Scheduled maintenance: Community will be offline Monday June 17th, 1:00 AM - 6:00 AM (PT)
Reply
New Member
Posts: 1
Registered: 3 weeks ago
Kudos: 5

UAP-LR + Guest Network + Firmware 4.0.42.10433 + DNS Timeout

[ Edited ]

In my network I have around 20 UAP-LR APs and 5 UAP-AC-LITE APs, with controller version 5.10.23 and no VLANs configured.

 

Every APs has 2 SSIDs with RADIUS authentication, and a guest network with WPA2 password and voucher-based authorization.

 

After upgrading the APs with firmware version 4.0.42.10433, some of my users started complaining about connectivity issues.

 

Upon investigation, I've found out that:

  • the problem involves only clients connecting to the guest SSID; no troubles on the 2 non-guest SSIDs
  • it seems that troubles occur only when connecting to older APs (namely, UAP-LR in my case)
  • no Guest Portal is shown for new devices connected to guest network, as others have already posted here
  • even devices that were already authorized by voucher (or temporarily via controller) have connectivity issues
  • connectivity issues are related to DNS timeout, but if the client was previously authorized, WAN IPs can be pinged
  • the DNS server responds to ping, but any DNS resolution (via local or remote server) is blocked by the AP

 

Workarounds and temporary fix:

  • disabling guest policies on the guest SSID restores proper DNS resolution, but breaks voucher-based authentication of course
  • rolling back old APs (UAP-LR) to firmware version 4.0.17.9910 (the minimum version to which downgrade is allowed - I had to subscribe to Early Access Program to get links to that beta firmware version)

 

As a sidenote, today I had to downgrade a newer AP (UAP-AC-LITE) as well because it was affected by the same connectivity problem.

 

While waiting for an official fix, I'm downgrading every AP in my network to version 4.0.17.9910 (I've tried other, newer versions, but the problem seemed to persist; however, I'm not sure about that because I had to work in a hurry).

New Member
Posts: 2
Registered: ‎04-04-2017

Re: UAP-LR + Guest Network + Firmware 4.0.42.10433 + DNS Timeout

Anyone from Ubnt available to comment?

Established Member
Posts: 821
Registered: ‎05-08-2015
Kudos: 279
Solutions: 19

Re: UAP-LR + Guest Network + Firmware 4.0.42.10433 + DNS Timeout


@Incoal wrote:

In my network I have around 20 UAP-LR APs and 5 UAP-AC-LITE APs, with controller version 5.10.23 and no VLANs configured.

 

Every APs has 2 SSIDs with RADIUS authentication, and a guest network with WPA2 password and voucher-based authorization.

 

After upgrading the APs with firmware version 4.0.42.10433, some of my users started complaining about connectivity issues.

 

Upon investigation, I've found out that:

  • the problem involves only clients connecting to the guest SSID; no troubles on the 2 non-guest SSIDs
  • it seems that troubles occur only when connecting to older APs (namely, UAP-LR in my case)
  • no Guest Portal is shown for new devices connected to guest network, as others have already posted here
  • even devices that were already authorized by voucher (or temporarily via controller) have connectivity issues
  • connectivity issues are related to DNS timeout, but if the client was previously authorized, WAN IPs can be pinged
  • the DNS server responds to ping, but any DNS resolution (via local or remote server) is blocked by the AP

 

Workarounds and temporary fix:

  • disabling guest policies on the guest SSID restores proper DNS resolution, but breaks voucher-based authentication of course
  • rolling back old APs (UAP-LR) to firmware version 4.0.17.9910 (the minimum version to which downgrade is allowed - I had to subscribe to Early Access Program to get links to that beta firmware version)

 

As a sidenote, today I had to downgrade a newer AP (UAP-AC-LITE) as well because it was affected by the same connectivity problem.

 

While waiting for an official fix, I'm downgrading every AP in my network to version 4.0.17.9910 (I've tried other, newer versions, but the problem seemed to persist; however, I'm not sure about that because I had to work in a hurry).


There is an issue with 4.0.42 in regards to the Guest Portal.  You are correct in disabling the Guest Portal will resolve the issue, and so will downgrading the firmware to the version you did (or the last GA if the AP supports it).

 

There are no guaranteed work arounds at the moment and most are hit or miss.  I recommend remaining on the previous firwmare until such time that UBNT sorts it out.  Yes, UBNT is aware of it but has not pulled 4.0.42 despite the ever larger number of folks that are running into this.  I pointedly asked @UBNT-MikeD why 4.0.42 has not been pulled and have not received a reply.

New Member
Posts: 5
Registered: ‎02-17-2017
Kudos: 3

Re: UAP-LR + Guest Network + Firmware 4.0.42.10433 + DNS Timeout

This situation is eerily similar to what we are currently experiencing on our network. 

 

Our network consists of a TZ400 SonicWall UTM which acts as the DHCP server, a DLink gigabit switch, a Unifi Cloud Key, three UAP-AC-Pro access points and one UAP-AC-Mesh-Pro access point.  The TZ400 replaced a TZ105 unit in January and the outdoor AP was added about a year ago.  We setup a normal operation network and a guest network using voucher code authentication.  The remainder of the configuration has been in operation since March 2017 and has work fantastically well - that is until four weeks ago.  We have kept apace of all Unifi software and firmware updates.

 

Starting about four weeks ago no guest users we able to gain a landing page with their browser.  We then powered down all access points for 15 minutes.  This step restored the ability for guest users to access the Internet.  However, now it seems that about a third of the guest users are having network connectivity problems, which seems to affect both Android and iOS devices. (We haven't tried Windows.)  As an aside, we force all personal devices to be connected to the guest network.

 

Naturally, this is becoming a significant source of frustration and would therefore like to get it resolved.  Suggestions most welcome.

Highlighted
Senior Member
Posts: 25,956
Registered: ‎08-04-2017
Kudos: 4870
Solutions: 1288

Re: UAP-LR + Guest Network + Firmware 4.0.42.10433 + DNS Timeout

Hello @kingsarms @donwschultz @Incoal @OLPH_Unifi,

 

You guys can try this, but be aware that it's a BETA build.... use it at your own risk. ( follow this article to sign up for BETA access )

 

 

 

Regards,

Glenn R.

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-Video Installation Scripts | UniFi-VoIP Installation Scripts
USG-XG-8 • USG-4-PRO • USG
US-XG-16 • US-48-500W • US-24-POE-250W 2x • US-16-POE-150W 3x • US-24 • US-8-150W • US-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD 2x • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M • UAP-AC-M-PRO 2x
UAS-XG • UCK-G2-PLUS • UCK-G2 • UCK
Reply