UniFi & Wi‑Fi
Problems with the Dream Machine SE, U7 access points, Wi‑Fi passwords, guest networks, and fixed IPs at Sunbury. Use this when the issue is specifically router or wireless — not Cloudflare or TrueNAS apps.
UNI-001: What is the home Wi‑Fi password?
Symptoms: A new phone or guest asks for the Wi‑Fi password; you do not know it by heart.
Likely cause: The password is stored securely — not printed on the router label for this setup.
Fix:
1. Open Vaultwarden at vault.saxobroko.com and log in.
2. Search for UniFi, Wi‑Fi, or the SSID name.
3. Copy the password carefully — watch for spaces and capital letters.
4. On the device, join the main home network and paste the password.
Still broken? See UniFi Wi‑Fi basics.
UNI-002: Phone says Wrong password for Wi‑Fi
Symptoms: Wi‑Fi rejects the password even though you copied it from Vaultwarden. Likely cause: Typo, extra space, or you are joining the wrong SSID (guest vs main). Fix: 1. Confirm the exact SSID name in Vaultwarden matches what you selected. 2. Retype the password manually instead of paste if paste added hidden characters. 3. Check Caps Lock and keyboard layout on laptops. 4. Ask Saxon whether the Wi‑Fi password was rotated recently in UniFi. Still broken? See UniFi Wi‑Fi basics.
UNI-003: Wi‑Fi network name does not appear in the list
Symptoms: Home SSID missing; only neighbour networks show up. Likely cause: Both U7 APs are offline, the Dream Machine Wi‑Fi radio is off, or you are out of range. Fix: 1. Walk closer to a known access point location. 2. Check UniFi app → Devices — are both U7 APs Connected? 3. Confirm the Dream Machine SE has power and is online. 4. Restart Wi‑Fi on your phone and scan again. Still broken? See UNI-015 (AP offline).
UNI-004: Wi‑Fi is connected but UniFi shows No internet on WAN
Symptoms: UniFi dashboard shows WAN disconnected; house may have no internet. Likely cause: NBN or ISP issue upstream of the Dream Machine — not the access points themselves. Fix: 1. Check NBN box power and lights. 2. Confirm ethernet from NBN goes to the WAN port on the UDM SE. 3. Power-cycle NBN then Dream Machine (see When internet is broken). 4. Call ISP if WAN stays down after ten minutes. Still broken? See Network general (NET-001).
UNI-005: How do I open the UniFi admin page or app?
Symptoms: You need to change Wi‑Fi or see clients but do not know where to log in.
Likely cause: UniFi runs on the Dream Machine — LAN access only for admin.
Fix:
1. Connect to home Wi‑Fi or ethernet.
2. Install the UniFi Network app (phone) or browse to https://192.168.2.1.
3. Log in with UniFi admin credentials from Vaultwarden.
4. Do not share admin login publicly.
Still broken? See UniFi.
UNI-006: Forgot UniFi admin password
Symptoms: UniFi app or web UI rejects the admin login. Likely cause: Password is in Vaultwarden under UniFi — or it was changed and not updated. Fix: 1. Search Vaultwarden for UniFi admin or Dream Machine. 2. Try the stored password in the app first. 3. If still locked out, you need Saxon or local admin recovery — do not factory-reset without guidance. 4. Update Vaultwarden if Saxon sets a new password. Still broken? See Handover first 24 hours.
UNI-007: Dream Machine SE will not power on
Symptoms: No lights on the UDM SE; whole house loses routing and Wi‑Fi. Likely cause: Power cable unplugged, dead outlet, or hardware failure. Fix: 1. Confirm the power brick is firmly plugged into wall and UDM SE. 2. Try a different power outlet you know works (lamp test). 3. Wait two minutes after plugging in — boot takes time. 4. If still dark, do not open the case — escalate to Saxon. Still broken? See Turn everything on.
UNI-008: Dream Machine shows updating for a very long time
Symptoms: UniFi UI says firmware update in progress for 30+ minutes; network may be unstable. Likely cause: Normal large firmware update — or update stuck after power loss. Fix: 1. Do not unplug power during an active update unless smoke or burning smell — then pull power and call for help. 2. Wait up to 45 minutes on first boot after update. 3. If stuck over an hour, note the screen message and ask Saxon before hard reset. 4. After success, confirm WAN and APs reconnect. Still broken? See Common Issues.
UNI-009: One room has terrible Wi‑Fi signal
Symptoms: Bars drop in one bedroom or far corner; buffering on phones. Likely cause: Distance or walls between device and nearest U7 AP — 5 GHz does not penetrate well. Fix: 1. Identify nearest U7 AP — move closer for a test. 2. Confirm both APs show online in UniFi (UNI-015). 3. For heavy use in that room, prefer ethernet on fixed devices (PC). 4. AP placement changes need Saxon — do not relocate PoE cables blindly. Still broken? See UniFi.
UNI-010: Should I use 2.4 GHz or 5 GHz Wi‑Fi?
Symptoms: Phone offers network names with _2G or _5G suffix, or asks which band to prefer. Likely cause: 2.4 GHz reaches farther but is slower; 5 GHz is faster but shorter range. UniFi may use one combined name or split SSIDs. Fix: 1. Use 5 GHz near an AP for streaming and large downloads. 2. Use 2.4 GHz only for far rooms or old IoT that requires it. 3. Check Vaultwarden or UniFi for whether Saxon uses a unified SSID. 4. Do not create extra networks without reason. Still broken? See UniFi Wi‑Fi basics.
UNI-011: Guest wants Wi‑Fi — is there a guest network?
Symptoms: Visitor asks for internet; you should not give the main password if guest SSID exists.
Likely cause: Saxon may have a guest Wi‑Fi network isolated from NAS and PC — check UniFi.
Fix:
1. Open UniFi → Settings → Wi‑Fi and look for a Guest SSID.
2. If guest network exists, share that password from Vaultwarden.
3. Guest networks usually cannot reach 192.168.2.203 — that is intentional.
4. If no guest SSID, ask Saxon before sharing the main password.
Still broken? See UNI-030 (guest isolation).
UNI-012: Guest Wi‑Fi works but they cannot cast to the TV
Symptoms: Guest phone has internet but cannot AirPlay/Chromecast to lounge TV. Likely cause: Guest network client isolation blocks device-to-device traffic on the LAN. Fix: 1. Explain guest Wi‑Fi is internet-only by design for security. 2. Move the guest to main Wi‑Fi only if Saxon trusts them and approves. 3. Alternatively cast from a device on the main network. 4. Do not disable isolation without Saxon — exposes NAS and PC. Still broken? See UNI-030.
UNI-013: New UniFi device says Adoption failed
Symptoms: A new AP or switch shows Pending adoption or fails to join the controller. Likely cause: Device not on same LAN, wrong factory state, or needs physical connection to Dream Machine first. Fix: 1. Connect the new device by ethernet to a LAN port on the UDM SE or PoE switch. 2. Power it and wait three minutes. 3. In UniFi → Devices, click Adopt on the pending device. 4. If it fails twice, note the model and MAC — ask Saxon; do not reset the whole controller. Still broken? See UniFi.
UNI-014: Access point stuck on Adoption in progress
Symptoms: U7 AP shows spinning adoption for more than ten minutes.
Likely cause: Firmware mismatch, VLAN issue, or AP lost connection mid-adoption.
Fix:
1. Confirm AP ethernet/PoE cable is solid — link light on.
2. In UniFi, cancel and retry adoption once.
3. Power-cycle the AP by unplugging PoE for 30 seconds.
4. Ensure AP gets IP on 192.168.2.x — check Clients list during adoption.
Still broken? See UniFi.
UNI-015: U7 access point shows offline in UniFi
Symptoms: One or both U7 APs red/offline; Wi‑Fi weak or missing in part of the house. Likely cause: PoE cable unplugged, switch port dead, or AP lost power. Fix: 1. Find the physical AP — check ethernet/PoE injector or switch port LED. 2. Unplug PoE/network cable, wait 30 seconds, replug firmly. 3. In UniFi → Devices, wait five minutes for reconnect. 4. If still offline, try another switch port or cable. Still broken? See Physical equipment map.
UNI-016: Both U7 APs offline but Dream Machine is fine
Symptoms: Wired PC still works; all Wi‑Fi dead; both APs show disconnected.
Likely cause: PoE switch failure, central cable fault, or UniFi controller Wi‑Fi settings disabled — not NBN.
Fix:
1. Confirm Dream Machine is online at 192.168.2.1.
2. Check the switch or PoE source feeding both APs has power.
3. Power-cycle the PoE switch (if separate from UDM SE) after the router is up.
4. Review UniFi Wi‑Fi settings — ensure SSIDs are enabled on APs.
Still broken? See Turn everything on.
UNI-017: Wi‑Fi works but UniFi app cannot connect to controller
Symptoms: Internet fine; UniFi phone app says cannot reach controller or site offline.
Likely cause: Phone on mobile data without remote access, or using wrong UniFi account — local controller is on LAN.
Fix:
1. Connect phone to home Wi‑Fi and retry the app.
2. Confirm you log into the local site, not an old cloud account.
3. Try https://192.168.2.1 in the phone browser on Wi‑Fi.
4. Remote UniFi access may be disabled — that is OK for this homelab.
Still broken? See UNI-005.
UNI-018: Changed Wi‑Fi password in UniFi — old devices still connect?
Symptoms: You updated the PSK; some devices connect, others prompt for password. Likely cause: Normal — each device must get the new password; some cache the old one until forget/rejoin. Fix: 1. Update the password entry in Vaultwarden to match UniFi. 2. On stuck devices, Forget the network and rejoin with the new password. 3. IoT devices may need manual reconfiguration in their apps. 4. Expect no change to ethernet devices — Wi‑Fi only. Still broken? See UniFi Wi‑Fi basics.
UNI-019: How do I rename a device in the UniFi client list?
Symptoms: Client shows as android-abc123; you want a friendly name like Ryan-Phone. Likely cause: Cosmetic labelling in UniFi — does not change network behaviour. Fix: 1. Open UniFi → Clients → click the device. 2. Edit Name or Alias field. 3. Save — helps future troubleshooting only. 4. Fixed IPs are separate — see UNI-020. Still broken? See UniFi.
UNI-020: How do I set a fixed IP for TrueNAS (192.168.2.203)?
Symptoms: TrueNAS got a different IP after reboot; shares and tunnel break.
Likely cause: DHCP lease changed — TrueNAS and PC need fixed IP reservations in UniFi.
Fix:
1. Open UniFi → Clients → find TrueNAS (hostname or MAC).
2. Enable Use fixed IP address / Fixed IP → set 192.168.2.203.
3. Apply and reboot TrueNAS or renew DHCP on NAS.
4. Repeat for Windows PC at 192.168.2.200.
Still broken? See UniFi or Network general (NET-005).
UNI-021: Fixed IP set but device still gets wrong address
Symptoms: UniFi shows fixed IP configured; device reports a different 192.168.2.x.
Likely cause: Manual static IP on the device conflicts with UniFi reservation, or device has not renewed DHCP.
Fix:
1. On the device, set networking back to Automatic / DHCP unless Saxon documented static on-device.
2. Reboot the device.
3. In UniFi, confirm fixed IP matches intended MAC address — not a duplicate client entry.
4. Delete stale duplicate client entries if two entries share one device.
Still broken? See Network general (NET-005).
UNI-022: Should I enable WPA3 on UniFi Wi‑Fi?
Symptoms: UniFi offers WPA3; unsure if safe for older devices. Likely cause: WPA3 improves security but very old clients may not connect — Saxon's setting may be WPA2/WPA3 mixed. Fix: 1. Do not change security mode unless a device cannot connect and Saxon approves. 2. If one old IoT fails after a change, revert to previous setting in UniFi → Wi‑Fi → Security. 3. Note which devices broke for Saxon. 4. Test phone and PC after any change. Still broken? See UniFi.
UNI-023: UniFi shows a rogue AP or unknown access point warning
Symptoms: Alert about nearby unauthorised AP or duplicate SSID. Likely cause: Often a neighbour's router with a similar name — or a second AP Saxon added without documenting. Fix: 1. Compare alert details to known U7 AP MAC addresses in Devices. 2. If it is not Saxon's hardware, ignore or dismiss — not always actionable. 3. If a new house AP was installed, ensure it was adopted properly (UNI-013). 4. Do not confront neighbours — RF overlap is normal in suburbs. Still broken? See UniFi.
UNI-024: Firewall rule blocked something in UniFi — now apps fail
Symptoms: After adding or editing UniFi firewall rules, LAN devices cannot reach each other or WAN.
Likely cause: Overly strict LAN IN or LAN OUT rule — most homelab traffic is flat LAN today.
Fix:
1. Stop adding rules — note what broke (NAS, PC, one VLAN).
2. In UniFi → Settings → Security → Firewall, review recent rule changes.
3. Temporarily disable the newest rule and test 192.168.2.203 from PC.
4. Ask Saxon to fix rules — public homelab security is mainly on Cloudflare, not UniFi.
Still broken? See Network.
UNI-025: Phone keeps disconnecting from Wi‑Fi overnight
Symptoms: Morning phone uses mobile data; Wi‑Fi turned off or disconnected silently. Likely cause: Phone battery optimisation, weak overnight signal, or router auto-optimise kicking clients — common on Android/iOS. Fix: 1. Disable Wi‑Fi scanning optimisation for critical apps if phone allows. 2. Check bedroom signal — move charger closer to AP if bars were low. 3. In UniFi, check Insights for frequent disconnect events for that MAC. 4. Forget/rejoin Wi‑Fi if one phone only. Still broken? See Network general (NET-026).
UNI-026: UniFi Threat Management blocked a site I need
Symptoms: Browser on home Wi‑Fi shows UniFi block page for a legitimate site. Likely cause: IDS/IPS or content filter on Dream Machine flagged the domain — rare for homelab use. Fix: 1. Note the exact URL and time. 2. In UniFi → Security → Traffic & Security, find the block event. 3. If false positive, Saxon can allowlist — do not disable all security blindly. 4. Test on mobile data to confirm it is UniFi-specific. Still broken? See UniFi.
UNI-027: Port forwarding in UniFi does not expose Jellyfin to internet
Symptoms: You added WAN port forward rules; still cannot reach services from outside.
Likely cause: CGNAT — the house has no usable public IP, so UniFi port forwards never reach the internet. Use Cloudflare Tunnel instead.
Fix:
1. Remove unnecessary port forwards — they add risk without benefit on CGNAT.
2. Use public URLs via cloudflared on TrueNAS.
3. LAN Jellyfin stays on stream.saxobroko.com or local IP.
4. Read Network general (NET-014).
Still broken? See cloudflared.
UNI-028: VLAN or separate IoT network — which SSID for smart plugs?
Symptoms: Smart home devices need setup; multiple SSIDs listed in UniFi. Likely cause: Saxon may run main + IoT/guest SSIDs — IoT may be isolated from NAS. Fix: 1. Check Vaultwarden for IoT Wi‑Fi or ask Saxon which SSID is for smart devices. 2. Use IoT SSID for untrusted gadgets; main SSID for phones and PCs. 3. If a plug needs LAN access to NAS, it may need main network — confirm first. 4. See UNI-030 for isolation behaviour. Still broken? See UniFi.
UNI-029: Dream Machine fan is loud — is that normal?
Symptoms: UDM SE fan spins audibly during updates or hot days. Likely cause: UDM SE has active cooling — moderate noise under load is normal; constant screaming fan may mean dust or fault. Fix: 1. Ensure vents are not blocked in the cabinet. 2. Note if noise correlates with firmware update or high traffic — temporary is OK. 3. If smell of burning or thermal shutdown, unplug and escalate immediately. 4. Do not open the case unless Saxon instructs. Still broken? See Physical equipment map.
UNI-030: What does guest network isolation mean?
Symptoms: Guest Wi‑Fi has internet but cannot open 192.168.2.203 or printer on LAN.
Likely cause: Client isolation / guest firewall prevents guests reaching private 192.168.2.0/24 devices — by design.
Fix:
1. Treat guest Wi‑Fi as internet-only for visitors.
2. For trusted family devices that need NAS, use main Wi‑Fi with Vaultwarden password.
3. Do not disable guest isolation without Saxon — security risk.
4. See UNI-011 for sharing guest access properly.
Still broken? See UniFi.
UNI-031: UniFi speed test shows slow WAN — is NBN broken?
Symptoms: Built-in UniFi speed test reports low Mbps vs your plan. Likely cause: Real ISP issue, Wi‑Fi speed test mistake, or background uploads on NAS/PC — interpret carefully. Fix: 1. Run speed test from ethernet PC for accurate WAN reading. 2. Pause torrents and cloud backups during test. 3. Compare with ISP app on phone over mobile data. 4. If consistently low on ethernet, call ISP — not a UniFi Wi‑Fi fix. Still broken? See Network general (NET-001).
UNI-032: Bluetooth or Zigbee hub will not join Wi‑Fi
Symptoms: Smart hub app fails during Wi‑Fi setup; hub needs 2.4 GHz.
Likely cause: Many hubs only support 2.4 GHz and choke on combined band-steering.
Fix:
1. Stand near an AP during pairing.
2. If UniFi has separate 2.4 GHz SSID, use it for setup (see Vaultwarden).
3. Temporarily disable 5 GHz on phone if hub app demands 2.4-only trick (ask Saxon first).
4. Confirm hub gets 192.168.2.x in UniFi clients after join.
Still broken? See UNI-010.
UNI-033: Mesh or extenders — does Saxon use them?
Symptoms: Online guides suggest Wi‑Fi extenders; unsure if compatible with UniFi U7 APs. Likely cause: This home uses 2× U7 APs on UniFi — random consumer extenders often cause double-NAT and roaming pain. Fix: 1. Do not add third-party extenders without Saxon. 2. Fix coverage by confirming both U7s are online (UNI-015). 3. Use ethernet backhaul for fixed devices where possible. 4. Additional UniFi APs should be adopted properly (UNI-013). Still broken? See UniFi.
UNI-034: Client blocked or restricted in UniFi by mistake
Symptoms: One device has internet blocked icon in UniFi; cannot browse on Wi‑Fi. Likely cause: Someone clicked Block on the client in UniFi — easy mis-tap. Fix: 1. UniFi → Clients → select device → Unblock or remove from blocked list. 2. Reconnect Wi‑Fi on the device. 3. Check Family or Profiles if parental rules exist. 4. Document who was blocked and why if intentional. Still broken? See UniFi Wi‑Fi basics.
UNI-035: DHCP lease time — should I change it?
Symptoms: UniFi offers DHCP lease duration settings; unsure if safe to tweak.
Likely cause: Default leases are fine for most homes — fixed IPs matter for NAS/PC, not lease length.
Fix:
1. Leave DHCP defaults unless Saxon documented a change.
2. Focus on fixed IP for TrueNAS .203 and PC .200 instead.
3. Short leases do not fix tunnel or DNS issues.
4. If you already changed it and issues appeared, revert to default.
Still broken? See UNI-020.
UNI-036: UniFi certificate warning in browser at 192.168.2.1
Symptoms: Browser warns about self-signed certificate opening UniFi web UI.
Likely cause: Local UniFi UI uses a private certificate — normal on LAN admin pages.
Fix:
1. Confirm address is exactly https://192.168.2.1 on home Wi‑Fi.
2. Proceed/advanced → accept for this session if you trust you are on home network.
3. Prefer the UniFi phone app if browser warnings confuse you.
4. Never accept cert warnings on public saxobroko.com sites — those should be valid Cloudflare certs.
Still broken? See UNI-005.
UNI-037: Wi‑Fi password in Vaultwarden does not match UniFi setting
Symptoms: Vaultwarden entry fails; UniFi UI shows a different PSK when you check. Likely cause: Password was rotated in UniFi but Vaultwarden was not updated — or vice versa. Fix: 1. UniFi → Settings → Wi‑Fi → view current password on the main SSID (admin eyes only). 2. Update Vaultwarden entry to match. 3. Rejoin devices with corrected password. 4. Tell household if password changed intentionally. Still broken? See Bitwarden save a password.
UNI-038: After UniFi update all clients disconnected
Symptoms: Brief whole-house Wi‑Fi drop during controller or AP firmware upgrade. Likely cause: Normal — APs reboot to apply firmware; usually returns in five to ten minutes. Fix: 1. Wait ten minutes without power-cycling repeatedly. 2. Confirm UDM SE and APs show Connected in UniFi. 3. Phones rejoin automatically — forget/rejoin if stuck. 4. Check TrueNAS and cloudflared after major outage window. Still broken? See Power outage recovery.
UNI-039: Can I use UniFi from outside the house?
Symptoms: You want to fix Wi‑Fi while away; UniFi app will not connect remotely.
Likely cause: Local controller on Dream Machine may have no cloud remote admin enabled — by design for security.
Fix:
1. Most homelab fixes away from home go through Cloudflare (dsm, dash) not UniFi WAN admin.
2. Do not expose UniFi admin to internet without Saxon's Zero Trust setup.
3. Wait until on LAN or ask someone at home on Wi‑Fi to check UniFi.
4. ISP remote fixes still need ISP login, not UniFi.
Still broken? See Network.
UNI-040: Switch port shows disconnected but cable is plugged in
Symptoms: UniFi switch port grey; device on that port has no link light. Likely cause: Bad cable, wrong VLAN port profile, or dead device NIC. Fix: 1. Swap ethernet cable. 2. Try adjacent switch port. 3. In UniFi → switch port settings, confirm profile is default LAN unless documented otherwise. 4. Test with a known-good device (laptop) on that port. Still broken? See Physical equipment map.
UNI-041: Too many Wi‑Fi networks visible — which did Saxon create?
Symptoms: Multiple SSIDs: main, guest, IoT, etc. — confusion about purpose. Likely cause: Each SSID in UniFi is intentional — names should be documented in Vaultwarden. Fix: 1. Open UniFi → Settings → Wi‑Fi — list all SSIDs and notes. 2. Match names to Vaultwarden entries. 3. Household phones/PCs → main SSID. 4. Visitors → guest if available (UNI-011). Still broken? See UniFi.
UNI-042: UniFi looks fine but homelab URLs still fail
Symptoms: WAN connected, APs up, LAN IPs correct — yet stream.saxobroko.com dead.
Likely cause: UniFi only carries traffic to TrueNAS — cloudflared and Cloudflare DNS/WAF are separate layers.
Fix:
1. Confirm https://192.168.2.203 works — if yes, UniFi LAN role is OK.
2. Restart cloudflared on TrueNAS.
3. Check Cloudflare tunnel (TUN-001) and DNS.
4. Do not factory-reset Dream Machine for tunnel issues.
Still broken? See Common Issues.