@arrogantrabbit
Yep. The PSK is displayed in plain text. I always wondered why the heck they don’t mask it?
@JWvdV
Put “Protected management frames” on “Capable”. It mitigates some hacking risks as I understand it. “Enable” or “enforced” stops some old devices connect to wifi.
If supports wpa3, set it to wpa2/wpa3-psk.
I also enable all things like agile multiband, target wake time, and others in Proffesional tab. I don’t know if it’s good or bad, but from description sounds ok, and my routers perform pretty good. Also, I like to keep 2.4 and 5 ghz connections separate, with different ssid, because iPhone is pretty crappy in managing the connections.
Ubiquiti has the option to show the PSK, saves me the trouble of having to write it down somewhere else. I mean, if someone has access to the UI of your AP or router, he doesn’t need the PSK to connect to your network.
Same!
Lots of devices are crappy changing, have problems with mixed WPA and I don’t like staying my devices too long on a bad 2,4 connection before they switch to cellular. Like when I leave the house on a VoIP call, I only have one short interruption, instead of multiple reconnects. The shorter range of 5Ghz comes in handy in that situation. 5GHz or gtfo!
All my real devices are connected to a 5Ghz and WPA3 only network, while the shitty iot stuff has its own 2,4Ghz only and WPA2 only network.
Only recently a friend had problems connection his HomePods to his AVM router, when WPA was set to mixed mode WPA2/3. Worked flawless after setting it to WPA2.
I like Apple but their Wifi is just argghhh sometimes. Did you know, that these fu**ers don’t support OWE?
/end of rant
Can’t confirm. I have always had both radios on the same SSID, no issues with roaming of any kind. High performance devices linger on 801.11ac/ax as long as possible, as it should be.
If both, devices and access points, properly adhere to standards, single SSID is preferred.
This is why it’s important to get compliant, properly designed equipment – so you don’t have to micromanage connections, SSIDs, and channels. Some vendors go above and beyond and provide some degree of band steering, to nudge non-compliant devices to the right bands, but this is a non-standard behavior, and better be avoided.
I recommend getting devices on Qualcomm (former Atheros) WiFi chipsets, they tend to work much better and have better firmware.
Right. But it’s always little tings. Why do I have to do extra work to block out the field in the screenshots? Attention to details, makes all the difference.
I tend to buy commercial/enterprise stuff for things I want working reliably. Networking, printers, servers, test equipment, etc. It has been so far worth it for me from financial perspective – because time is money. Before I found Ubiquiti I went through quite a lot of hardware and software – both open source (including Tomato, OpenWRT, dd-wrt, pfSense) and commercial, including mikrotik, sophos, (both UTM and XG), untangle, and even meraki, before Cisco acquisition. Becoming networking and firewall expert through relentless troubleshooting and babysitting was never in my plans, but just like with synology, I ended up learning many nitty gritty and useless in any other context details of those systems against my will.
Ubiquiti already paid for itself many times over because I never have to babysit it. I screw it on the wall in the closet, setup auto updates on stable channel, and haven’t touched for 4 years. BTW, their NVR – Protect – is best in class. Especially comparing with the Surveillance Station. There is no integration with HomeKit, but Homebridge on a raspberry pi eh… bridges that gap.
Added benefit that I could buy a pice of their gear, play with it, and then sell on ebay for more 
To be clear, it’s not bug free, there are some quirks, for example, firewall configuration is quite counterintuitive – but I value user experience polish and attention to details above all else, and unifi so far has been far ahead of competition for my use cases.
I’ve sent configured network to my extended family across the pond, and now when we talk – we talk about what matters, not how to unscrew up the wifi again.
2 Likes
I would have censored the SSID as well so it would not be much of a difference for me.
It’s good to have a mask on the password field for different situations, like when you show your friends some settings or you access remotely a pc, and then the router webpage on that pc. You don’t want someone to photoshot your private password. Untill a friend pointed me to use Wireguard on Asus routers, I managed routers at night, when noone was on the other side at work.
Yeah, in theory that is true.
But in reality, this is not the case.
For example, when I leave the house, I loose 5Ghz going downstairs and then reconnect in the garden into 2,4, just to soon loose connection again in my car. Even with setting high minimum bandwidth, I can’t combat that problem. And that is just a user problem, not a “vendor is not compliant” problem.
Totally agree. Still, by separating them you loose nothing (if you only get 2,4 on some places in your house, you need more APs) but gain reduced complexity. Reduced complexity is always a win in IT.
Sure in theory HomePods should not care if Wifi has WPA2/3 mixed mode. But in real life it does not work between AVM and Apple. Is that Apples fault? Or is it AVMs fault? I don’t know and don’t bother. By reducing the complexity, I can dodge that problem.
For sure, I’m Dutch. As far as I know, I never needed to tell Asus where I’m living. But that might be too long ago. However, I even can enable some channels that are officially forbidden in The Netherlands, but never enforced as far as I know.
Same for me, however as long as I don’t enable WPA3.
Have been tweaking a lot of them in the past, but ended up breaking the network for old devices most of the time. So, I’m redirecting the default especially since I never remarked any significant difference.