UniFi - Configuring the SELFRUN State


Overview


This article describes how to configure the behavior of access points (APs) on selfrun mode, the state in which APs enter when they cannot reach the UniFi Controller. This will directly affect the Guest Portal.

NOTES & REQUIREMENTS:
This configuration requires editing the config.properties file, and is recommended only for advanced users. Read more about the config.properties file in this article: UniFi - Explaining the config.properties File.

Table of Contents


  1. Introduction
  2. How to Configure SELFRUN
  3. Testing and Verification
  4. Related Articles

Introduction


Back to Top

When an access point (AP) cannot reach the UniFi Controller, it goes into selfrun mode. In this state, it will not redirect guests to the Guest Portal because it is not reachable. Instead, the AP will automatically allow guests to use the network without redirecting. It will however maintain guest and user group policies as follows:

  1. The guest access policies will still be effective (L2/L3 isolation) along with the restricted subnets feature.
  2. The user group (bandwidth limiting, etc) associated with this WLAN will still be effective.
  3. If a password was set in Settings > Wireless Networks > Edit (or Create) > Security, then guests will still be prompted to provide that password before being granted access. If Security was set to Open however, and the guest network was relying on the Guest Portal security (set in Settings > Guest Control > Simple Password > Guest Password) then users will be able to access the guest network freely.
  4. When the Controller comes back online, the Guest Portal redirection feature will restore automatically.

Read more about Guest Networks and Policies in this article.


How to Configure SELFRUN


Back to Top

There are two possible selfrun behaviors an AP can follow. The first allows all guests to access the network (while still retaining guest access policies). This means they just bypass the guest portal. This happens when selfrun is configured to pass. The second behavior, which occurs when selfrun is set to off, will have all guest SSIDs (guest wireless networks) disabled when the controller is not reachable.

IMPORTANT: The Guest Portal must be enabled for this configuration to work.

To add either one of these configurations follow these steps:

1. Open (or create) the config.properties file. Learn more about how here

2. Add one of these lines depending on which behavior is needed:

config.selfrun_guest_mode=pass

      or

config.selfrun_guest_mode=off

3. After adding the line to the config.properties file, a provision must be triggered on all APs. See this Controller FAQ on how to perform a batch AP provision.


Testing and Verification


Back to Top

To check whether the configuration has been taken by the access point, SSH into the AP and execute:

cat cfg/mgmt

If everything is running in order the output should provide the line you added to the config.properties file, preceded by mgmt instead of config. For example, you'll see the following:

mgmt.selfrun_guest_mode=off


Related Articles


Back to Top

UniFi - Explaining the config.properties File

UniFi - Wireless Guest Network Setup

Intro to Networking - How to Establish a Connection Using SSH


We're sorry to hear that!