Install openWRT / LEDE 17.01.4 on Ubiquiti UAP-AC-LITE

The Ubiquiti UNIFI AP AC LITE is the smallest from Ubiquiti’s Access Points. At the moment it’s sold for roughly 75€.

The Access Point has the following key data:

SoC:             Qualcomm Atheros QCA9563
Bootloader:      UBoot
CPU Frq:         775 MHz
Flash:           16 MiB
RAM:             128 MiB
Gbit Ports:      1 GbE
Wi-Fi Standards: 802.11 a/b/g/n/ac
Wireless         2.4 GHz: 802.11n 6.5 Mbps to 300 Mbps (MCS0 - MCS15, HT 20/40)
Wireless         5 GHz: 802.11ac 6.5 Mbps to 867 Mbps (MCS0 - MCS9 NSS1/2, VHT 20/40/80)
Serial:          Yes, for U-Boot
PoE:             802.3af/A PoE & 24V PoE
Antennas:        2 Dual-Band Antennas, 3 dBi Each

There is more information about this device on WikiDevi, OpenWrt and LEDE.

The original Firmware on the Access Point does not have a Web Interface for configuration. But there is a Controller Software available to do mass configuration and control for many AP’s at once.

As we do not plan to use the Firmware from Ubiquiti we do not need to use this software and replace it with latest LEDE.

Happily LEDE Project and OpenWRT have merged back to a unified Project. So we can just use the newest stable LEDE 17.01.04 Release to flash the new firmware on it.

So i connected it with the PoE device to my existing Lan. It received the IP and i connected to it with SSH. The default password is ubnt/ubnt.

cave@laptop:~$ ssh ubnt@
BusyBox v1.19.4 (2017-05-08 10:00:47 PDT) built-in shell (ash)
Enter 'help' for a list of built-in commands.

The Version seems to be pretty new. Sadly Ubiquiti uses OpenWRT for their modified firmware, but refuse to allow the community to install their own firmware. So they have modified U-BOOT Bootloader (GPLv2) and included some kind of RSA checksum which prevent installation of third party firmware. This check was introduced with FW >= 3.4.14
In the release notes:

Several changes to increase robustness of firmware upgrade process

So we need to downgrade to a version without this Lockout attempt. 3.4.7 firmware.bin

So download the firmware and scp it to your device into /tmp

cave@laptop:~$ scp firmware.bin ubnt@

Log in back to your AP via SSH, go to /tmp and update the firmware.

BZ.v3.7.58# pwd
BZ.v3.7.58# ls
default.cfg firmware.bin rc.txt running.cfg sysinit.txt system.cfg
BZ.v3.7.58# fwupdate.real -m firmware.bin 
part:fis:311326, block size:393216 
Writing 'u-boot ' to /dev/mtd0(u-boot ) ... [%100]
part:fis:6877320, block size:7929856 
Writing 'kernel0 ' to /dev/mtd3(kernel1 ) ... [%100]

When the device reboots, you will loose connection. So log back in via ssh and check if the downgrade was successful.

cave@laptop:~$ ssh ubnt@
BusyBox v1.19.4 (2015-09-11 16:51:29 PDT) built-in shell (ash)
Enter 'help' for a list of built-in commands.

Bingo, Version 3.4.7 is now shown in the prompt.

BZ.v3.4.7# uname -a
Linux UBNT 3.3.8 #1 Fri Sep 11 17:02:52 PDT 2015 mips GNU/Linux
BZ.v3.4.7# cat /etc/version 

Download the newest stable LEDE Firmware and copy it to the device.

cave@laptop:~$ scp lede-17.01.4-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin ubnt@
lede-17.01.4-ar71xx-generic-ubnt-unifiac-lite 100% 3776KB 1.8MB/s 00:02

And now do the update with the mtd command.

BZ.v3.4.7# mtd write /tmp/lede-17.01.4-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin kernel0
Unlocking kernel0 ...

Writing from /tmp/lede-17.01.4-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin to kernel0 ... 
BZ.v3.4.7# mtd -r write /tmp/lede-17.01.4-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin kernel1
Unlocking kernel1 ...

Writing from /tmp/lede-17.01.4-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin to kernel1 ... 
Rebooting ...
Connection to closed by remote host.
Connection to closed.


Now log in to your Device at IP as you do with any other openWRT/LEDE Router. telnet or ssh into it and set a password.

From now on there should be also a WebInterface available for easy configuration if you dislike the CLI.




Comments are closed.