Setting up your UniFi Network
1. Check your internet connection and service provider
Having persistent and reliable connection(s) to the internet is key to a stable network. Before you set up your network and hardware, please ensure that the quality and speed of your internet connection is sufficient. For Square to work well, a minimum internet speed of 25Mbps down and 3Mbps up is required. Broadband speeds (100Mbps down and 20Mbps up) are preferred, as higher speed may be required depending on the number of connected devices, building size and complexity of your network.
2. Connecting your hardware
If you do not yet own networking hardware, please visit What networking equipment should I choose for my business? All network cables used or purchased separately should be rated “Cat 5E” or better, contain shielded twisted pairs, and no thinner than 28 AWG.
While Square recommends using equipment from Ubiquiti to set up a UniFi network, your network should be set up per the guide below regardless of the networking equipment purchased or used. For UniFi environments: before you start, download UniFi’s app on the App Store or Google Play Store.
Steps:
Start by connecting your modem (from your internet service provider) into the “internet” (sometimes called WAN) port of your router via an Ethernet cable.
-
Before moving to the next step, wait for your router to initialize and check that it is correctly connected to the internet either via built-in displays or companion applications depending on your router’s make and model.
For UniFi routers recommended by Square check the UCG Ultra installation guide or Dream Machine Special Installation installation guide: please note steps 1-7 in the guide (hard drive installation and rack mounting) are optional.
-
Connect your primary network switch to any open port of your router via an Ethernet cable
-
For UniFi switches recommended by Square
-
-
Connect all Ethernet lines running to your Square devices (including printers) into the LAN ports of the primary network switch.
All devices must be connected to the network via Ethernet cables when possible to provide a reliable connection
When ethernet cables are connected and devices are turned on, the lights above the ethernet ports should be on and blinking. If they aren’t, verify the cable is functional or try replacing it.
3. Installing wireless access points
The required number of wireless access points needed for your business will depend on your square footage, layout and building materials. The advertised coverage area for Square’s recommended UniFi U6 Pro is 1,000 sq ft, assuming a square or rectangular single-floor area with drywall. If your area has a more complex shape (L or H shape) or features a brick/concrete wall, you will need to increase the number of access points accordingly to improve coverage and signal strength.
Wireless access points require an Ethernet cable (Cat5e or better), and must be connected to the main network router, but may be connected via a network switch if the main network router ports are all in use.
Note: Recommended UniFi Access Points can be connected directly to the network switch with PoE (Power over Ethernet) ports like the Switch Like 16 PoE or Switch Pro 24 PoE. Depending on your setup, you may require a PoE injector (included with our recommended outdoor access points U6 Mesh, or can be purchased separately here).
2. Install indoor wireless access points to maximize coverage. For open layouts ceiling and in the center of the room, but wall-mounted access points can be appropriate when mounted against an outside wall facing inward.. The antenna is located on the top of the wireless area and should always remain both unobstructed and away from other sources of radio frequency such as TVs, microwave ovens, espresso grinders, speakers, cameras, lights and more.
4. Configuring your network
In this section, we are using a UniFi environment from Ubiquiti for demonstration purposes. The exact user interface and steps might look different if you are using another manufacturer’s equipment, but the features and configuration should be available and we recommend following the same configuration.
For UniFi network, you can access your site manager via https://unifi.ui.com/and select the site you are looking to configure.
Once completed you can start setting up networks by selecting “Networks” in the left navigation bar.
When on a WiFi network, Square requires that Square hardware, including devices connecting to Square hardware such as iPads, printers and KDS, is connected to a dedicated Square network.
We recommend that you also create (at least) one more WiFi network for your business devices (employees, office computer, any AV or security equipment, etc), and optionally a third WiFi network for guest devices. We also recommend setting up your guest device to require a splash page to prevent guest devices automatically connecting to your network at every visit and consuming unnecessary bandwidth.
5. Advanced network configuration
We recommend working with a networking professional for any advanced configuration.
Protocol/port allowlist
If you enforce restrictions on what protocols and ports that devices on your network can access, Square devices require the following protocols and their corresponding ports to be allowed through your firewall:
NTP. Note: This is critical for ensuring that the device has the correct time. Connectivity may fail due to certificate validity mismatches if the device time is wrong.
HTTPS (only port 443). Note: All traffic to Square servers is made over HTTPS.
The following ports are also used for network printers, but these do not require access to the internet:
UDP: 22222, 3289
TCP: 9100:9109
Domain Filtering
If you enforce restrictions on what domains can be accessed from within your network, Square devices require the following domains to be allowlisted.
IP & MAC Addresses
Square’s IP address ranges are:
US: 74.122.184.0/21
Asia/Pacific: 103.31.216.0/22
Europe: 185.57.56.0/22
Square devices also rely on access to Amazon Web Services (AWS) and Google Cloud Platform (GCP). AWS IP ranges are published here, and Google is AS15169
Note: Square devices have an internal firewall and an internal (domain, not IP) allowlist, and perform TLS certificate pinning on all Square endpoints, so you may consider the IP allowlisting on your side redundant depending on your purpose. It could make sense to just ensure Square devices can’t access any internal company IP addresses, and leave the rest of the internet open for Square’s on-device firewall and domain filter.
Square’s MAC OUI: 44:59:25
Merchants should allowlist all MAC addresses that start with the above prefix (ie. devices with MAC addresses following the pattern 44:59:25:XX:XX:XX). Alternatively, merchants can allowlist each individual device that shows up with that MAC address prefix (this prefix is owned by Square and should not be used by any other device vendors).
If you have older Square hardware, you may need to also allowlist the following MAC prefixes:
Older MAC OUIs: 2C:D1:41:D, 8C:47:6E:5, 1C:59:74:6
Domain Name Servers (DNS)
Square devices are compatible with any DNS server sent to the device over DHCP as long as it works. Feel free to use your ISP’s servers, or your favorite public servers (e.g. Level3 at 4.2.2.1/4.2.2.2).
Supported Network Authentication Protocols
Square devices support:
WPA/WPA2 PSK
WEP (US only)
They do not support:
WPA/WPA2 Enterprise
WPA3 PSK
WPA3 Enterprise
Note: Using some encryption is always better than using none, but WEP is the least secure of these standards, and you should not use it. WPA2 is the most secure Square supported authentication process and if your router supports it, that is what you should use when setting up your network.