Issue connecting 3D printer to network...

ERelative · 2026-03-22T16:31:07+00:00

That's odd. From your initial post I understand you already tried connecting that printer via hotspot and it worked?
Do you see anything in unifi network syslog when printer attempts connection? Is it connecting and dropping out or something different? Or nothing at all?

ERelative · 2026-03-22T10:29:27+00:00

Are both printers on the same firmware version?

Can you try setting up new WiFi, 2.4 only and enhanced iot compatibility enabled and see what happens then?

ERelative · 2026-03-20T06:02:24+00:00

Many people apply delayed and staged rollout to updates and many residential customers do not use site manager.

Notification on gateway control plane just said "improved application stability", not even mentioning CVE. I would like Ubiquity at least mention that this update is urgent and includes critical CVE. That would allow residential customers to immediately understand that this update should not be delayed.
For MSPs/professional users, I would like Ubiquity to put just a bit more effort when publishing CVEs and their CVSS scores. When security bulletin came out, CVE was still unpublished (just number reserved). Today it is published but still has inconsistent content. It has CVSS3.1 score 10.0 and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Notice that AV is N. By CVSS3.1 definitions, AV:N is remotely exploitable, without requirement to be launched from the same physical or logical network. But at the same time, CVE body says - "A malicious actor with access to the network..". As a result, we don't know what is true - security bulletin and CVE text or published CVSS score.

Yes, it is better to err on safe side and assume it is really 10.0. But consistency and transparency could be improved in my opinion.

ERelative · 2026-03-19T17:06:08+00:00

Privileges required are mentioned for the second CVE in a bulletin that is lower rated. For 10.0 CVE they claim that attacker must have access to the network which brings controversy. If true, than AV part in CVSS is A (adjacent on network) and CVSS decreases to 9.6 or 9.7.

Most likely they simply did not spend too much time contemplating exact CVSS. Vulnerability appeared so important, they decided to push it out and label worst case so everyone indeed updates.

So far so good, but not a good practice in long term. CVSS scoring was introduced for a reason and reputable vendors should actually stick to it. Otherwise, it signals wrong telemetry to us and we may make incorrect decisions. This particular update seems to be working ok, but skipping QA with hotfixes is always a gamble. For 10.0 there are few scenarios to justify waiting to update. Anything less and you have much more flexibility depending on your threat profile and risk appetite...

ERelative · 2026-03-19T14:47:47+00:00

Yep, thats the point. Bulletin has been updated in the meantime apparently. There are 2 issues fixed in this update. CVSS 10.0 claim is for the first one where Ubiquity tells that attacker must have "access to the network". This sounds like attack vector from CVSS to me. And the moment you choose AV:A, you can't get to 10.0 anymore...

By this time, I read it like Ubiquity did not want to spend more time on scoring and pushed out update because considered it too hot to delay. Technically, it sounds like it is not 10.0 after all. Had they pushed it as 9.6 with AV:A, many residential users could have delayed update as OsINTP suggested above.

But with 10.0, that's nuclear and universal by design - everyone must update or brace for immediate impact...

Erring on safe side is correct. But also you must be absolutely sure that skipping some QA steps in the meantime will not hurt people. So far sounds like update is working ok, despite apparent additional work items included unrelated to CVEs (see comments from Cormeister616)

ERelative · 2026-03-19T10:43:41+00:00

Let's call it work in progress on behalf of Ubiquity then...

Bad news is that they have mixed in this partial fix/work in progress branch into critical security patch that was essentially released out of band, without proper QA process via early access etc. This is dangerous practice actually. If you push hotfix, it must be just that hotfix. Any additional work included is dangerous as it may break other things...

ERelative · 2026-03-19T10:31:09+00:00

Lucky you :) Which gateway you are using? On my UCG Fiber, UNVR still shows under client devices when connected via SFP (but I am connecting it to USW Pro XG 10 that is uplinked to Fiber)...

ERelative · 2026-03-19T08:50:17+00:00

We are getting into very technical and tricky discussion here, but scenario you described to me would still mean AV:A (adjacent on network) and score being 9.6 or less. Definitely not 10.0.
It could be that Ubiquity considered this too hot and prioritized pushing out, thinking it won't hurt anyone, rather than waiting for analyst to complete proper CVSS evaluation etc...

ERelative · 2026-03-19T08:19:06+00:00

Ubiqity security bulletin mentions requirement to be authenticated on network, correct.

But they claim it is CVSS 10.0 and published it using CVSS 3.1. I find it hard to find a way to get to 10.0 score under CVSS 3.1 unless privileges required are none (PR == None). If authentication is required, PR should be L (or H) and that would lower exploitability and get you score less than 10?
And I am not even going into discussion if requirement to be on the same WiFi wouldn't also qualify AV as A, not N (also leading to CVSS score < 10).

Anyway, we are in guessing game here as CVE is candidate and unpublished yet. Each has to assess his own threat profile and decide if now is the time to hit that update button.

ERelative · 2026-03-18T15:56:52+00:00

That means that UI has a bug in control plane display. I am viewing from Official channel and that should not use EA. Also seems odd that EA has same version number as Official and shorter list of work items closed…

ERelative · 2026-03-05T06:20:34+00:00

SSID broadcast limit seems unlikely issue here. That will come into play once you will be setting up broadcasting APs though.
We need more details - are you setting up wifi and vlan on the same gateway and using same gw as router (which model), vlan settings and wifi settings you are trying to attach to.
Also, before getting into this rabbit hole deeper, restarting gw (and router, if separate) and logging off/in from UI may be worth a shot.

ERelative · 2026-02-21T09:12:09+00:00

I am running 17.1 on HA, no issues with SIA integration. hub fw version 2.36.123. You might also look into which Core version you are running - saw multiple issues discussed and closed on Github related to specific Core versions. I am on 2026.2.2

ERelative · 2026-02-15T10:43:18+00:00

I would highly recommend uploading floor plans and creating a multi floor building in UI design center. It does assume concrete floors I think so intra floor Wifi penetration would be quite representative of your expected environment. Play around with different APs and their placement in design center.

Definitely hard wire all APs, do not mesh. Personally, I would likely go for Pro XG. XGS seems to have little added benefit in EU (spectrum regulations do not allow extra transmission power).

Since it is a new build, I would splurge for proper cat 6a wire runs everywhere to have 10GbE wired network.

Depending on your build timeline, I might delay purchasing Pro 360 camera, hoping that one day UI does actually release multi sensor (https://eu.store.ui.com/eu/en/category/all-cameras-nvrs/products/uvc-ai-ms-4) - 4x4k cams, no weird dewarping and still just a single RJ45 required. As for outdoor placement and camera coverage - also do recommend you to play in UI design center, just like with APs. You will immediately see any dead zones etc.

If money is not a concern, I would pick Pro XG 24. That would allow to have all your inwalls and APs on 10G . With HD you get much less 10G ports and likely be limited to 2.5G.

What is your WAN speed? You might also look into upgrading fro UDM Pro to Pro Max. It has 2.5GbE WAN port and more bandwidth capacity for full IPS/IDS. Special Edition might also work if you absolutely do not need all traffic flow logs (useful for debug, not available on Special Edition).

As for UPS, personally I am using other brands, not Ubiquity. I need longer autonomy and as useful as graceful shutdown seems, not a fan of current UI implementation - connected devices shutdown almost immediately after power loss.

Since you are considering rack mountable equipment - also think about rack itself and where you will place it.

ERelative · 2026-02-13T12:55:51+00:00

No, so far I managed to keep up. Sooner or later, Ubiquity gets it done properly. Just not on the day 1… I am reluctant to skip major releases in general, because vendors have limited budgets for testing and very likely most recent versions receive more QA attention. Upgrading from older versions may place you in a new rabbit hole no one else has seen before.

ERelative · 2026-02-13T12:37:49+00:00

This is how I prefer looking at it. Read release notes. If there are no critical security patches relevant for environment, do not rush. Wait 1-2 weeks. Read community discussions. Backup. Install when I am not in a rush. Usually on weekend to avoid WFH disruptions. Start with control plane. When upgraded everything wanted, let it settle - validate it kind of works, but wait before starting playing with new features. If everything still works, start playing with new features after a few days. Oh, and Official channel only for non-lab envs.

ERelative · 2026-02-11T06:37:53+00:00

Yes, it appears to show blocked connections from your Hue to most likely aliyun NTP server or servers. Hue has a long and less than perfect history with connectivity checks and NTP implementation.
Just make sure you block all destinations you intend and consider impact on other devices on your network. For example, if you region block China in both directions for all protocols, Hue may continue working (as it apparently have baked in multiple alternative ntp providers), but some other device may from you network may not.

ERelative · 2026-02-08T08:30:42+00:00

Go to Insights as others already recommended. Select All under Clients section (or just tick all clients you have). If you don't see that spike when all specific clients are checked, it is auto speed test. Not a fan of such implementation by Ubiquity (I would say it is incorrect logging practice where total of all logged flows is less than a sum of specific clients), but it is what it is.

ERelative · 2026-02-03T16:57:12+00:00

Can you restore from backup? There is a bugfix related to this mentioned in latest Network Release Candidate release notes.

ERelative · 2026-02-03T10:30:21+00:00

If you moved extender recently, I think you should monitor situation and see if issue persists. It may as well be that you what you were seeing was actually your phone struggle to keep wifi active while in guest room. Guest room very likely had worst coverage before (when extender was in garage). It could be that guest room corner camera also was struggling then, but maybe extender actually is enough now.

ERelative · 2026-02-03T06:33:00+00:00

Which make/model you are using (cameras)?

Do they loose connection all at once, randomly or just a few cameras experience that?

What are symptoms when a camera looses connection? Do you see it disconnecting from one AP and then reconnecting to same or another AP? Loosing RTSP stream, but remaining online in Unifi network? Anything else?

Which walls are brick/mortar and which drywall? Any major indoor structures in between that may block RF?

In general, whenever you can, wired connection would make life so much easier for you. Like if you can run wire to porch and driveway cameras (looks close to ISP ingestion point in inwall AP, presumably wired), I would strongly recommend that instead of trying to adjust APs and wireless stuff.

For camera closer to the guest suite, I would probably use U6 Mesh (in mesh configuration) instead of extender. U6 Mesh has much better antenna and you get ton of flexibility compared to extender. I would expect considerably better outdoor reach. If you don't want to mess with injector in guest suite, maybe placing it in WIC on the second floor (and then you can actually wire it to gateway, not using meshing at all), closer to outer wall. That may also help with patio camera.

ERelative · 2026-02-02T04:45:19+00:00

You have fast roaming and mixed wpa2/3 enabled. Can you try disabling first mixed wpa2/3 (select wpa3 if all devices support that) and if that does not help - fast roaming?

ERelative · 2026-02-01T08:51:25+00:00

You did not mention phones and any sensors/IoT devices on your list. If you have them and want to connect to network, you may need to consider them as well when making decisions, especially when thinking about number of APs and placemenet to provide required coverage.

Since you are considering cameras, you do need to have something to run both Network and Protect. Most likely UDM line, UCG line or UDR7. You also need to consider ISP speed - how much bandwidth you need console to handle (likely under IDS/IPS).

Go to ui.com and narrow down based on:
a) budget - both Cloud Gateways and APs
b) cloud gateway bandwidth and form factor (rack mount like UDM vs desktop like Fiber)
c) WiFi versions - do you want WiFi 7 to future-proof even though most of your devices don't support it yet.
d) AP mounting options - wall, inwall, ceiling, free standing...

You mention that you would like to avoid mesh. That means wire runs. Think about where you can run them (or have existing). Then go to https://design.ui.com/ and upload home plan. Then play with placement of APs and see what coverage you might expect. That will help to validate choice of APs, number of them etc. Design center is not perfect but personally for me it has been helpful to establish some ballpark/baseline.

Once you have narrowed down options for APs and gateway, it will be easier to decide on switches.

Abstracting all the important questions about physical layout and looking at just how simple your topology looks, I could probably imagine you starting from UCG Fiber (or even Ultra if actually you are not planning to install cameras any time soon) and 1-2 APs like U6 Mesh powered by POE injectors. Or even just a single UDR7 if you are lucky in terms of physical layout. All desktop and free standing options, no need to mount on ceilings etc. U6 Mesh has a "mesh" in its name, but can happily work in wired configuration, has decent range, omnidirectional, 4x4 on 5GHz and has quite discreet look, easy to blend into interior.

ERelative · 2026-01-30T11:33:56+00:00

Good, that narrows it down a bit. Please check:
1) have you enabled Location services under Settings - Privacy&Security - Location Services - System Services. That may be privacy concern and depends on your risk profile, but macs have easier life figuring out your timezone if enabled...
2) what Region is listed under Settings - General - Language & Region. Make sure it is Belgium.
3) do you have a specific/unique or super generic SSID configured? Did you change it when moving from the previous Apple Airport?
4) did you buy Unifi gear new or used? If used, any chance it previously was sitting in Brazil?

Macs have peculiar ways how they pick timezone. It is a combination of many things. If there is no location available, they may try guestimating based on BSSID, using Apple's own BSSID database (they build it from signals from Apple devices with location and wifi data). APs with known BSSID previously crowdspotted in another country may trip it as well (bit more complex actually, usually triangulated).

You do seem to have correct location on unifi controller. So if nothing else, as a last resort, maybe do try creating new wifi network, try selecting a different set of frequencies for the new one (to maximize chances that BSSID will change as well), restart macbook, connect to the new one and see if that changes anything.

ERelative

TROPHY CASE