This article describes the troubleshooting steps to help you address connectivity issues with UniFi Wi-Fi networks, mainly involving the UniFi Access Points and client devices.
Before investigating further, make sure you are using the latest firmware for your devices and the latest controller version.
For more information about upgrading device firmware, see UniFi - Upgrade the Firmware of a UniFi Device.
- Understanding connectivity
- Troubleshooting client conectivity
- Troubleshooting UniFi device connectivity
- Access point proximity and network layout
- Make sure the access points aren't rebooting
- Verify the access point configuration
- Internet packet loss and smart queues
- Disable advanced features
- High TX power and link budget
- Network loops
- DHCP configuration
- DTIM period
- Trace packets through the network
- Wireshark packet capture
Connectivity issues generally fall into one of the two groups:
- client connectivity, i.e. client devices having issues connecting to Wi-Fi, such as Android phones not connecting to the UniFi network or iOS devices frequently disconnecting
- UniFi device connectivity, i.e. Wi-Fi behaving incorrectly even though the client devices can connect to the network just fine
To better understand the issue you're facing, try to answer the following questions first:
- How many devices are affected? (all or some)
- What do these devices have in common? (location, type of device, operating system, version, manufacturer, etc.)
- Does it occur in all cases or is it intermittent?
- Can you consistently reproduce the issue?
- Are you getting any error messages?
This information will help you and our support team troubleshoot the issue more efficiently.
Troubleshooting client connectivity
If you've determined that connectivity issues are isolated to client-specific devices (e.g. a laptop not connecting to Wi-Fi), follow the troubleshooting steps below.
1. Try reproducing the user-reported issues yourself and check the basics
In many cases, the cause for individual client Wi-Fi issues is a user error or a set of circumstances. To make sure this is not the case, check the basics, e.g.:
- that the WPA key is entered correctly
- that the client device doesn't have high signal strength to eliminate interference possibility
- that the client supports 5GHz Wi-Fi, etc.
2. Try rebooting the client device if only a small number of individual client devices is affected.
3. Scan the devices for malware that could be causing connectivity issues.
4. Update wireless adapter drivers on client devices when a subset of devices with the same wireless adapter are malfunctioning.
5. Try disabling advanced UniFi Network features
In some cases, advanced features like RADIUS might be misconfigured or not supported by your devices - try disabling them to see if this resolves the issue.
See the section on Advanced features below for more information.
6. Search for similar error messages or issues with your specific devices on the web
If an issue only happens with a particular device type, you might be able to find it mentioned on forums unrelated to UniFi products.
In this case, following the troubleshooting steps you've found or reaching out to the device manufacturer (for example, Android Support) might help.
7. Use packet capture tools to monitor traffic and help identify root causes
If none of the troubleshooting steps above helped, it might indicate an issue with the UniFi device itself or a configuration problem.
Troubleshooting UniFi device connectivity
Before beginning the UniFi device troubleshooting process, make sure you are using the latest device firmware and the latest UniFi controller - the issue you're experiencing might have been already addressed.
For more information about keeping your device firmware up to date, see UniFi - Upgrade the Firmware of a UniFi Device.
If your devices and controllers are up to date and the issues persist, proceed with the troubleshooting steps below outlining the most common connectivity causes and resolutions.
Access point proximity and network layout
An incorrectly designed network might be one of the causes of UniFi device connectivity issues.
If moving closer to the access point that your client is connected to resolves the issue, you might need to reassess the types, locations or the number of your UniFi Access Points.
Additionally, interference with other electronics might be creating the issue.
If this is the case, we recommend visiting the UniFi Design Center for help with the design and deployment of your UniFi network.
Make sure the access points aren't rebooting
In some cases, connectivity issues might be caused by UniFi Access Points rebooting.
To make sure this isn't the case, check the uptime of you APs:
- Log into your UniFi Network controller
- On the Devices tab, select the AP
- On the Devices Properties panel, see the Details > Overview section (or the Uptime column)
If the uptime keeps resetting and coincides with network downtime, this might be an issue with your device firmware - update to the latest firmware and reach out to our support team if this doesn't help.
Verify the access point configuration
Misconfigured devices can lead to intermittent connectivity issues, inability to upgrade APs, NTP sync failures and other issues.
Always make sure that all of your APs have:
- full citizenship on the network, including DNS access and internet-routability
- subnet mask wide enough to provide a route to the gateway
- gateway on the same subnet as the static IP address
Another common mistake is a switch port with inadequately configured VLANs.
To serve multiple VLANs, make sure that:
- the switch port that the AP is connected to allows both VLANs
- all intermediate switches between the AP and the router have these VLANs configured and allowed
Internet packet loss and Smart Queues
To determine whether the problem lies in the wired or the wireless infrastructure of your network, try to continuously ping Google's public DNS (22.214.171.124) and your router simultaneously from two terminals on a laptop:
- If you see packet loss to both IPs, then you likely have a wireless issue
- If you see packet loss only on 126.96.36.199, then you likely have a wired/internet issue
If local devices are reachable via Wi-Fi, but packet loss occurs to/from the internet:
- Enable Smart Queues or other traffic shaping method on your router
- On your WAN network's Classic settings, go to Networks > Edit/New WAN Network > New Settings: Internet > WAN Networks > Edit/New WAN Network
- Configure upload and download values of Smart Queues accurately to match your contracted ISP rates
Many laptops (regardless of whether charging or not) enable Wi-Fi power saving mode on their Wi-Fi interface.
You may see ping responses up to 1.25 seconds late, especially if the laptop is not busy doing anything else on the network - this is considered packet latency, not packet loss.
Disable advanced features
Some advanced UniFi Network features might cause issues when misconfigured or not supported by client devices.
Additionally, some wireless clients might have advanced options in the wireless driver that may impact performance (e.g. Throughput Booster).
Try disabling the following UniFi Network controller features when troubleshooting connectivity to make sure they are not the culprit:
- Band steering
- Minimum RSSI
- Connection monitor
- Auto-optimize network
- High performance devices
- AirTime Fairness
To find the Band-steering and minimum RSSI options:
- Enable Advanced Features - go to Settings > Site > Services
- Go to the Devices tab > select an AP > go to Configuration
- Minimum RSSI settings are located under Radios > Advanced Options drop-down menu
- Band Steering and AirTime Fairness are available within their own menu in the Config menu - click to expand each section.
If disabling an advanced feature resolves the issue, it might be a client compatibility problem or a firmware or controller bug - reach out to our support team and we'll help you out.
High TX power and link budget
The high transmit power of UniFi APs is great for single-AP installations, but can be problematic for enterprise or multi-AP deployments.
The high TX power will extend the range for slower TX rates only, as faster rates are transmitted at a lower TX power, which is normal for all APs and devices. This eats up air-time for faster rates in multi-AP deployments, slowing down the entire network and potentially causing packet loss.
High TX power can also cause an imbalance in the Wi-Fi link budget between the mobile client and the AP since most mobile clients have a TX power between 14 and 18 dBm.
Mobile clients will stay connected (and show full Wi-Fi bars) to an AP with a strong signal from the AP to the mobile client, even if the signal from the mobile client to the AP is not sufficiently strong.
To resolve this, try lowering the TX power on the UAPs to 18 dBm in the Network Controller UI by following these steps:
- Go to Devices > Configuration and click on Radios dropdown menu
- Adjust Transmit Power under Radio 2G - set it to Custom and set the dBm to 18
- Do the same for Radio 5G
- Click Queue Changes and then Apply Changes
- Do this same process to your other access points
A network loop is a network configuration where there is more than one path between two computers or devices, which causes packets to be constantly repeated.
You can detect network loops by running the tcpdump command on the affected UAP and/or UniFi Switches, and by viewing the output in Wireshark.
Detect network loops by following these steps:
1. SSH into the affected UAP and issue the following command:
tcpdump -i br0 -n -v -s 0 -w /tmp/capture.pcap
2. Copy the resulting pcap file to your laptop for viewing in Wireshark.
scp firstname.lastname@example.org.X:/tmp/capture.pcap /tmp
This copies the capture.pcap to /tmp on your computer. You can also use winscp similarly.
3. Open the file in Wireshark.
Typical networks will have less than 100 kbps of multicast/broadcast traffic, totalling only dozens of packets per second.
If there are thousands of multicast/broadcast packets per second, then you likely have a network loop somewhere that needs to be resolved. Try disconnecting infrastructure devices until the number of multicast/broadcast packets goes down to a reasonable number.
If you have IPTV on your network, this may manifest as a “network loop” due to the high volume of multicast traffic. In this environment, Multicast Enhance is recommended, since it will convert these packets to unicast, and only transmit them to the desired devices.
Some older or misconfigured routers and DHCP servers transmit the DHCP offer/ack messages as broadcast packets, which are much more likely to be dropped. This can lead to slow connection times and intermittent connectivity.
Make sure your DHCP offers and ack messages are unicast, not broadcast (the discover packet from the client can still be broadcast).
You can do this two ways:
- By creating different LAN segments, i.e. if you have only one LAN for multiple machines/devices you can create multiple LANs for different network areas, which can help avoid slowdowns by creating unicast packets
- By creating different VLANs, see UniFi - Using VLANs with UniFi Routing Hardware for more information.
The DHCP Timeout counter can be useful in debugging common misconfiguration issues.
This counter goes up by one every time a DHCP response is not seen for over 10 seconds after a DHCP discover/request has been forwarded from a wireless client.
If the DHCP Timeouts number is rapidly increasing (by hundreds or thousands per day), make sure that:
- The switch port your AP is connected to allows traffic to pass for the desired VLAN
- Your DHCP server is actually responding to DHCP requests, by sniffing DHCP traffic on your DHCP server itself.
Additionally, you want to check the DHCP server logs to see reasons why requests might be dropped or NAK’ed, possibly due to misconfigured DHCP relaying.
The default DTIM period of 1 is used for compatibility and legacy reasons.
However, the DTIM period of 3 is recommended for with nearly all modern devices (including recent iOS and Android phones).
You can try adjusting the DTIP period via the following steps:
- Go to Settings then Wireless Networks
- Select the network that your modern devices connect to and click Edit
- Click on the Advanced Options drop-down menu and scroll down until you see the 802.11 Rate and Beacon Controls drop-down menu.
- Open it and uncheck the Use default values box
- Modify the DTIM period for your 2G and 5G bands
- Click Save
Trace Packets Through the Network
In some cases, multicast/broadcast packets might be transmitted successfully, but the unicast packets are not.
It helps to understand how far different types of packets travel on the network.
First, you need to determine which VAP interface your wireless client is connecting to. You can ssh into the problematic AP and issue the command iwconfig.
In the example below, you can see that ath6 is the VAP for the ubnt-ut-AP-LR network on the 5 GHz radio.
Determine if Broadcast Packets are Reaching the UAP
1. SSH on UAP, run tcpdump on the athX interface on the UAP:
tcpdump -i athX -n -v -s 0 -w /tmp/broadcast.pcap
2. Send some broadcast packets using ping from your laptop (terminal on laptop):
3. Stop the capture, and start another capture named /tmp/unicast.pcap:
tcpdump -i athX -n -v -s 0 -w /tmp/unicast.pcap
4. Next, try to send unicast packets to your router (terminal on laptop):
ping 192.168.1.1 (replace with your router’s IP)
5. If broadcast packets aren’t being transmitted or received, then the unicast packets won’t go out (due to a missing ARP entry in the OS), either, and you’ll need to force a static ARP entry into your laptop (terminal on laptop):
sudo arp -s 192.168.1.1 00:00:00:00:00:01 ifscope en0 (Mac OS X)
arp -s 192.168.1.1 00-00-00-00-00-01 (from Administrator Command Line in Windows
6. Try the ping again, and see if the 00:00:00:00:00:01 unicast packets arrive at the athX interface on the UAP.
Determine if Packets from the UAP are Reaching the Client
1. First, you will need to start Wireshark or tcpdump on your laptop to validate whether packets are getting to your laptop.
2. Then SSH on UAP and start a broadcast ping from your UAP to the network:
3. Capture the results in wireshark/tcpdump, then start a ping to your laptop (ssh on UAP):
4. UAPs might not have a way to set a static ARP entry, so if unicast traffic can’t be produced from the UAP. In that case, you can try producing the packets by setting a static ARP entry on a wired desktop/laptop, then sending the packets from that separate device.
5. Lastly, double-check that the bridge is configured correctly (ssh on UAP):
The output should look similar to this:
|Bridge Name||Bridge ID||STP Enabled||Interfaces|
Wireshark packet capture
Wireshark is the world’s foremost and widely-used network protocol analyzer. You can use it on most platforms to deeply analyze your own network.
To set it up and do a packet capture:
- Download and install Wireshark
- Open Wireshark and click on the gear icon
- Ensure that monitor mode is enabled for the en0 interface
- Click Close, and restart Wireshark.
- Start a capture on en0. You should see beacon, control, and management frames interspersed with data frames.
You can upload this capture to the community when asking for help, and be sure include the MAC address of the laptop or mobile device that is having issues.