UniFi SDN Controller 5.8.23 Stable has been released



Introducing our latest release for UniFi wireless, routing & switching hardware. This is our initial stable release for the 5.8 branch.

How to play safe?
Make sure you always do a backup before any updates, especially if you plan to upgrade your existing installation.

Release Notes:
  • For people who are migrating from v3, there're many changes to APIs and it's not backward compatible. You may need to update the shell library (unifi_sh_api) and/or your customized portal/external portal code.
  • Windows users must have x64 Java installed to use the unifi.ubnt.com cloud tie in, as we only support 64 bit webRTC library. Please see HERE and download the missing version (64bit offline Windows install package). The controller will run in an x86 only environment, or with x86 Java, but the unifi.ubnt.com tie in will not work.
  • For hotspot management console, make sure you have bookmark the URL with site ID (i.e. x66cipn3, or whatever random string is generated for that site). For example:
  • For Debian/Ubuntu users, please update your APT source (see HERE).
    • unifi-beta/unifi-rapid are obsoleted. The old repo has been removed.
    • The following affects APT versions 1.5 onward (Ubuntu 17.10 and Debian Sid or newer). A recent version of the apt-secure man page stated: "Since version 1.5 changes in the information contained in the Release file about the repository need to be confirmed before APT continues to apply updates from this repository", meaning that when performing an update from a major version to the next (for example 5.6.x to 5.7.x) the apt-get update will result in an error. To fix this run the command the following way: apt-get update --allow-releaseinfo-change
  • You cannot re-use a VLAN ID for dynamic VLAN if it is set as a static value for another SSID on the same AP. So, if I have a SSID set to use VLAN 10, I cannot use VLAN ID 10 for RADIUS controlled VLAN users as those users will not get an IP.
  • Cloud Access feature in this release is not supported on Linux/ARMv6 architecture (for exmaple, Raspberry Pi 1). If you have problem starting controller on this platform, please remove the native library:
sudo rm /usr/lib/unifi/lib/native/Linux/armhf/libubnt_webrtc_jni.so
  • Smart Queue QoS is similar to the implementation as in EdgeOS (see HERE). It's worth noting that maximum throughput will be affected when using Smart Queue QoS, as traffic is not offloaded. There are some rough guidelines in the article linked above.
  • DFS channels can not be used for wireless uplink in the US. Please use non-DFS channels if you need to use wireless uplink on dual band UAPs.
  • Official UniFi MIBs can be downloaded from HERE and HERE (those are 2 different files).
  • A full changelog has been attached, showing changes back to the first public release (1.2.1).

Other Notes:
  • As of 5.7.x+ we only support Java 8. At this time Java 9 is not supported.
  • Features like airtime fairness, bandsteering, load balancing and minimum RSSI are default disabled. If you need them you need to go to Settings>Site and check Enable advanced features.
  • If you previously used Google Maps for a site map, then you have to enable this feature again by adding an API key. This is done under Settings>Controller. There is a linked guide with instructions.

Important Notes:
  • Linux systems must be running a version of MongoDB prior to 3.6.x. We recommend 3.4.x. This is most likely to be an issue on Ubuntu 18.04 LTS, as it currently offers MongoDB 3.6.x.
  • The initial database migration will take longer than normal. It is expected to see mongo using most, if not all, of the available CPU cycles during this process. Please be patient, this process could easily take 15+ minutes, depending on the amount of historical stats, as well as the system specs. As always, err on the side of caution, and make a backup before upgrading.
  • The controller will not start if it is set to bind to a privileged port (<1024), as it now runs as a non-root user.
  • If your controller is running on a UniFi Cloud Key (UCK), make sure it is on firmware 0.6.4 or later, otherwise the controller will not start. This firmware is available via the normal upgrade mechanism found in the controller or it's local management page. Make sure to make a backup before upgrading the UCK firmware, as you'll need it to restore after, and it's good to have a backup on hand before any controller upgrade.
  • Support for PicoM2 and 1st gen AC models was dropped in 5.7.x. Please see our announcement HERE.
  • As of release branch 5.7.x we've made some important changes to the Wireless Uplink feature (feature details HERE).
    • We removed the "Enable automatic uplink failover" from wireless uplinks as it is no longer needed.
    • We added the ability to opt an AP in or out of wireless uplinking to another AP. This is done by checking the "Allow meshing to another access point" option found under device properties>Config>Wireless Uplink.
      • This option should be disabled on wired APs, but is required to be enabled on wireless APs.
      • If you disable this option on a downlink/wireless AP, then your AP will be disconnected from the network and require further action (including physical access).
      • If upgrading from 5.6>5.7 then this already be disabled on wired APs, but if upgrading from an earlier 5.7. release then this may be enabled on wired APs.
      • Again, this option should be enabled on downlink/wireless UAPs only. It should not be enabled on wired UAPs.
    • We added the ability to set uplink priorties. This allows you to define the preferred uplinks for a downlink/wireless AP.
  • We’ve found that some migrations from 5.6 to 5.7 have resulted in Fast Roaming being enabled, which is not our recommendation. If you see this, feel free to disable Fast Roaming on all Wireless Networks.
  • Fixed IPs (DHCP reservations) are now required to use unique IPs. The same IP cannot be assigned to more than one device. For configurations that already contain duplicates, only the most recently active device will have its fixed IP provisioned to USG. The controller's server.log will contain a log message skip provisioning duplicate fixed IP <IP address> for user[<MAC address>] indicating which was omitted where there are conflicts.
  • If you have per-port VLANs enabled on any UAP-AC-IW/UAP-AC-IW-Pro, please ensure that you have upgraded the UAP-AC-IW devices to 3.9.40+ (with public community release link) before upgrading the controller to 5.8.23.

Known Issues:
  • airTime will not work if a radio is disabled and/or there isn't any SSID present. This will be fixed in a future release. If you enable it, and it still isn't working, then you may need to force a refresh without cache.
  • If you start both a 2.4GHz and 5GHz scan in quick succession, then it will fail.
  • It is expected that airView will stop occasionally. A stop/start sequence should restore functionality.
  • If you start an airTime scan while airView is running, then airView will stop and you'll need to perform a stop/start sequence to get it working again. This will be fixed in the future.
  • Port mapping for USG (UGW3) is incorrect under performance statistics. This will be fixed in a future release.

New Features:
  • Add Scheduled Upgrades support (Beta).
  • Add site VPN route distance.
  • Add WeChat authentication to Hotspot.
  • Add netconsole logging to site config.
  • Add speed and duplex config for USG interfaces.
  • Add control for dnsmasq as DHCP server.
  • Add Wi-Fi Happiness to client STA statatistics.
  • Add app switcher.
  • Add BaseStationXG LED bar color control to the device properties panel.
  • Allow setting opacity on Image-type maps.
  • Allow setting Management VLAN at Access Points.
  • Property Panel: Show images of most popular client devices.
  • Assign USG Physical Ports to Logical Networks.
  • Local SSO login.

Controller bugfixes/changes since 5.8.20:

  • Add validation for Promotional URL input in Guest Control.
  • Enable RF scanning for UAP-nanoHD.
  • Fix a bug with AC-IW/IW-Pro provisioning which caused traffic to stop forwarding when the management VLAN and a WLAN VLAN are the same.
  • Fix RADIUS accounting for switching products.
  • Fix decoding UTF-8 characters over WebRTC connection.
  • Fix analytics graph display on firefox in Hotspot manager.
  • Fix default value for Outdoor Mode in batch AP configuration.
  • Fix property panel auto scroll after refresh.
  • Fix time range change after granularity modification on the Statistics Overview page.
  • Fix reversed TX/RX client statistics.
  • Update translations.
  • Various backend bug fixes and improvements.
For a full list of changes in the 5.8 branch, up to 5.8.20, please expand the spoiler below. Please note that some of the changes listed in this list may be in earlier release branches or may be fixes and/or improvements to new features introduced in 5.8.x.

Add French translations.
Add timestamp to manually downloaded backup file.
Add tags column to devices page.
Add tooltip for enabling geoIP filtering.
Add bypass for confirm before device downgrade.
Add missing PoE event labels.
Add USG alias validation.
Add port group validation.
Add autochannel support for devices with multiple radios (XG).
Add ability to open debug terminal by clicking an IP on the device overview screen.
Add description for mDNS.
Add tooltip that DHCP DNS must be a valid IP address only.
Add workaround for Cloud Key firmware upgrade issue, for devices on firmware 0.8.1 to 0.8.4.
Add control for dnsmasq as DHCP server.
Add message with instruction to csv upload.
Add model EOL (end of life) pending warning.
Add event for switch PoE port disconnect and overload.
Add DHCPv6 DNS Control.
Add display of RSTP in switch properties panel when it's enabled.
Add missing mapping for PoE events (PoE Overload and PoE Disconnect).
Additional charts for Devices (Statistics -> Performance view).
Additional DPI application icons (i.e. Slack).
Additional columns in Clients list.
Show additional performance graphs in AP Property Panel.
Allow setting mask /31 ( for USG/WAN to be compliance with RFC3021.
Allow to customize Map Device Marker label.
Allow Facebook-based Hotspot authorization portal to be opened in Apple Captive Network Assistant.
Allow for assigning network groups that are only VLAN based.
Allow to dismiss toast when there are devices with upgrade available.
Allow for assigning network groups that are only VLAN based.
Allow to dismiss toast when there are devices with upgrade available.
Improve blocking opening device terminal for not supported devices.
Improve translation for firmware upgrade toast.
Improve reliability of topology.
Improve way how Donut charts display tooltips, to prevent being overlapped by other elements.
Improve device marker on maps.
Improve Neighboring Access Points loading.
Improve wireless uplink migration.
Improve reported topology when using wireless uplinks.
Improve accuracy of reported wireless uplink candidates.
Improve guest portal handling on gateway devices.
Improve wireless adoption process.
Fix timezone selection in Wizard.
Fix broken device stats.
Fix DPI Donut Chart on click handler.
Fix DNS rules for guest VLANs.
Fix restoring from autobackup on SD card.
Fix authorize.net support - the guest's email is now properly sent when that field is enabled.
Fix client signal binding.
Fix downloading autobackup (which is saved on SD card) via unifi.ubnt.com
Fix editing WLANs via group config.
Fix filtering of top APs, and improve performance of stats filtering.
Fix available wireless uplinks so disabled radios/APs are not displayed.
Fix upgrade failed event when scheduled upgrade runs and device is on latest firmware.
Fix unwanted username/password autocomplete.
Fix incorrect client signal value in ap's property panel and clients list.
Fix empty Radio Type dropdown on Performance page.
Fix a bug with L3 wireless adoption.
Fix setting speed/duplex on disabled interfaces of USG-XG-8.
Fix Hotspot Manager and Site Overview with WebRTC connection.
Fix missing translation for Client Satisfaction in property panel.
Fix manually download backup file for Firefox.
Fix scrolling down the walls tab in map designer mode.
Fix incorrect internet traffic count for wireless clients.
Fix loading Settings page with German translations.
Fix saving network settings before adopting USG.
Fix IPv6 PD Prefix ID validation and config generation.
Fix broken batch config for radios.
Fix channel width inconsistency.
Fix cut RF Scan tooltip.
Fix for clients counters in property panel.
Fix pre-selecting timezones.
Fix progress bar width on opening WebRTC connection.
Fix release notes display.
Fix IPv6 RA attributes.
Fix RADIUS auth and accounting on guest networks when using USG.
Fix disabled "Queue Changes" button in batch AP LED configuration.
Fix saving DHCPv6 Server configuration.
Fix port forward WAN interface.
Fix save/provision error with UnNP.
Fix IPv6 related configs.
Fix PPPoE interface name in routing table.
Fix an issue causing the controller to be factory reset.
Fix filtering virtual devices on maps.
Fix creation of IPv6 PD LAN networks.
Fix validation of IPv6 IPs as group members.
Fix State in map marker label is on the left side.
Fix Topology error occuring for aliases longer than 24chars.
Fix saving DHCPv6 Server configuration.
Fix Invisible STA device image.
Fix DPI Selector per user: all categories highlighted.
Fix Topology path highlighting when mouse pointer is over client label.
Fix User DPI details sometimes application name is empty.
Fix Debugging Metrics.
Fix date format not always being localized.
Fix Topology console error.
Fix factory reset issue on UCK.
Fix pre-adoption upgrade of USG devices.
Fix VPN status reporting.
Fix filtering virtual devices on maps.
Fix creation of IPv6 PD LAN networks.
Fix validation of IPv6 IPs as group members.
Fix missing DPI users (name & icon).
Fix for airTime view in Firefox 57.
Fix handling error responses received via WebRTC channel.
Fix Routing Utilisation Widget layout issues.
Fix Schedule Upgrade editing via WebRTC.
Fix displaying selected priority wireless uplink.
Fix displaying blank page on double click on Insights.
Fix filtering outdoor channels by using default value for outdoor mode.
Fix handling error responses received via WebRTC channel.
Fix missing action buttons after enabling cloud access.
Fix saving RADIUS profile without accounting servers.
Fix MAC auth provisioning so RADIUS assigned VLAN is set when it's enabled in the RADIUS profile.
Fix radios sorting in Configure Radios section.
Fix airTime scan Details empty table.
Fix case when locked device could be moved on Designer map.
Fix dashboard related errors in js console after logging out.
Fix UI jitter bug in Device Property Panel airTime accordion.
Fix a bug preventing email password recovery from functioning in some cases.
Update timezones list to IANA tzdb.
Update status colors in VPN widget.
Update device uplink name dynamically.
Update outdoor mode checkbox label.
Hide gateway, broadcast and mask for User VPN networks.
Hide the Aggregation option under Network when UAP supports it natively.
Hide message when controller minor version has not changed.
Hide configuration section in Elite Device settings when Cloud Access is off.
Hide Elite ToS accept button for unsupported countries.
Hide Fast Roaming feature for Open networks.
Prevent overlapping header text over close button.
Prevent port forwards from interfering with IPsec and vice versa.
Prevent site-to-site VPN from unnecessarily reprovisioning on controller start.
Prevent console errors when Map Links are toggled on and device is removed.
Topology: prevent overlapping labels on wireless links.
Display warning when time series start day is before data retention settings for given granularity.
Display message when user logs into controller and there are devices with upgrade available.
Display toast with information about new controller version.
Display user count graph in device performance statistics page.
Display correct labels at ports list when port is not configurable.
Show Hardware Offload as off when IPS is enabled, don't allow it to be turned on.
Show more accurate client's device images in property panel.
Show the WLAN VLAN is RADIUS assigned in the WLAN list, when it is.
Show message about missing permission in routing utilization widget.
Topology: show wireless Client's channel.
In case of Topology with large number of nodes (> 200), draw straight lines to improve performance.
Extend form's elements to show whole value at Settings/User Groups.
Apply the same rules for both TCP and UDP DNS for guest subnets.
WAN & WLAN Histograms - mark current values instead of mean ones, limit glowing elements number to 3.
Drag and drop optimizations.
Expand firewall group name limit to 64.
Lock web store to US only.
GeoIP Filtering - Block incoming/outgoing/both traffic.
Temporarily remove WAN/WAN2 IPv6 PPPoE option.
Rename label 'Select group' to 'Any' in firewall's form.
SNMPv3 - Username and Password validation to match SNMPv3 standard and USG requirements.
Map fixes: Devices disappearing from map when changing from legacy to designer without saving and cannot change map type from Google to image at the second time.
Several device management improvements, to improve UX and mitigate some errors.
Change SSH Credentials before restore from backup in wizard.
Modify the way how Channel Distribution widget lays out its internal elements.
Disabled devices should not be taken into account in general site status.
Designer Map: fix setting scale in feet.
MeshV3 Stability Improvements.
Various hardware provisioning improvements.
Tweak Topology lines shape to avoid overlapping with text labels.
Prepopulate RADIUS Tunnel-Medium Type once "Virtual LANs (VLAN)" is selected.
Don't allow setting up DHCP server on IPv6 networks unless the interface type is `static`.
Clarify IPS alert wording.
Disable hardware offload on USG when Smart Queue QoS is enabled.
Expose HTTPS blocking for Facebook Wi-Fi portal. Note you will need to add all required Facebook subnets/hostnames to pre-authorization list manually.
Select RADIUS VLAN when enabled for WLAN.
Lower RSSI requirements for wireless adoption.
Remove reboot before upgrade logic from UAP upgrades
Throughput graph - restore max values bars.
Topology on Safari - fix node labels position shifted up.
Virtual Device on map: avoid duplicated device name inside label.
Reduce port stats log level to fix unnecessary log spam.
PPPoE IPv6 provisioning improvements.
Throughput graph - restore max values bars.
Conditionally enable journalling on UCK after successful migration.
Topology path highlighting fix.
Mask password characters for RADIUS hotspot.
Extend Client statistics signal level range.
Only enable source validation for single WAN use cases.
Rename duplicated translation key for connectivity monitor.
Disable host record for static DHCP mappings.
Temporarily limit MongoDB support to releases prior to 3.6.x (currently 3.4.x is recommended).
DPI refactor, also prevent more than 6 items on the list.
Disable open terminal after click on IP address for sites without advanced features enabled.
Omit /0 networks from USG guest firewall group config as they are unsupported.
Statistics/Performance: fix time range selection.

Recommended Firmware:


*This release follows our usual release structure which means it will initially be available via this blog post only. It will be posted to the download site and official repos in the near future. If you aren't familiar with our release structure, please take a moment to read our post HERE. Thanks!

Verder lezen...