This article shows how to change UniFi Controllers to disable the Guest wireless when the ticketing controller is off.


Create or modify the file change






and then re-provision the APs (toggle on/off the uplink monitor checkbox)

Article detail:

When an AP cannot reach the controller, it goes into a so-called SELFRUN state.

In this state, it doesn't make sense to redirect the guests to the portal (controller) which is not reachable, AP will automatically allow the guest to use the network without redirecting. Moreover,

  1. the guest access policies are still effective (L2/L3 isolation) along with the restricted subnets feature
  2. the user group (bandwidth limiting, etc) associated with this WLAN is still effective
  3. when the controller comes back online (and AP goes into MANAGED state), the guest portal redirection will restore automatically

Starting from 2.3.9+, you'll be able to add/modify <unifi_base>/data/

Starting in file needs to be placed under
<unifi_base>/data/sites/<site id>/ directory because config properties are site related.
Therefore, in v3, the directory to hold file is different than v2.
After adding/modifying the file, trigger a re-provision to all APs (NOT restart). For example, toggle on/off the uplink monitor checkbox, etc.
To check whether the configuration has been taken in by AP, SSH into the AP, execute 'cat cfg/mgmt',
you should see 'mgmt.selfrun_guest_mode=off' in the output.

# config.selfrun_guest_mode=pass # when controller is offline, automatically 
                                 # authorize all guests (all guest isolation 
                                 # / policy is still enforced)

# config.selfrun_guest_mode=off  # to disable all the guest SSIDs when controller
                                 # is not reachable. Note that "guest portal" must
                                 # be being used otherwise controller will NOT disable
                                 # guest SSIDs.