unifi.ubnt.com).
  • Fix device menu when toggling small/normal markers on Map page.
  • Fix icons on clients graph on Dashboard page.
  • Fix speed test column chart.
  • Fix USG badge and tooltip on DPI settings page.
  • Fix typo in validation hints for IP.
  • Fixed 404 error when switching sites while editing.
  • Fixed email validation.
  • Fixed port forward validations.
  • Fixed domain name validation.
  • Fixed issue with controller causing too many directs (controller side fix for UNIFI-457).
  • Fixed issue with community string changing to public, regardless of configured value.
  • Fixed displaying sections on Guest Control settings page.
  • Fixed clickable area of alerts full screen button.
  • Fixed refreshing networks in switch property panel on network add/remove.
  • Fixed issue where local DNS record for UniFi may not provision when using USG.
  • Fixed an issue with current day stats being improperly calculated.
  • Fixed firewall rule validation.
  • Fixed problem with enabling Cloud Access.
  • Fixed an issue when granting admin privileges on a site.
  • Fixed services link not visible on mobiles.
  • Fixed removing items on WebRTC connection.
  • Fixed saving settings > controller.
  • Fixed clearing statistics.
  • Fixed panel expand/collapse icon aliasing.
  • Fixed uplink status when using bonding on AC-HD.
  • Fixed an issue with the remote IP in WebRTC logging, previously was always 127.0.0.1
  • Fixed import/export function. The configuration tab will not be visible after import.
  • Fixed available manual negotiation options for 10GBASE-T ports.
  • Added autofocus on 2FA token field.

Languages

  • Added beta warning for languages other than English.
  • Added Turkish translations.
  • Added Danish, Norwegian, and Turkish language support to Hotspot Portal.
  • Added support for Catalan, Norwegian (Bokmal) and Slovak languages to HotSpot.
  • Made Edit Account frame bigger to make enough room for labels in all languages.
  • Fixed speed test ping translation.
  • Updated translated.
  • Updated translations.
  • Added Catalan translations.

Project Management Options

Articles

Sites

Lighting, Yes, Lighting As An Area That Needs IT

Overview

In this article I will share what I have learned about lighting – specifically, IP (internet protocol) based lighting. This field has been around for a few years now but is mainly known at the consumer levels with individual lights that fit into existing sockets replacing traditional “dumb” lighting.

Terminology

The terminology surrounding lighting seems a little confused to me. I’ve heard the terms smart lighting, PoE lighting, IP lighting, and LiFi all used when describing this technology (or some aspect of it). It seems that Googling multiple terms will result in somewhat different results but highly overlapping in content / theory between them. Here are a few definitions to help clear things up:

  • Smart Lighting – This is oftentimes used when speaking of consumer lighting (smart home). It uses the existing lighting infrastructure (e.g., wires) but with light bulbs that have electronics within them to make them “smart.”
  • PoE Lighting – PoE stands for Power-over-Ethernet. This stand has really come into its own over the last number of years. It utilizes standard ethernet (e.g., Cat 5, 5e, 6, 6a) cabling to transmit power to devices. In this system, the infrastructure for lighting is replaced.
  • IP Lighting – Delineates lighting which operates using the Internet Protocol (the IP in TCP/IP) to control lighting.
  • LiFi – Involves using light bulbs as wireless access points. They are capable 100x-200x the speed of our current WiFi systems.
    • Also known as Visible Light Communications (VLC).
    • The downside is that they require light in order to communicate, though there are some work-arounds.

I’d suggest that a term like IP/PoE lighting (with or without LiFi) may be helpful. What most folks will be looking for, and where I see this technology heading is towards the combination of these three features:

  • Physical – The lighting infrastructure is built using PoE switches, ethernet cabling, intelligent bulbs.
  • Logical – The IP tells us what sort of protocol is being used to communicate between switches, software, and the bulbs.
  • Features – the optional “with(out) LiFi” tells us whether this particular infrastructure is capable of delivering wireless internet through the lighting system.

Or we could just go with a mouthful: smart PoE IP lighting (with/without LiFi).

LED

Sometimes these intelligent lighting solutions are paired with LED because LED seems to be the lighting of the future. That said, it is not necessary to use a PoE/IP based system to utilize LED lights. When reading materials on the advantages/disadvantages of PoE/IP lighting, be sure to separate out what is actually a pro/con for PoE/IP versus LED.

Pros/Cons of PoE/IP Lighting

  • Pro – Each light can be individually controlled.
  • Pro – Individuals can have control over the lighting in their own offices, changing brightness, etc. as needed.
  • Con – While IP and PoE have been around for a while, their use for lighting is a more recent innovation, and none of these can compare to the longevity and proven reliability of traditional lighting.
  • Con – Adding addressable IP devices means increasing surface exposure for compromised security.
    • I would suggest that lighting should be separated onto a VLAN or even a physically distinct switching infrastructure.
  • Pro – Uses low-voltage wiring which oftentimes reduce the cost and ease inspection requirements over traditional lighting.
  • Pro – Eliminates the AC-to-DC conversion required by traditional lighting.
  • Pro – Removal of the AC-to-DC converter removes one of the more prone-to-failure components in LED lighting.

Major Industry Players

Who are the folks heading this lighting revolution?

My Requirements

Based on what I have read and discussed with others, I’d suggest the following as some base-line requirements for a lighting system:

  • Utilizes Ethernet Cabling.
  • Operates over IP.
  • Utilizes an open protocol for device communication.
  • Allows for cross-manufacturer integrations.
  • Utilizes open management protocols allow for different applications to control the network.

Bibliography / Further Reading

Data Storage

Windows

  • NTFS has long been the file system for Windows systems. Before that it was FAT. The latest file system (included with Server 2012 and 2016) is ReFS.

Apple

  • Apple includes Xsan with their Server application. This allows a Mac to act as a SAN.

Other Tidbits

  • Rorke was a data storage manufacturer but was acquired by IdealStor early 2010’s.

Structured Cabling

According to Wikipedia’s article on “Structured Cabling” there are six subsystems into which structured cabling falls:

  • Entrance Facilities – The termination point of the communications company’s network and the beginning point of one’s on-premises cabling.
  • Equipment Rooms – Consolidates cabling generally within the same floor.
  • Backbone Cabling – Usually runs between the various equipment rooms, which are often on different floors.
  • Horizontal Cabling – Cabling that runs from an equipment room to an individual outlet.
  • Telecommunications Rooms / Telecommunications Enclosures – Connects backbone cabling to horizontal cabling.[1]
  • Work Area Components – From the individual outlets (horizontal cabling) to the user’s equipment.

The standards for structured cabling are provided by various organizations (CENELEC, IEC, ISO, TIA), see above Wikipedia article for a listing of ANSI/TIA standards.

  1. [1]I am unsure what the difference is here between equipment rooms and telecommunications rooms, seems as if they would be one and the same?

Growing Up the Internet

Roger A. Grimes has written an interesting article for InfoWorld discussing the reality that relatively minor players can take down large segments of the internet and that many critical systems rely upon the internet. He suggests the only way to overcome these attacks requires an upgrade of the internet, not just piecemeal upgrades of various corporations or endpoints.

He recommends two strategies to accomplish this upgrade:

  1. Use of more secure methods of authentication to ensure traffic is being sent from legitimate sources to legitimate recipients.
  2. The creation of centralized services that would be able to analyze web traffic and determine when hostile attacks were occurring and inform other network entities about these.

Read the full article here.

Electric / Power

UPS

  • UPS System Buying Guide. Tripp-Lite.
    • Provides basic introduction to UPS systems. Covers voltage of equipment, line-interactive vs. on-line, pure sine wave output, and more.

PDU

  • PDU Buying Guide. Tripp-Lite.
    • Discusses different types of PDUs (e.g. basic, metered, monitored, switched, ats, and hot swap), horizontal vs. vertical, and dual circuit capability.

General

Tools

Companies