This article describes how to configure the behavior of UniFi Access Points (UAPs) on
selfrun mode, the state in which APs enter when they cannot reach the UniFi Network Controller. This will directly affect the Guest Portal.
NOTES & REQUIREMENTS:
This configuration requires editing the config.properties file, and is recommended only for advanced users. Read more about the config.properties file in this article: UniFi - Explaining the config.properties File.
Table of Contents
When an access point cannot reach the UniFi Network Controller, it goes into
selfrun mode. In this state, it will not redirect guests to the Guest Portal because it is not reachable. Instead, the AP will automatically allow guests to use the network without redirecting to the portal first. It will however maintain guest and user group policies as follows:
- The guest access policies will still be effective (L2/L3 isolation) along with the restricted subnets feature.
- The user group (bandwidth limiting, etc) associated with this WLAN will still be effective.
- If a password was set in Settings > Wireless Networks > Edit (or Create) > Security, then guests will still be prompted to provide that password before being granted access. If Security was set to Open however, and the guest network was relying on the Guest Portal security (set in Settings > Guest Control > Simple Password > Guest Password) then users will be able to access the guest network freely.
- When the Controller comes back online, the Guest Portal redirection feature will restore automatically.
Read more about Guest Networks and Policies in this article.
How to Configure SELFRUN
There are two possible
selfrun behaviors an AP can follow. The first allows all guests to access the network, while still retaining guest access policies as described in the section above. This means they just bypass the guest portal. This happens when
selfrun is configured to
pass. The second behavior, which occurs when
selfrun is set to
off, will have all guest wireless networks (any and all that are configured for this UniFi Network Controller) disabled when the controller is not reachable.
IMPORTANT: The Guest Portal must be enabled for this configuration to work.
To add either one of these configurations follow these steps:
1. Open (or create) the config.properties file. Learn more about how here.
2. Add one of these lines depending on which behavior is needed:
3. After adding the line to the config.properties file, a provision must be triggered on all APs. See this Controller FAQ on how to perform a batch AP provision.
Testing and Verification
To check whether the configuration has been taken by the access point, SSH into the AP and execute:
If everything is running in order the output should provide the line you added to the config.properties file, preceded by
mgmt instead of
config. For example, you'll see the following: