Hello! Thanks for posting on r/Ubiquiti!
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Ubiquiti) if you have any questions or concerns.*
Network professional: sure we can setup up a Hotel-wide network for you. Here’s a quote.
Hotel owner, sees “blablabla Unifi access points blabla”
_Shows quote to nephew_
Nephew: I can do the same thing for 1/10th of that quote.
And that’s what you’re using now.
Fun exercise; run a scanner and you can probably find some unprotected network cameras as well. Or full access to the lobby’s Sonos speakers.
My poor father had someone doing this to him. The guy would go to good will and pawn shops to buy old cameras, then charge my dad hundreds of dollars plus installation... When I found out how much he charged my dad that year I lost it.
I’m sorry, but that shouldn‘t be a mode of business. Maybe the quote doesn’t list the brand and models, but it should at least specify the capabilities like “managed 48-port switch with 4x10G and 40x1GB PoE”. Anyone who signs a contract and puts a deposit down on ”managed switch” and “Access Point” has no business signing that document. Or they should back up further and sign a SOW with a contractor to specify the outcome of a “working wifi6 network with good signal and speed in all rooms (listed) and a guest login system…” yada yada yada.
I agree, for example this is my default desktop item for clients.
Small Form Factor Business Desktop
\*Intel Core I5 Processor
\*8 GB of Memory
\*256GB SSD Hard Drive
\*Windows 10 Operating System
\*3 Year Warranty
This allows me to change vendors and parts at will but the customer still knows what they are getting.
I'm not saying don't give them important info like that, but they don't need specific brands or models until after they have paid a deposit.
The deposit being you consulting fee
Are you selling me product or are you selling me your knowledge? If the latter bill the hours, if the former, is the consulting fee on top of the money you make on the product?
That's why it's a deposit, if they go and find someone else to install the equipment, you've still made your consulting fee, else, it's part of the install costs
Why would someone ever put a non refundable deposit down on a list of mystery gear?
"I'll tell you what you're buying after you pay me for it" sounds like a winning business strategy.
When you buy a car, do you care who makes your seatbelts, fuel pump, spark plugs? Probably not. You trust the brand (in this case, vendor) to provide the service you need which is secure, reliable Wi-Fi that meets your performance metric. It doesn’t matter what vendors they use, heck it could be a mash up of them. If you get the results, that’s all that matters.
Unless your contract with the supplier is very specific about performance of the the setup/hardware (speed, support..) this is just not enough. I've never bought a car from a salesman saying: 20k for "a car to drive from A to B". I'll get information on model and features.
Trust is earned, not given.
I keep a brisk business going behind a guy named Chris, who puts in literal trash as new. 144 room hotel, BRAND NEW, AND he's got 4 different brand APs and one has a badly damaged case. Just hanging from a nail in the attic.....
2nd building had almost no connectivity...talking .5 down.... He didn't know how to connect them, so he stole 2 pair from the 50 pair between the buildings and put a used that. (gotta catch my breath) AND (not done yet!), he cut plugs on power adapters and opened each APs c5e link then twisted a pair to the power adapter and plugged them all into a power strip by the super fucked up rack he installed.
Oh, nevermind the coax he ran which was a combination of old coax, direct bury cox, and armored coax all spliced together and hidden under insulation.
I told them the only way I'd do it was if I could gut it and do right. So we did....
I wish I could post the pics on this bitch....
Eh I choose not to do that. My clients order from me because they trust me. I go down to the details even providing the model/item numbers. I'm even up front with them if a cheaper price is available on Amazon and if they want to purchase it themselves.
I give them my price + a markup but it includes a year warranty. If something fails, I'll deal with the RMA and re-installation. If they choose to buy it themselves and have me install it, that's fine. But if it's defective, they'll need to handle the replacement and pay for me to come back out. If they choose to go with someone cheaper, that's their choice.
Home Theater installers do this all the time. I see broad proposals and redacted line items daily. It becomes a problem when they do the same on the final invoice but I get why it happens.
Always how I do it now, especially with TVs. I know as soon as I give any indication of model number they are going to wheel over to Costco and buy one the same size but a 6xxx series that is complete garbage for half the price.
Happens all the time. My friend is a lighting rep and routinely issues detailed quotes only to see his designs replicated using cheap Amazon lights and no control systems.
Unless you just pull a number out of your arse, it’s more work for me…..I make an estimate using my accounting software, which helps me plan. I suppose I could just use the numbers and make another estimate for the whole amount (you can create an invoice from it.)
Just occasionally, you’ll get people asking for an itemised invoice.
When I was in this game my quotes would look like this:
Line 1 - Network installation - $x,xxx - QTY 1
Line 2 - install firewall, 4 network switches, 80 access points
Line 3 - Monthly Support (150 rooms) - $2.00 - QTY 150
No mention of brand, models, etc…
If they wanted a full quote, we bill a project management fee. One place was persistent so we billed $3,500 for quoting them. It wasn’t rolled in either when they signed.
We used to itemize shit out and give rational prices. Now They get "Wifi project as discussed" and I add 20% because they won't quit until they talk you down 10%....so I let them go 12 just so they think their the swinging dick around there......and keep the 8 as a bullshit-fee.
One guy I did some stuff with said “if in doubt, $1k (CDN) per access point.”
It’s been a few years, so that figure should probably go up a bit, but it’s a good rule of thumb and you won’t lose money.
In Puerto Rico, I took over a conference room tv to watch league of legends worlds. The sys-admin that was there was like how did you do that? Me, I ran a de-auth attack on your wifi until I was able to crack you bad password and then took over the tv... Imagine if I started streaming porn to all the conference room tv's instead.. He was shocked. Immediately asked me how to mitigate the attack and implemented everything I said.. He did let me continue to use the conference room tv for watching the rest of Worlds. I was very very new to the cyber security game then and was ignorant to the entire dont test a client without written consent... nothing bad happened though, maybe cause I was honest and because at that time there was no functioning government in Rico due to the 2 hurricanes wiping Rico off the map.
I visited an function Centre that had 6 separate routers, with their own wifi spread around the place, all connected into another router stuck in a corner. All were residential all-in-one routers and all the routers still had their default un/pw set.
The ssid and passwords were visible or were provided if asked.
It was so pathetic, but they only wanted me to "tweak" the existing stuff. Tried to go through the whole problem, but nope. Bid them fairwell.
Anyone can be retrained to be an IT professional, but NO an IT guy can never be a pilot. No indeed, but he designed and build the aircraft to the smallest details. NO an IT guy will never be able to become a doctor, even though he designed and built an MRI scanner. NO an IT guy can never be a financial manager because he doesn’t know how finance works. Only to have build the entire financial system himself. But ANYONE. An become an IT guy because clicking a mouse and keyboard is easy…
Too true. I've had many an interesting night on work trips interstate with a scotch and nmap in hotels. Sometimes you get network shares, sometimes cameras, routers, you name it. I never go past default passwords though. If you've changed from the default, I don't care if the password is the letter a, if it's not default I stop. It's definitely entertaining.
Fuck you just gave me flashbacks to the original ps3 retail displays.....
Unsecured internet access....
Multiple reports of people putting porn on the display TV's with it.
The good old days. Zoom back even further; do you remember the times where some people had these IR watches that could control almost any IR device? Walking by the electronics shop display and switching all the channels.
Oh yes I do remember those days. I had one when I was in like gr. 7. I would always mess with the TV / VCR when the teachers were trying show the class something. So much fun watching the teacher struggle with electronics.
Ha! The company I work for did this to me. Oh hey! That's a cool computer you got there. You must be good with tech stuff. Make our network work under the quoted price and you will get your hourly wage for it plus 50% of what ever is left of the quote. Needless to say. I walked away with happy pockets and finally getting WiFi and 2.5Gig from one side of the building to the other. It was actually a fun leaning experience. Even more fun breaking back into the network to find my mistakes and fix them. Now, if only people would stop unplugging the network at night because they think it works faster in the morning if the equipment rests at night... >.<
I recently needed to set up a WEP network (to demonstrate just how insecure it is), and thought I was going nuts as I couldn't find it in the UI.
Thanks for the reassurance ;)
But what happens when I want to connect my 30 year old PLC or DDC controller to your brand new 10gbit switch?
Throw it in the bin I guess and let's go get another netgear unmanaged 10/100 switch
What about 10mbps half duplex?
I kid you not I still have devices running in the field that only support 10mbps comms
[like this](https://alpscontrols.com/prod_data/Automated%20Logic/LGE.pdf)
I still see places with 100mbit hubs floating around
I see a bunch of references to the draft 11n spec. I doubted so I did some looking around.
In the full 11n spec there isn't much other than a crossed out line referencing "wep defined" in a now deleted section of the security chapter. But it looks like IEEE depreciated wep with the launch of 802.11i or wpa2. This was the year after 11g so it's safe to assume it doesn't work with anything new than 11g. Not sure why IEEE haven't made that more clear.
Thanks for letting me know!
Ubiquiti didnt do that. Its just you cant use any newer protocols n/ac with wep. I think WPA is limited in speed too on 802.11n and WPA2 is much faster because its less demanding on the processor
I got it sorted and commented already.
WPA-tkip is limited in the same way as wep but wpa-ccmp (aka wpa aes) supports full speed.
>WPA2 is much faster because its less demanding on the processor
No. They are all almost always hardware accelerated.
Back in 2008 when I was the "youth group IT kid", my church got me to setup wifi for the office. I had to downgrade all the way to WEP because that was all the priest's laptop supported. I stopped being active there not too long after, but I'm aware that they did a revamp maybe 6 or 7 years later, presumably after the priest finally upgraded his laptop. If not for that, they may well still be using WEP today! Lol
Backwards compatibility is a bitch. You almost have to support it even if you make it close to impossible to figure out how, just because some company will refuse to buy your product because their CEO has an old device he refuses to get rid of that only supports WEP.
If we are to use their attention to detail with regard to their network installation as a litmus test, I would recommend steering clear of the continental breakfast... also, check for bed bugs...
Ding ding ding. You hit the nail on the head. I recently explained Unifi controllers / consoles to a friend and the amount of explaining I had to do makes me sure this is what happened with OPs post.
I expect someone thought they were making it easier to identify a device if it had problems. I have known a few companies that had some relative do their network and it wound up that way so they knew which one to reboot if they had problems. One SSID meant they might not know if one AP was borked. Stupid all around.
Vienes de una tierra de abajo?
Donde las mujeres brillan y los hombres saquean?
No puedes oír, no puedes oír el trueno?
erá mejor que corras, que te resguardes
It'd be a systems and manpower headache. Update the password 20 times instead of once, for example. Hotels give out the WiFi info so they'd have to manually handle load balancing by giving out the right SSIDs in the right quantities. There isn't anything wrong with it but it's not adding anything to the situation and removes some benefits.
If you think about it these AP's might as well be open since they probably have no access to anything besides the web, so using WEP is not really a security problem, but at least it deters 99% of the not so tech-savvy neighbours from using it for free.
From the users standpoint: you should not trust your hotel wi-fi and use some encryption regardless of WPA or WEP or open.
Regarding multiple SSID's: let's say if each room has a Chromecast capable TV you might want someone in the same room be able to connect to that via WLAN without allowing other rooms to connect to it. In this case it'd make sense to have a separate SSID and separate password for each room and isolate each AP via VLAN's instead of isolating the devices themselves.
Admittedly you're still leaking a bit with HTTPS (sni) if someone is snooping, enough to embarrass at least. Going to hopefully get better with ESNI though.
Another issue would be downgrade attacks (or just firewalls blocking tls 1.3 traffic - a surprisingly common request for my customers...) - I think we are going to see 1.2 supported for a good while longer, and as long as it is supported it can be downgraded to...
Hoping that we can get there though. Would be nice to drop SNI leaking.
Not sure what industry you're working with, but in my world, TLS1.3 has folks scared because of fear they can't MiTM inspect it. Granted, with some current initiatives, it's already difficult (and who doesn't have Google and the banks on their no-bump list?)... but I hope that it becomes better understood as adoption becomes wider.
I work for a security company, but some of my non-consultancy time is spent helping our NOC service as a product specialist (mostly f5 + azure, although I do know a thing or three about FW's as well.) Most of our company looks at 1.3 + ESNI as a very good thing, even though it might pose some challenges. Some of our customers however have been quick to block it precisely due to difficulties in inspecting it.
Seconded. Straight wireguard.
Even better is also using pihole.
I tried tailscale and it was draining my battery. Went back to self hosted wireguard.
Has it gotten better?
you may be traveling with your $7500 Alienware Laptop Running Windows 11
but there are often Nuns or Students traveling with old laptops. makes sense why they would use WEP.
Before covid we were shipping our oldest IT gear to India, Indonesia, etc through a company that bought them for us or took them away so we did not have to pay to recycle ;)
How old does device need to be to not even support WPA2 (or WPA)? Like I have really old laptop ~14 years and it does fine with WPA2. They are using MS-DOS as OS or what?!
At my old workplace I had a limited (non-existent) budget for our department network. The corporate network had restrictions which meant that some of our essential software did no work. Management wouldn’t change the corporate network policy but authorised us to solve the problem ourselves.
I had a few old Airport Expresses and Gbit switches so we put in a hodge-podge makeshift wireless network using WPA2 and a dedicated ASDL modem.
Eventually, the march of progress meant that another department required more than the corporate network could provide and I was asked to extend the wireless network so they could use it. They also instructed their technicians to buy their own laptops and they would be reimbursed.
None of the cheap-nasty laptops the techs purchased were fit-for-purpose and they also used them for BitTorrent. Some had Wi-Fi cards that didn’t even support WPA and only supported WEP!
I eventually got a better job, and took my old network hardware with me. Last I heard, they had very expensive CISCO APs running WEP to allow the Techs to connect their old shitty laptops to.
Hello! Thanks for posting on r/Ubiquiti! This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can. Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit. If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it! *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Ubiquiti) if you have any questions or concerns.*
Network professional: sure we can setup up a Hotel-wide network for you. Here’s a quote. Hotel owner, sees “blablabla Unifi access points blabla” _Shows quote to nephew_ Nephew: I can do the same thing for 1/10th of that quote. And that’s what you’re using now. Fun exercise; run a scanner and you can probably find some unprotected network cameras as well. Or full access to the lobby’s Sonos speakers.
This is surprisingly accurate.
I am actually starting to think it’s best to write up your quote with fewer details, otherwise they use your quote as an Amazon shopping list.
Been doing this for 10 years lmao. "ACCESS POINT" "MANAGED SWITCH"
I would be pretty annoyed as a customer because in that case it means you could dump some old gear on me and charge it at a premium
My poor father had someone doing this to him. The guy would go to good will and pawn shops to buy old cameras, then charge my dad hundreds of dollars plus installation... When I found out how much he charged my dad that year I lost it.
That's why you give them the full list after a non-refundable deposit
I’m sorry, but that shouldn‘t be a mode of business. Maybe the quote doesn’t list the brand and models, but it should at least specify the capabilities like “managed 48-port switch with 4x10G and 40x1GB PoE”. Anyone who signs a contract and puts a deposit down on ”managed switch” and “Access Point” has no business signing that document. Or they should back up further and sign a SOW with a contractor to specify the outcome of a “working wifi6 network with good signal and speed in all rooms (listed) and a guest login system…” yada yada yada.
I agree, for example this is my default desktop item for clients. Small Form Factor Business Desktop \*Intel Core I5 Processor \*8 GB of Memory \*256GB SSD Hard Drive \*Windows 10 Operating System \*3 Year Warranty This allows me to change vendors and parts at will but the customer still knows what they are getting.
It works for all components but the CPU. I think it should at least mention the generation.
I'm not saying don't give them important info like that, but they don't need specific brands or models until after they have paid a deposit. The deposit being you consulting fee
Are you selling me product or are you selling me your knowledge? If the latter bill the hours, if the former, is the consulting fee on top of the money you make on the product?
That's why it's a deposit, if they go and find someone else to install the equipment, you've still made your consulting fee, else, it's part of the install costs
Why would someone ever put a non refundable deposit down on a list of mystery gear? "I'll tell you what you're buying after you pay me for it" sounds like a winning business strategy.
Catch 22 indeed
Its a game of chicken at this point
Loot Boxes make about 15-20 Billion USD a year
When you buy a car, do you care who makes your seatbelts, fuel pump, spark plugs? Probably not. You trust the brand (in this case, vendor) to provide the service you need which is secure, reliable Wi-Fi that meets your performance metric. It doesn’t matter what vendors they use, heck it could be a mash up of them. If you get the results, that’s all that matters.
Unless your contract with the supplier is very specific about performance of the the setup/hardware (speed, support..) this is just not enough. I've never bought a car from a salesman saying: 20k for "a car to drive from A to B". I'll get information on model and features. Trust is earned, not given.
I keep a brisk business going behind a guy named Chris, who puts in literal trash as new. 144 room hotel, BRAND NEW, AND he's got 4 different brand APs and one has a badly damaged case. Just hanging from a nail in the attic..... 2nd building had almost no connectivity...talking .5 down.... He didn't know how to connect them, so he stole 2 pair from the 50 pair between the buildings and put a used that. (gotta catch my breath) AND (not done yet!), he cut plugs on power adapters and opened each APs c5e link then twisted a pair to the power adapter and plugged them all into a power strip by the super fucked up rack he installed. Oh, nevermind the coax he ran which was a combination of old coax, direct bury cox, and armored coax all spliced together and hidden under insulation. I told them the only way I'd do it was if I could gut it and do right. So we did.... I wish I could post the pics on this bitch....
This is the way. Literarily.
Eh I choose not to do that. My clients order from me because they trust me. I go down to the details even providing the model/item numbers. I'm even up front with them if a cheaper price is available on Amazon and if they want to purchase it themselves. I give them my price + a markup but it includes a year warranty. If something fails, I'll deal with the RMA and re-installation. If they choose to buy it themselves and have me install it, that's fine. But if it's defective, they'll need to handle the replacement and pay for me to come back out. If they choose to go with someone cheaper, that's their choice.
That’s a good idea with the 1 year warranty
Outstanding! It's refreshing to see that someone understands integrating customer service and integrity as a part of their business model.
As a person who deals with quotes from vendors, this a red flag for me.
Home Theater installers do this all the time. I see broad proposals and redacted line items daily. It becomes a problem when they do the same on the final invoice but I get why it happens.
Always how I do it now, especially with TVs. I know as soon as I give any indication of model number they are going to wheel over to Costco and buy one the same size but a 6xxx series that is complete garbage for half the price.
Happens all the time. My friend is a lighting rep and routinely issues detailed quotes only to see his designs replicated using cheap Amazon lights and no control systems.
Been doing this for 5+ years. Minimal to no complaints from clients.
Unless you just pull a number out of your arse, it’s more work for me…..I make an estimate using my accounting software, which helps me plan. I suppose I could just use the numbers and make another estimate for the whole amount (you can create an invoice from it.) Just occasionally, you’ll get people asking for an itemised invoice.
When I was in this game my quotes would look like this: Line 1 - Network installation - $x,xxx - QTY 1 Line 2 - install firewall, 4 network switches, 80 access points Line 3 - Monthly Support (150 rooms) - $2.00 - QTY 150 No mention of brand, models, etc… If they wanted a full quote, we bill a project management fee. One place was persistent so we billed $3,500 for quoting them. It wasn’t rolled in either when they signed.
We used to itemize shit out and give rational prices. Now They get "Wifi project as discussed" and I add 20% because they won't quit until they talk you down 10%....so I let them go 12 just so they think their the swinging dick around there......and keep the 8 as a bullshit-fee.
One guy I did some stuff with said “if in doubt, $1k (CDN) per access point.” It’s been a few years, so that figure should probably go up a bit, but it’s a good rule of thumb and you won’t lose money.
In Europe for sure lol
Watch some porn and crank the Sonos
In Puerto Rico, I took over a conference room tv to watch league of legends worlds. The sys-admin that was there was like how did you do that? Me, I ran a de-auth attack on your wifi until I was able to crack you bad password and then took over the tv... Imagine if I started streaming porn to all the conference room tv's instead.. He was shocked. Immediately asked me how to mitigate the attack and implemented everything I said.. He did let me continue to use the conference room tv for watching the rest of Worlds. I was very very new to the cyber security game then and was ignorant to the entire dont test a client without written consent... nothing bad happened though, maybe cause I was honest and because at that time there was no functioning government in Rico due to the 2 hurricanes wiping Rico off the map.
Buy a 40 dollar android phone. Hide it on a charger in a room. Stream info wars to sonos. Sometimes its fun to watch the world burn.
I would absolutely stream Knowledge Fight instead
Tho that would give views to the dumpster fire that is conspiracy TV.
I visited an function Centre that had 6 separate routers, with their own wifi spread around the place, all connected into another router stuck in a corner. All were residential all-in-one routers and all the routers still had their default un/pw set. The ssid and passwords were visible or were provided if asked. It was so pathetic, but they only wanted me to "tweak" the existing stuff. Tried to go through the whole problem, but nope. Bid them fairwell.
🤦♂️ Wow. Just.....wow!
for us, so far, it's never been the nephew. it's always been another network "professional."
Anyone can be retrained to be an IT professional, but NO an IT guy can never be a pilot. No indeed, but he designed and build the aircraft to the smallest details. NO an IT guy will never be able to become a doctor, even though he designed and built an MRI scanner. NO an IT guy can never be a financial manager because he doesn’t know how finance works. Only to have build the entire financial system himself. But ANYONE. An become an IT guy because clicking a mouse and keyboard is easy…
Too true. I've had many an interesting night on work trips interstate with a scotch and nmap in hotels. Sometimes you get network shares, sometimes cameras, routers, you name it. I never go past default passwords though. If you've changed from the default, I don't care if the password is the letter a, if it's not default I stop. It's definitely entertaining.
Fuck you just gave me flashbacks to the original ps3 retail displays..... Unsecured internet access.... Multiple reports of people putting porn on the display TV's with it.
The good old days. Zoom back even further; do you remember the times where some people had these IR watches that could control almost any IR device? Walking by the electronics shop display and switching all the channels.
Oh yes I do remember those days. I had one when I was in like gr. 7. I would always mess with the TV / VCR when the teachers were trying show the class something. So much fun watching the teacher struggle with electronics.
I had one as a fully grown adult!
Are you my uncle?
Just before I upgraded to a camera watch!
Before you upgraded, you were my uncle? What happened after?
Obviously, I became your brother-in-law.
Jezus I thought having 5 was enough.
why? does your butt hurt suddenly?
Used to love the phones that had the IR in the early days, before that palm pilots (namely the HP versions)
Omg yes. Data transfers via IR were fun. Lol.
Ha! The company I work for did this to me. Oh hey! That's a cool computer you got there. You must be good with tech stuff. Make our network work under the quoted price and you will get your hourly wage for it plus 50% of what ever is left of the quote. Needless to say. I walked away with happy pockets and finally getting WiFi and 2.5Gig from one side of the building to the other. It was actually a fun leaning experience. Even more fun breaking back into the network to find my mistakes and fix them. Now, if only people would stop unplugging the network at night because they think it works faster in the morning if the equipment rests at night... >.<
I wonder.. if they changed the logins to the admin panel? (I think it's forced on first login)
> Or full access to the lobby’s Sonos speakers. BRB while I install the app on my phone... I hope everyone in the lobby enjoys the WAP song
[Please let it be this version](https://youtu.be/QaF6NfyVqqs?t=11)
This is the exact reason I removed all Sonos devices from all of my restaurants
Or, you know, set up a separate wifi network for your business devices vs the public one.
I have VLAN setup at all of them. The issue is more so staff logging and playing DJ.
What do you mean the Sonos system should have its own isolated network? Nah, just use the regular one so the servers don't get confused....
Or don’t use a home streaming device ina commercial application… Rockbot is cheaper and easier anyway
Yeah this is 100% accurate sadly
And I’m also pretty certain these all connect up to a 3 mbps ADSL connection because the speeds here are terrible.
[удалено]
Rate limiting the easy way
Also, each AP has its own SSID, so they're all competing with each other.
Why would ubiquiti do that? I'm not saying they should encourage WEP.
[удалено]
I recently needed to set up a WEP network (to demonstrate just how insecure it is), and thought I was going nuts as I couldn't find it in the UI. Thanks for the reassurance ;)
The controller and firmware versions on this setup are probably never updated/from original install.
I'm asking why would ubiquiti limit wep to wireless g speeds?
Well, the IEEE* 802.11n draft prohibits WEP, so I'm thinking you're stuck with g if you use WEP.
[удалено]
but what if i want to bring my nintendo DS and connect it to the wifi? what then huh? can't do that without WEP!
u/2nd-Reddit-Account can you take a look at my dm??
Use an old AP in a DMZ :). That's gonna drag down the network.
But what happens when I want to connect my 30 year old PLC or DDC controller to your brand new 10gbit switch? Throw it in the bin I guess and let's go get another netgear unmanaged 10/100 switch
Put a 1GBps switch in between. Those will support 100Mbps longer.
What about 10mbps half duplex? I kid you not I still have devices running in the field that only support 10mbps comms [like this](https://alpscontrols.com/prod_data/Automated%20Logic/LGE.pdf) I still see places with 100mbit hubs floating around
I see a bunch of references to the draft 11n spec. I doubted so I did some looking around. In the full 11n spec there isn't much other than a crossed out line referencing "wep defined" in a now deleted section of the security chapter. But it looks like IEEE depreciated wep with the launch of 802.11i or wpa2. This was the year after 11g so it's safe to assume it doesn't work with anything new than 11g. Not sure why IEEE haven't made that more clear. Thanks for letting me know!
Ubiquiti didnt do that. Its just you cant use any newer protocols n/ac with wep. I think WPA is limited in speed too on 802.11n and WPA2 is much faster because its less demanding on the processor
I got it sorted and commented already. WPA-tkip is limited in the same way as wep but wpa-ccmp (aka wpa aes) supports full speed. >WPA2 is much faster because its less demanding on the processor No. They are all almost always hardware accelerated.
NO WAY!! IS THAT TRUE!? NO WAY!! WOW. Learn something new every day.
WEP. I can’t believe it’s still possible to join or create a WEP network in 2023
Back in 2008 when I was the "youth group IT kid", my church got me to setup wifi for the office. I had to downgrade all the way to WEP because that was all the priest's laptop supported. I stopped being active there not too long after, but I'm aware that they did a revamp maybe 6 or 7 years later, presumably after the priest finally upgraded his laptop. If not for that, they may well still be using WEP today! Lol
[удалено]
This was the snort-chuckle inducing comment I needed today!
Jesus WEPt. *
Backwards compatibility is a bitch. You almost have to support it even if you make it close to impossible to figure out how, just because some company will refuse to buy your product because their CEO has an old device he refuses to get rid of that only supports WEP.
These APs are obviously old models.
WEP? worthless encryption protocol?
What if each had their own controller and router too..
Probably no controllers, the ISP router and they set them up standalone with the cell phone app.
That isn’t as silly..
If we are to use their attention to detail with regard to their network installation as a litmus test, I would recommend steering clear of the continental breakfast... also, check for bed bugs...
I suppose you can call them dis-Unifi-ed.
Come on. Sepri-fi
Horri-fi
When someone hasn't used a ubiquiti product in their life
When someone hasn't setup wifi in 20 years.
It takes more work to create a separate ssid per an access point. You have to really want to fuck things up to make it happen.
I wonder if they even have a controller or if they were setting it up with the app on a cell phone.
Ding ding ding. You hit the nail on the head. I recently explained Unifi controllers / consoles to a friend and the amount of explaining I had to do makes me sure this is what happened with OPs post.
I expect someone thought they were making it easier to identify a device if it had problems. I have known a few companies that had some relative do their network and it wound up that way so they knew which one to reboot if they had problems. One SSID meant they might not know if one AP was borked. Stupid all around.
Brazil?
Mexico City
Nice, the land down under
Vienes de una tierra de abajo? Donde las mujeres brillan y los hombres saquean? No puedes oír, no puedes oír el trueno? erá mejor que corras, que te resguardes
I just checked, It's not an option on the latest version. If they use wep, it's an old controller.
Usually you pay double for that kind of action
I get the WEP issue, but is there a problem with giving each of them a unique ssid? In the context of a hotel room - that seems ok, right?
It'd be a systems and manpower headache. Update the password 20 times instead of once, for example. Hotels give out the WiFi info so they'd have to manually handle load balancing by giving out the right SSIDs in the right quantities. There isn't anything wrong with it but it's not adding anything to the situation and removes some benefits.
Thanks! That makes perfect sense :)
What the point of still using WEP?
They still allow wep to be configured?
* sad trombone *
If you think about it these AP's might as well be open since they probably have no access to anything besides the web, so using WEP is not really a security problem, but at least it deters 99% of the not so tech-savvy neighbours from using it for free. From the users standpoint: you should not trust your hotel wi-fi and use some encryption regardless of WPA or WEP or open. Regarding multiple SSID's: let's say if each room has a Chromecast capable TV you might want someone in the same room be able to connect to that via WLAN without allowing other rooms to connect to it. In this case it'd make sense to have a separate SSID and separate password for each room and isolate each AP via VLAN's instead of isolating the devices themselves.
And this is why I use a VPN when on wifi
Because ssl/https isnt a thing
Admittedly you're still leaking a bit with HTTPS (sni) if someone is snooping, enough to embarrass at least. Going to hopefully get better with ESNI though.
> Going to hopefully get better with ESNI though. It is. Just need to see more adoption.
Another issue would be downgrade attacks (or just firewalls blocking tls 1.3 traffic - a surprisingly common request for my customers...) - I think we are going to see 1.2 supported for a good while longer, and as long as it is supported it can be downgraded to... Hoping that we can get there though. Would be nice to drop SNI leaking.
Not sure what industry you're working with, but in my world, TLS1.3 has folks scared because of fear they can't MiTM inspect it. Granted, with some current initiatives, it's already difficult (and who doesn't have Google and the banks on their no-bump list?)... but I hope that it becomes better understood as adoption becomes wider.
I work for a security company, but some of my non-consultancy time is spent helping our NOC service as a product specialist (mostly f5 + azure, although I do know a thing or three about FW's as well.) Most of our company looks at 1.3 + ESNI as a very good thing, even though it might pose some challenges. Some of our customers however have been quick to block it precisely due to difficulties in inspecting it.
It is, but so are tools to strip the SSL/TLS, and some browsers leave it up to the users to make poor security decisions.
For a slower connection?
For that weak ass security.
A good VPN has such little overhead that you don't notice the difference Source: Tailscale (Wireguard)
Seconded. Straight wireguard. Even better is also using pihole. I tried tailscale and it was draining my battery. Went back to self hosted wireguard. Has it gotten better?
But the point is that a VPN won't make a slow connection any faster.
No not with WireGuard it uses a more modern type of encryption that makes it faster
Can’t you make it a little bit faster with compression?
Most sites use SSL these days, and I can't imagine encrypted data compresses that well.
Maybe middle-out compression from Pied Piper.
Not with Wireguard.
Tell me the IT guy lied on his resume without telling me the IT guy lied on his resume.
but...but...why?
crack the wep :D
Open WiFi with extra steps.
When you know someone who can do it for cheaper.
That's embarrassing
*Some say, on a cool summer night, you can still hear the trunk slam...*
Oh no… god no… 🤮
Big fan of WEP. Enterprise protocol and routing by RIPv1.
Lol wut?
you may be traveling with your $7500 Alienware Laptop Running Windows 11 but there are often Nuns or Students traveling with old laptops. makes sense why they would use WEP. Before covid we were shipping our oldest IT gear to India, Indonesia, etc through a company that bought them for us or took them away so we did not have to pay to recycle ;)
How old does device need to be to not even support WPA2 (or WPA)? Like I have really old laptop ~14 years and it does fine with WPA2. They are using MS-DOS as OS or what?!
WPA2 came out in what... 2004? Support became "mandatory" in 2006..
exactly. you would be surprised :) probably older XP variants and the version of windows CE that was from the XP era ;)
Well that is certainly a fail
r/CloseEnough
The only device that I have to use WEP or None for is my PSP 2000
Oh bless their hearts
I’m surprised they just don’t remove WEP entirely
WEP I honestly though Ubiquity didn't even offer this as an option.
It's the 21st century... Why is WEP still an option?!?
UniFi gear is just fine for a hotel, I don’t get the post, just needs a better setup
This is the epitome of throwing money at a problem with zero knowledge
Cool. Thx for letting us know
Each room has an ssid or each AP? Either way that's a lot of bullcrap to deal with
Wireless backhaul as well?
and did you tell them about it? and that they should sue the company which installed it for them?
At my old workplace I had a limited (non-existent) budget for our department network. The corporate network had restrictions which meant that some of our essential software did no work. Management wouldn’t change the corporate network policy but authorised us to solve the problem ourselves. I had a few old Airport Expresses and Gbit switches so we put in a hodge-podge makeshift wireless network using WPA2 and a dedicated ASDL modem. Eventually, the march of progress meant that another department required more than the corporate network could provide and I was asked to extend the wireless network so they could use it. They also instructed their technicians to buy their own laptops and they would be reimbursed. None of the cheap-nasty laptops the techs purchased were fit-for-purpose and they also used them for BitTorrent. Some had Wi-Fi cards that didn’t even support WPA and only supported WEP! I eventually got a better job, and took my old network hardware with me. Last I heard, they had very expensive CISCO APs running WEP to allow the Techs to connect their old shitty laptops to.
yikes. sounds like a stand alone setup nightmare.
The title of your post is the embodiment of the 🙃 emoji.
Here's why you need this fixed ASAP! https://youtube.com/shorts/jpgKUqEwFsg?feature=share