byUBNT-MikeD11-16-201710:48 AM - edited 11-19-201708:37 AM
As always, make a backup prior to upgrading.
Windows users must have x64 Java installed as we only support 64-bit WebRTC library. Please see HERE and download the missing version (64bit offline Windows install package).
You cannot re-use a VLAN ID for dynamic VLAN if it is set as a static value for another SSID on the same AP. So, if I have a SSID set to use VLAN 10, I cannot use VLAN ID 10 for RADIUS controlled VLAN users as those users will not get an IP.
Smart Queue QoS is similar to the implementation as in EdgeOS (seeHERE). Please note that DPI will not work when using QoS, as traffic will not be offloaded. It's also worth noting that maximum throughput will be affected when using QoS, as traffic is not offloaded. There are some rough guidelines in the article linked above.
DFS channels can not be used for wireless uplink in the US. Please use non-DFS channels if you need to use wireless uplink on dual band UAPs.
Official UniFi MIBs can be downloaded fromHEREandHERE(those are 2 different files).
We no longer support Java version 6, it needs to be 7 or later. We recommend Java version 8.
Features like airtime fairness, bandsteering, load balancing and minimum RSSI are default disabled. If you need them you need to go to Settings>Site and check Enable advanced features.
If you previously used Google Maps for a site map, then you have to enable this feature again by adding an API key. This is done under Settings>Controller. There is a linked guide with instructions.
The initial database migrationwill take longer than normal.It is expected to see mongo using most, if not all, of the available CPU cycles during this process. Please be patient, this process could easily take 15+ minutes, depending on the amount of historical stats, as well as the system specs. As always, err on the side of caution, and make a backup before upgrading.
The controller will not start if it is set to bind to a privileged port (<1024), as it now runs as a non-root user. There are various ways you can fix this immediately, like authbind, although there may be better ways. We're considering options here.
If your controller is running on a UniFi Cloud Key (UCK), make sure it ison firmware 0.6.4 or later, otherwise the controller will not start. This firmware is available via the normal upgrade mechanism found in the controller or it's local management page.Make sure to make a backup before upgrading the UCK firmware, as you'll need it to restore after, and it's good to have a backup on hand before any controller upgrade.
Manual site-to-site VPN status is not reflected on the UniFi dashboard widget. Currently it will look like it's offline, even when the tunnel is up.
AirTime will not work if a radio is disabled and/or there isn't any SSID present. This will be fixed in a future release. If you enable it, and it still isn't working, then you may need to force a refresh without cache.
If you start both a 2.4GHz and 5GHz scan in quick succession, then it will fail.
It is expected that airView will stop occasionally. A stop/start sequence should restore functionality.
If you start an airTime scan while airView is running, then airView will stop and you'll need to perform a stop/start sequence to get it working again. This will be fixed in the future.
Controller bugfixes/changes from 5.6.22:
Fix WLAN VLAN range.
Fix lost DPI translations.
Various backend improvements.
Firmware changes from 3.9.2/4.4.8:
[ACIWPro] Enable DFS support.
[ACG1] Security improvements.
[UAP] Add more security details to scan info.
[UAP] Security patch for the WPA2 vulnerability called KRACK (details HERE).*
[UAP]Various backend fixes and/or improvements.
[USXG] Fix fastpath tools.
[USG] Fix crash in "mcad" where there were DHCP leases with hardware addresses longer than an actual MAC address.
[USG] Includes more packages with debug symbols available to help diagnose crashes from submitted core files.
[USG] Fix crash in ubnt-util.
[USG] Fix crash in "redirector".
[USG] Added GeoIP back end.
[USG] Fix DHCPv6 client problem causing renewal failures in some circumstances.
[USG] Dynamic DNS back end updates in preparation for expanding DDNS support in controller.
[USG] L2TP VPN permitted encryption algorithms tightened to remove weak ciphers. All reasonably modern clients are already using a strong option, so there will be no change in behavior. Some ancient clients may not support any of these options.
[USG] UniFi reporting back end additions for IPv6.
[HW] Improve error codes returned on firmware upgrade fail.
*This primarily affects devices that support STA mode. It's worth noting that 1st gen AC devices donot support STA mode, which is why we have only released a 3.9.x firmware.