Managing Ubiquiti Networks MAC ACLs from a script

I have a small web-based tool for allowing members of an organization to register their wireless MAC addresses, and then automatically adding them to the MAC ACL on Ubiquiti AirOSv2 APs. It’s a pretty quick hack, along with a simple and ugly web-based tool, but it gets the job done for a non-profit with only 25 people. After posting about it on the Ubiquiti forum and getting a request from someone for the code, I decided to put it out there for anyone who wants it. The script is mostly based on SCPing configs to and from the AP and SSHing in to run commands, and will need passwordless public key auth to the AP.

The code itself is in subversion at https://github.com/jantman/misc-scripts/tree/master/ubiquiti-mac-acl. It’s composed of four files:

  • updateAPconfigs.php.inc
    • the main PHP file with three functions for working with the APs
  • wirelessTools.php
    • My PHP page for users to add MACs. It’s pretty rough and is mostly based on handling our LDAP authentication/group framework, but it gives a fair example of how I store MACs in a MySQL table and then rebuild a given AP config file with the current list of MACs. I doubt it will be useful to anyone else as more than an example.
  • wireless.sql
    • The schema for the SQL database I use to store MACs.
  • README.txt
    • Readme file including some warnings on the lack of error checking in the functions.

Hopefully this will be of some use to someone. I should probably mention two important things here. First, the AP only accepts up to 32 MAC addresses, so if you feed the makeNewConfigFile() function an array with more than 32, it will just stop at the 32nd. Also, be aware, this SCPs a config file to the AP, runs cfgmtd and the reboots the AP. If you send it a bad config file, who knows what will happen. If you allow your users to add MAC addresses, your APs will reboot every time someone adds one.

All I ask is that if you use this, leave a comment to thank me, and if you make any changes/additions/bugfixes, please send them back to me.

Also, I have some Nagios check scripts that are useful for Ubiquiti APs.

Comments

comments powered by Disqus