Difference between revisions of "Ubiquiti"

From Indie IT Wiki
 
Line 770: Line 770:
  
 
https://www.stevejenkins.com/blog/2015/10/using-the-ubiquiti-edgerouters-built-in-bandwidth-tester/
 
https://www.stevejenkins.com/blog/2015/10/using-the-ubiquiti-edgerouters-built-in-bandwidth-tester/
 +
 +
To test UPLOAD speed, run ...
  
 
  iperf3 -c iperf.as42831.net -p 5300-5400
 
  iperf3 -c iperf.as42831.net -p 5300-5400
  
 
Full output ...
 
Full output ...
  _____    _           
+
 
  | ____|__| | __ _  ___          (c) 2010-2020
 
  |  _| / _  |/ _  |/ _ \        Ubiquiti Networks, Inc.
 
  | |__| (_| | (_| |  __/       
 
  |_____\__._|\__. |\___|        <nowiki>https://www.ubnt.com</nowiki>
 
              |___/
 
 
Welcome to EdgeOS
 
 
By logging in, accessing, or using the Ubiquiti product, you
 
acknowledge that you have read and understood the Ubiquiti
 
License Agreement (available in the Web UI at, by default,
 
<nowiki>http://192.168.1.1</nowiki>) and agree to be bound by its terms.
 
 
Linux erx 4.14.54-UBNT #1 SMP Thu Jun 15 09:00:10 UTC 2023 mips
 
Welcome to EdgeOS
 
Last login: Fri Apr 12 09:15:36 2024 from 192.168.0.189
 
ubnt@erx:~$
 
 
  ubnt@erx:~$ iperf3 -c iperf.as42831.net -p 5300-5400
 
  ubnt@erx:~$ iperf3 -c iperf.as42831.net -p 5300-5400
 
  Connecting to host iperf.as42831.net, port 5300
 
  Connecting to host iperf.as42831.net, port 5300
Line 810: Line 795:
 
  [  5]  0.00-10.00  sec  256 MBytes  215 Mbits/sec  32            sender
 
  [  5]  0.00-10.00  sec  256 MBytes  215 Mbits/sec  32            sender
 
  [  5]  0.00-10.04  sec  255 MBytes  213 Mbits/sec                  receiver
 
  [  5]  0.00-10.04  sec  255 MBytes  213 Mbits/sec                  receiver
   
+
  iperf Done.
 +
 
 +
... and to test DOWNLOAD speed, add the extra command line option '''-R''' ...
 +
 
 +
ubnt@erx:~$ iperf3 -c iperf.as42831.net -p 5300-5400 '''-R'''
 +
Connecting to host iperf.as42831.net, port 5300
 +
Reverse mode, remote host iperf.as42831.net is sending
 +
[  5] local 192.168.1.2 port 45878 connected to 31.132.7.130 port 5300
 +
[ ID] Interval          Transfer    Bitrate
 +
[  5]  0.00-1.00  sec  62.0 MBytes  519 Mbits/sec                 
 +
[  5]  1.00-2.00  sec  61.5 MBytes  516 Mbits/sec                 
 +
[  5]  2.00-3.00  sec  42.8 MBytes  358 Mbits/sec                 
 +
[  5]  3.00-4.00  sec  60.4 MBytes  508 Mbits/sec                 
 +
[  5]  4.00-5.00  sec  62.2 MBytes  522 Mbits/sec                 
 +
[  5]  5.00-6.00  sec  61.6 MBytes  517 Mbits/sec                 
 +
[  5]  6.00-7.00  sec  62.0 MBytes  520 Mbits/sec                 
 +
[  5]  7.00-8.00  sec  62.2 MBytes  522 Mbits/sec                 
 +
[  5]  8.00-9.00  sec  62.0 MBytes  519 Mbits/sec                 
 +
[  5]  9.00-10.00  sec  62.1 MBytes  522 Mbits/sec                 
 +
- - - - - - - - - - - - - - - - - - - - - - - - -
 +
[ ID] Interval          Transfer    Bitrate        Retr
 +
[  5]  0.00-10.04  sec  602 MBytes  503 Mbits/sec  744            sender
 +
[  5]  0.00-10.00  sec  599 MBytes  502 Mbits/sec                  receiver
 
  iperf Done.
 
  iperf Done.
  

Latest revision as of 08:38, 12 April 2024

Ubiquiti Networks is an American technology company started in 2005. Based in New York, NY, Ubiquiti manufactures wireless data communication products for enterprise and wireless broadband providers with a primary focus on under-served and emerging markets.

Unifi Cloud Key Gen2 Plus

Migration

Cloud Key 1

Migrating our SDN network settings and historical data from the original Cloud Key to the Cloud Key Gen2 was extraordinarily simple:

  • Download a backup from your original Cloud Key. (In UniFi Controller, go to Settings > Maintenance > Backup. Click Download Backup).
  • Safely shut down your original Cloud Key. (Settings > Maintenance > Cloud Key Operations. Click the Shut Down Cloud Key button.)
  • After following the initial setup of your UniFi Cloud Key G2, start the setup wizard.
  • Select restore from a previous backup. Then upload the backup from your original Cloud Key.

Unifi Controller Self Hosted

...


https://lazyadmin.nl/home-network/migrate-unifi-controller/

https://help.ui.com/hc/en-us/articles/360008976393-UniFi-How-to-Migrate-from-Cloud-Key-to-Cloud-Key-or-UDM

Unifi Security Gateway

The UniFi Security Gateway extends the UniFi Enterprise System to provide cost-effective, reliable routing and advanced security for your network.

Ubiquiti - Unifi Security Gateway

Ubiquiti - Unifi Security Gateway - Quick Start Guide

How to access the Draytek Vigor 130 via the Unifi USG

UniFi - UAP Antenna Radiation Patterns

https://help.ubnt.com/hc/en-us/articles/115005212927-UniFi-UAP-Antenna-Radiation-Patterns

Speed Test Network

http://speed.ui.com/

https://speed-admin.ui.com/

https://blog.ui.com/2019/08/13/ubiquiti-launches-a-speed-test-network/

UNMS

Ubiquiti Network Management System

Installation

Community Forum

AirMAX AirOS

Update

WEB

Official Guide

TFTP

airMAX - How to Reset Your Device with TFTP Firmware Recovery

root@ubuntu:tftp 192.168.1.20
tftp> bin
tftp> trace
tftp> put WA.v8.5.0.36727.180118.1314.bin
Sent 1965199 bytes in 35.2 seconds 
tftp> exit

Then, SSH in, rename file, run the update command.

SSH

airMAX - How to Upgrade the Firmware Via CLI SSH

ssh ubnt@deviceip
cd /tmp/
wget http://url/firmwarefile.bin
mv firmwarefile.bin fwupdate.bin
fwupdate.real -m /tmp/fwupdate.bin

OTHERS

Ingredigeek

UBNTMOD Update Linux Shell Script

Downloads

NanoStation locoM2

Point-to-MultiPoint (PtMP)

How to Configure a Point-to-Point Link (Layer 2, Transparent Bridge)

Align Antennas

https://link.ui.com/

Test Data Transfer Rate

On computer other side of bridge...

sudo iperf -s -p 5201

On computer this side of bridge...

sudo iperf -c 192.168.0.252 -p 5201
------------------------------------------------------------
Client connecting to 192.168.0.252, TCP port 5201
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[  3] local 192.168.0.250 port 41222 connected with 192.168.0.252 port 5201
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.1 sec  75.2 MBytes  62.5 Mbits/sec

Returns

Ubiquiti RMA

Unifi Controller in the Cloud

Set up UniFi Controller on Google Cloud Platform

Install a UniFi Cloud Controller on Amazon Web Services

Migrating Sites with Site Export Wizard

Configuring Multiple Sites

VPN

IPsec L2TP

Web Search

EdgeRouter - IPsec L2TP Server

EdgeMAX L2TP over IPsec VPN Server with Firewall Exceptions (VIDEO)

EdgeRouter - PPTP VPN with local users / RADIUS

Windows 10 Tips

OpenVPN

EdgeRouter OpenVPN Server

Disable IGMP Snooping

Edit the config.properties file...

config.igmpsnoop_enabled.[ssid]=false

UniFi - Explaining the config.properties File

Using Raspberry Pi as a Monitor for UniFi Video Cameras

https://www.youtube.com/watch?v=oRrgn3DWinE

http://www.stocksy.co.uk/articles/Linux/using_a_raspberry_pi_as_a_monitor_for_ubiquiti_unifi_video_cameras/

Ubiquiti RELEASES

https://community.ui.com/releases/

Unifi UPGRADE Controller Software

NEW

unifi-5.12.72.sh

Glenn R. Easy Update Scripts

OLD

Easy Upgrade Scripts for Ubuntu Linux

Blog Release Notes

Unifi Controller Versions

Unifi UPGRADE Access Point Firmware

ssh ubnt@IP
upgrade https://dl.ubnt.com/path/to/upgrade-vX.Y.Z.bin

https://help.ubnt.com/hc/en-us/articles/204910064-UniFi-Changing-the-firmware-of-a-UniFi-device

Unifi Best Channel Selection Multiple UAPs

Try to use different channels on each UAP, I recommend the following Radio Settings.

  • Devices > UAP > Config > Radios
2.4 GHz
Channel width: HT20
Chanel: 1/6/11 | Choose one of these channels, a RF scan will help you choose the most clean one.
Transmit Power: Low ( Medium )

5GHz
Channel width: VHT40 | Optional VHT80/VHT160 might decrease wireless stability
Chanel: 36/44 | Optional (149/157) Choose one of these channels, a RF scan will help you choose the most clean one. Avoid using DFS 
Channels
Transmit Power: Medium ( High )

Unifi Multiple Super Admins

Setup First Super Admin Account First, setup the controller with the first super admin account like normal. Usually, the first account that you create when setting it up is the original super admin.

Next, enable Cloud Access to that account.

Add Second (or more) Admin Accounts

Next, add the second (and third, fourth, etc. if applicable) admin account.

Login to New Admin Account(s) and Enable Cloud Access

Login to the controller with the new admin account, navigate to Cloud Access, enable it and enter the username for the Cloud Access account. Note that this username will be different than the username used for the original super admin account.

Repeat this process for additional admins.

Change Admin(s) to Super Admin(s)

Log back in to the controller with the original super admin account, then change the admin account(s) to super admin using the "Role" drop-down menu.

Now you can have multiple super admin accounts each with their own Cloud Access accounts.

Why do this? Why not just have one super admin account and multiple admin accounts?

I found that there isn't much difference between the two account types, other than that admins cannot adopt devices, setup new sites, and don't have access to the Maintenance or Auto Backup menu options on the left navigation pane. For us, we wanted all three administrators to have those functions.

https://community.ui.com/questions/Multiple-Super-Admins-to-One-Cloud-Key-Controller-with-Cloud-Access/1e7374a0-8e39-4351-ac9d-c10629a1f79e

Unifi Delete Super Admin

Settings > Admins > Select User > Edit > Role > Read Only > Save
Settings > Admins > Select User > Delete

Unifi Community

Unifi Unblock Client

On both the web interface and the smart phone app...

Insights > Client > Unblock

Unifi Video

Controller

Glenn R's Easy Installation and Update Script

https://www.ui.com/download/unifi-video

Latest Software: 3.10.10

Restore Recordings

https://help.ui.com/hc/en-us/articles/220670367-UniFi-Video-How-to-Reset-a-UniFi-Video-Installation-for-Linux-UVC-NVR#2

Unifi Video Firmware Upgrade To Fix Sun Shadow Issues

ubnt_system_cfg write test.analytics.bgmodel ubnt4; cfgmtd -w -p /etc; reboot

https://community.ubnt.com/t5/UniFi-Video-Blog/UniFi-Video-3-9-7-Release/ba-p/2393780

Unifi Video Cloud Account

https://video.ubnt.com

Unifi Video Firewall Ports

7080
7443
7446

https://help.ubnt.com/hc/en-us/articles/217875218-UniFi-Video-Ports-Used

Unifi Switch 24

Reboot

  1. With a paper clip, depress the Reset button until you feel it click. Hold for 1 second, then let go.

Reset

Correct Method

Resetting a Unifi Switch

  1. Power off the device: Just unplug the power cable
  2. Forget the device in the controller: Open your controller, select the device, click settings and scroll down to forget (only if applicable)
  3. Unplug all network cables: A PoE enabled switch will not factory reset when it is providing PoE to connected devices
  4. Plug the power back in and let the device boot, do NOT press the reset button yet!
  5. Wait for the device to fully boot, the led will turn dark blue (or stay white if it wasn’t adopted before, approximately 5 minutes max)
  6. Press the reset button for 5 seconds: Use a paperclip to press the button for 5 seconds to initiate the factory reset
  7. When the reset is completed the led will turn pale blue. You can now adopt the switch in the controller

https://lazyadmin.nl/home-network/reset-unifi-switch/

Normal Method

  1. With a paper clip, depress the Reset button until you feel it click. Hold for 10 seconds, then let go.

Hail Mary Method

  1. Unplug the power cable.
  2. With a paper clip, depress the Reset button until you feel it click. Hold firm.
  3. Plug in power, while continuing to hold paper clip firm.
  4. Wait until the LED begins flashing in a repeating pattern: Off Blue White.
  5. Release paper clip reset.
  6. Unplug the power cable. Wait 5 seconds; say Hail Mary, and plug power cable back in.

EdgeMax Dual WAN Failover Load Balancing

https://help.ubnt.com/hc/en-us/articles/205145990-EdgeMAX-Dual-WAN-load-balance-feature

Unifi VoIP - Configure Network Controller

http://www.northbynorth.ca/howto-configure-a-unifi-network-for-voip/

UniFi VoIP - How To Manage Themes

https://help.ubnt.com/hc/en-us/articles/224333808-UniFi-VoIP-Theme-Management-Guide

UniFi VoIP - How to Manually Upgrade UVP App/Platform

SipService.apk

UnifiPhone.apk

https://community.ubnt.com/t5/UniFi-VoIP/UniFi-VoIP-How-to-Manually-Upgrade-UVP-App-Platform/ta-p/1293920

EdgeMAX

DHCP

TCP Dump Check

sudo tcpdump -npi switch0 -vv port 67 or port 68

List Active Leases

show dhcp leases pool LAN

List Expired Leases

show dhcp leases expired

Clear Lease For IP Address

clear dhcp lease ip 192.168.0.124

Fix Errors In Syslog

show log | grep 'dhcpd'

If you see similar to this in the syslog...

Mar  1 01:59:34 ubnt dhcpd: uid lease 192.168.0.124 for client fc:ec:da:62:f1:98 is duplicate on LAN

...then run the command...

clear dhcp lease ip 192.168.0.124

...which will clear all mention of that IP and restart the DHCP daemon.

EdgeRouterX with DrayTek Vigor 130

The Vigor 130 is a pre-configured VDSL2 / ADSL2+ modem that takes a VDSL2 or ADSL2+ connection and performs full pass-through / bridge to Ethernet presentation, which can then be used by a device such as a router to connect directly to the internet. For the official specification of the Vigor130, refer to this link.

The Vigor 130 does not store any Internet usernames or passwords itself - those go into your router, or whatever you are connecting to the Vigor 130.

The settings on the Vigor 130 are correct for most UK lines out of the box, so in most cases it should only be necessary to configure the router that it is connected to.

The DrayTek Vigor 130 modem has a web interface available on http://192.168.2.1 (username of "admin" and password of "admin" by default).

This can be used to check ADSL / VDSL diagnostic information or re-configure the modem to bridge a DHCP / Static IP connection if required.

Some routers such as the Vigor 2860 and Vigor 2925 can display the Vigor 130's VDSL statistics automatically in the router's web interface, which can be found in the [Online Status] > [Physical Connection] page of the router's web interface.

Default Vigor 130 settings:

  • Configured to pass through a PPPoE connection
  • VDSL2 VLAN Tag is set to 101
  • ADSL VPI/VCI is set to 0/38 for PPPoA connections, 0/101 for MPoA connections

The above are the correct settings for the majority of UK ISPs so you do not need to change any settings on your Vigor 130 or access its web interface. Go straight to your router setup. Some exceptions are Kingston/Karoo, O2 and Vodafone Ireland - each of those has their own settings, so check with them for their latest, specifically for your DSL type (ADSL or VDSL).

Setup Procedure:

  1. Connect the RJ-11 port (marked 'DSL') on the Vigor 130 to the VDSL or ADSL line.
  2. Connect the RJ-45 Ethernet port on the Vigor 130 to the WAN ethernet port of your router (or PC).
  3. Configure the WAN interface on your router to use PPPoE and enter the username and password details for the internet connection.

DrayTek Vigor 130 (Official Web Page)

Ubiquiti Forum Post #1

Maintaining Access to the DrayTek Vigor 130 Web GUI Interface

Install NANO Editor

configure
set system package repository debian url http://archive.debian.org/debian/
set system package repository debian distribution wheezy
set system package repository debian components main
commit
save
exit

cat /etc/apt/sources.list
deb http://archive.debian.org/debian/ wheezy main # debian #

sudo apt-get update
sudo apt-get check
sudo apt-get install nano

HOWTO: Ping Test

/bin/ping -c5 1.1.1.1

HOWTO: Show PPP Connection Drops

show log | grep 'pppd'
Feb  6 09:25:38 ubnt pppd[1896]: Serial link appears to be disconnected.
Feb  6 09:25:44 ubnt pppd[1896]: Connection terminated: no multilink.
Feb  6 09:25:44 ubnt pppd[1896]: Modem hangup
Feb  6 09:26:49 ubnt pppd[1896]: Timeout waiting for PADO packets
Feb  6 09:26:54 ubnt pppd[1896]: Connected to e4:81:84:78:94:64 via interface eth0
Feb  6 09:26:54 ubnt pppd[1896]: Connect: ppp0 <--> eth0
Feb  6 09:26:54 ubnt pppd[1896]: CHAP authentication succeeded
Feb  6 09:26:54 ubnt pppd[1896]: peer from calling number E4:81:84:78:94:64 authorized
Feb  6 09:26:55 ubnt pppd[1896]: local  IP address xxx.xxx.xx.xx
Feb  6 09:26:55 ubnt pppd[1896]: remote IP address xxx.xxx.130.249

HOWTO: Show PPP Log Verbose

Full details...

show interfaces pppoe pppoe0 log | cat
No response to 6 echo-requests
Serial link appears to be disconnected.
ipcp: down
Connect time 103.8 minutes.
Sent 88650017 bytes, received 2817987958 bytes.
Script /etc/ppp/ip-down started (pid 8751)
sent [LCP TermReq id=0x1a "Peer not responding"]
sent [LCP TermReq id=0x1b "Peer not responding"]
Connection terminated: no multilink.
Modem hangup
Script /etc/ppp/ip-down finished (pid 8751), status = 0x0

Just connected times...

show interfaces pppoe pppoe0 log | grep 'Connect time'

PPP Templates

/opt/vyatta/etc/pppoe-provider-template

PPP Disconnects Check Script

# cat /root/ppp_disconnects_to_grafana.sh
#!/bin/bash
LOGFILE=$HOME/ppp_disconnected.log
NEW_LOG=$(egrep -i 'pppd.*disconnected' /var/log/messages |tail -n1 |sed 's/  / /')
echo "NEW_LOG=$NEW_LOG"
if [ ! -f $LOGFILE ]; then
    echo $NEW_LOG > $LOGFILE
else
    OLD_LOG=$(cat $LOGFILE)
    echo "OLD_LOG=$OLD_LOG"
    if [ "$NEW_LOG" == "$OLD_LOG" ] ; then
        echo No change
        echo "pppd,host=erx result=0" | nc 192.168.0.252 8094
    else
        echo $NEW_LOG > $LOGFILE
        echo Change
        echo "pppd,host=erx result=1" | nc 192.168.0.252 8094
        /usr/bin/python /usr/bin/pushover-cli --quiet "${NEW_LOG}" "ERX"
    fi
fi

HOWTO: Show DNS Information

show dns forwarding status
show dns forwarding statistics

HOWTO: Show Configuration

Config...

show configuration all

Commands...

show configuration commands

HOWTO: Check Firewall Port Forwarding Rules

Check config...

show configuration commands |grep 'port-forward'

Check kernel firewall iptables...

sudo -i
iptables -L -v -n

HOWTO: Edit Date and Time On A Firewall Rule

show configuration commands |grep 'firewall.*'
configure
set firewall name LAN_IN rule 30 time starttime '21:59:59'
commit
save
exit

HOWTO: Enable and Disable Firewall Rule

show configuration commands |grep 'firewall'   (so you can find the correct rule)
configure
delete firewall name LAN_IN rule 20 disable    (to enable rule)
set firewall name LAN_IN rule 20 disable       (to disable rule)
commit
save
exit

https://community.ubnt.com/t5/EdgeRouter/How-enable-firewall-rule-in-CLI/m-p/540854/highlight/true#M13284

HOWTO: Change Default User Password

configure
set system login user ubnt authentication plaintext-password MyN3wP4ssw0rd
commit
save
exit

HOWTO: Hardware Offloading

UPDATE: Yeah, jury is still out on this... on the ER-X it does not seem to make any difference and if you're using Smart Queue Management QoS then it won't work on that anyway!

Offloading is used to execute functions of the router using the hardware directly, rather than a process of software functions to greatly increase performance.

https://help.ubnt.com/hc/en-us/articles/115006567467

HOWTO: Smart Bandwidth Queue

Find your Download and Upload speed on the Internet (http://speedtest.net)

EdgeOS > QoS > Smart Queue > WAN Interface: pppoe0 > Upload: <upload speed> Mbits/sec > Download: <download speed> Mbits/sec > Apply

https://community.ubnt.com/t5/EdgeRouter/ER-X-QoS-Smart-Queue-WAN-Interface-SOLVED/td-p/2315465

HOWTO: Bandwidth Limit Single IP Address

This will limit a single IP address of 192.168.0.17 (the teenager) to 1Mb download and 500Kb upload speed...

EdgeOS > QoS > Basic Queue > Add Queue > Source: 192.168.0.17 > Rate (upload): 500k > Queue Type: SFQ > Reverse Rate (download): 1m > Queue Type: SFQ > Apply

HOWTO: URL Blocking Proxy

configure
set service webproxy listen-address 192.168.0.1   (IP Address of your edge router!)
set service webproxy url-filtering squidguard local-block twitter.com
set service webproxy url-filtering squidguard local-block facebook.com
set service webproxy url-filtering squidguard local-block youtube.com
commit
save
exit

https://help.ubnt.com/hc/en-us/articles/205202680-EdgeMAX-Web-proxy-service-for-filtering

https://ahmeddirie.com/technology/networking/url-filtering-and-blocking-crap-with-vyatta/

HOWTO: Add DNS Entries

ssh ubnt@192.168.0.1

ubnt@ubnt:~$ configure
[edit]
ubnt@ubnt# set system static-host-mapping host-name unifi inet 192.168.0.252
[edit]
ubnt@ubnt# commit
[edit]
ubnt@ubnt# save
Saving configuration to '/config/config.boot'...
Done
[edit]
ubnt@ubnt# exit
exit
ubnt@ubnt:~$ logout
Connection to 192.168.0.1 closed.

host unifi
ping unifi

HOWTO: Keep Custom Scripts After Firmware Upgrade

root@ubnt:~# ls -lah /config/scripts/
total 20
-rwxr-xr-x    1 root     root         168 Mar 22 10:16 check_pppd.sh
-rwxr-xr-x    1 root     root         545 Apr  5 11:19 ppp_disconnects_to_grafana.sh
-rwxr-xr-x    1 root     root         244 Mar 22 10:11 speedtest.sh
-rwxr-xr-x    1 root     root         194 Mar 22 10:12 speedtest_to_influx.sh
root@ubnt:~# ls -lah /config/scripts/post-config.d/
total 20
-rwxr-xr-x    1 root     vyattacf     215 Mar 24 17:43 startup
cat /config/scripts/post-config.d/startup
#!/bin/bash
startup='/tmp/startup_check'
if [ -e $startup ]; then
  echo "Startup exists. Exiting."
  exit 0;
fi
cp -a /config/scripts/*.sh /root/
crontab -u root /config/scripts/root.crontab
cp -a /config/scripts/speedtest-cli /usr/local/bin/
cp -a /config/scripts/pushover-cli /usr/bin/
cp -a /config/scripts/pushover-cli.conf /etc/
touch $startup
exit 0

HOWTO: Upgrade EdgeOS firmware

https://help.ubnt.com/hc/en-us/articles/205146110-EdgeMAX-Upgrading-EdgeOS-firmware

ER-X

https://www.ui.com/download/edgemax/edgerouter-x

NEW IMAGES WITH BOOTLOADER IMAGE

  1. Update firmware using cli (shown below this)
  2. Reboot
  3. Run commands below to Update Bootloader Image
  4. Reboot (this can take up to 10 minutes)
ubnt@erx:~$ show system boot-image
The system currently has the following boot image installed:
Current boot version: UNKNOWN
Current boot md5sum : 7580ebd7ce9303243292f586ab7c6daf
New uboot version is available: boot_e51_001_1e49c.tar.gz
New boot md5sum : e2a286b6ff09ce6d14f631dafaff6027
Run "add system boot-image" to upgrade boot image.

ubnt@erx:~$ add system boot-image
Uboot version [UNKNOWN] is about to be replaced
Warning: Don't turn off the power or reboot during the upgrade!
Are you sure you want to replace old version? (Yes/No) [Yes]:
Preparing to upgrade...Done
Copying upgrade boot image...Done
Checking boot version: Current is UNKNOWN; new is e51_001_1e49c ...Done
Checking upgrade image...Done
Writing image...Done
Upgrade boot completed

ubnt@erx:~$ show system boot-image
The system currently has the following boot image installed:
Current boot version: e51_001_1e49c
Current boot md5sum : e2a286b6ff09ce6d14f631dafaff6027 

ubnt@erx:~$ reboot now

Instructions

Note: The ER-X/ER-X-SFP/EP-R6 has more limited storage, and in some cases upgrade may fail due to not enough space. If this happens, remove the old backup image first (using "delete system image" command below) before doing upgrade. The system will always have at least 2 images so you are alright to remove the older one.

Command Line

show version
show system image
delete system image
show system image
add system image https://dl.ui.com/firmwares/edgemax/v1.10.11/ER-e50.v1.10.11.5274269.tar
show system image
show system image storage
sudo shutdown

Turn off for 3 minutes. Turn on.

show version
show system image
logout

HOWTO: How to Limit the Download/Upload Rate of LAN

https://help.ubnt.com/hc/en-us/articles/220716608

Useful CLI

https://www.reddit.com/r/Ubiquiti/comments/33zkhu/useful_edgerouter_cli_commands_settings/

https://community.ubnt.com/t5/EdgeRouter/How-enable-firewall-rule-in-CLI/m-p/540836/highlight/true#M13279

Firewall CLI

ssh ubnt@192.168.0.1
ubnt@ubnt:~$ configure
ubnt@ubnt# show firewall name LAN_IN
ubnt@ubnt# edit firewall name LAN_IN
ubnt@ubnt# run show configuration commands
ubnt@ubnt# set rule 7 time starttime '21:50:00'
ubnt@ubnt# set rule 8 time starttime '21:50:00'
ubnt@ubnt# compare
ubnt@ubnt# commit
ubnt@ubnt# top
ubnt@ubnt# show firewall name LAN_IN
ubnt@ubnt# save
ubnt@ubnt# exit
ubnt@ubnt:~$ logout

Install Pushover Command Line Client

sudo -i
curl -o /usr/bin/pushover-cli https://raw.githubusercontent.com/markus-perl/pushover-cli/master/pushover-cli
chmod +x /usr/bin/pushover-cli
nano /etc/pushover-cli.conf
user=uJzixzfTJNOTTHISONExxxxVJHGaZF4V
token=ak5x2hzNOTHISONEon8vpea9
priority=normal
verbose=0
quiet=0
root@ubnt:~# cp -av /usr/bin/pushover-cli /config/scripts/
root@ubnt:~# cp -av /etc/pushover-cli.conf /config/scripts/
/usr/bin/python /usr/bin/pushover-cli --quiet "Message :-)" "TEST"

Check PPP Disconnects CLI

#!/bin/bash
#
# check_pppd.sh
#
SHOW_LOG=$(egrep -i 'pppd.*disconnected' /var/log/messages |tail -n1)
/usr/bin/python /usr/bin/pushover-cli --quiet "${SHOW_LOG}" "ERX"
crontab -e
@daily ~/check_pppd.sh

ROOT Crontabs After Firmware Upgrade CLI

47 2,14 * * * /root/speedtest.sh
@hourly /root/speedtest_to_influx.sh
@daily /root/check_pppd.sh
* * * * * /root/ppp_disconnects_to_grafana.sh

Speedtest CLI

iPerf

https://iperf3serverlist.net

https://www.stevejenkins.com/blog/2015/10/using-the-ubiquiti-edgerouters-built-in-bandwidth-tester/

To test UPLOAD speed, run ...

iperf3 -c iperf.as42831.net -p 5300-5400

Full output ...

ubnt@erx:~$ iperf3 -c iperf.as42831.net -p 5300-5400
Connecting to host iperf.as42831.net, port 5300
[  5] local 192.168.1.2 port 45850 connected to 31.132.7.130 port 5300
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  26.2 MBytes   220 Mbits/sec   15    398 KBytes       
[  5]   1.00-2.00   sec  26.0 MBytes   217 Mbits/sec    0    447 KBytes       
[  5]   2.00-3.00   sec  25.2 MBytes   212 Mbits/sec    0    482 KBytes       
[  5]   3.00-4.00   sec  25.6 MBytes   215 Mbits/sec   14    380 KBytes       
[  5]   4.00-5.00   sec  25.3 MBytes   212 Mbits/sec    0    428 KBytes       
[  5]   5.00-6.00   sec  25.4 MBytes   213 Mbits/sec    0    471 KBytes       
[  5]   6.00-7.00   sec  25.6 MBytes   215 Mbits/sec    1    375 KBytes       
[  5]   7.00-8.00   sec  25.6 MBytes   215 Mbits/sec    0    425 KBytes       
[  5]   8.00-9.00   sec  25.4 MBytes   213 Mbits/sec    0    460 KBytes       
[  5]   9.00-10.00  sec  25.5 MBytes   214 Mbits/sec    2    359 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   256 MBytes   215 Mbits/sec   32             sender
[  5]   0.00-10.04  sec   255 MBytes   213 Mbits/sec                  receiver
iperf Done.

... and to test DOWNLOAD speed, add the extra command line option -R ...

ubnt@erx:~$ iperf3 -c iperf.as42831.net -p 5300-5400 -R
Connecting to host iperf.as42831.net, port 5300
Reverse mode, remote host iperf.as42831.net is sending
[  5] local 192.168.1.2 port 45878 connected to 31.132.7.130 port 5300
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  62.0 MBytes   519 Mbits/sec                  
[  5]   1.00-2.00   sec  61.5 MBytes   516 Mbits/sec                  
[  5]   2.00-3.00   sec  42.8 MBytes   358 Mbits/sec                  
[  5]   3.00-4.00   sec  60.4 MBytes   508 Mbits/sec                  
[  5]   4.00-5.00   sec  62.2 MBytes   522 Mbits/sec                  
[  5]   5.00-6.00   sec  61.6 MBytes   517 Mbits/sec                  
[  5]   6.00-7.00   sec  62.0 MBytes   520 Mbits/sec                  
[  5]   7.00-8.00   sec  62.2 MBytes   522 Mbits/sec                  
[  5]   8.00-9.00   sec  62.0 MBytes   519 Mbits/sec                  
[  5]   9.00-10.00  sec  62.1 MBytes   522 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.04  sec   602 MBytes   503 Mbits/sec  744             sender
[  5]   0.00-10.00  sec   599 MBytes   502 Mbits/sec                  receiver
iperf Done.

OLD

speedtest-cli / deprecated in favour of iPerf3 above

UPDATE - SEPTEMBER 2022 / add --secure option to fix error

UPDATE - APRIL 2021 / new version fixes not working on ER-X

Download python software ...

curl -O https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py
chmod a+rx speedtest.py
sudo mv speedtest.py /usr/local/bin/speedtest-cli
ls -lah /usr/local/bin/speedtest-cli

Test python software (server ID 32775 is Trooli in Maidstone) ...

speedtest-cli --secure --simple --no-pre-allocate --server 32775

Write shell scripts for cron ...

vi /root/speedtest.sh

/usr/local/bin/speedtest-cli --secure --simple --no-pre-allocate >/tmp/speedtest_result.txt
SHOW_LOG=$(cat /tmp/speedtest_result.txt)
/usr/bin/python /usr/bin/pushover-cli --quiet "${SHOW_LOG}" "SPEEDTEST"
chmod +x /root/speedtest.sh
vi /root/speedtest_to_influx.sh

echo "speedtest,host=erx download=`grep 'Download' /tmp/speedtest_result.txt | awk '{ print $2 }'`,upload=`grep 'Upload' /tmp/speedtest_result.txt | awk '{ print $2 }'`" | nc 192.168.0.252 8094
chmod +x /root/speedtest_to_influx.sh

Add shell scripts to cron ...

crontab -e
7 11,23 * * * /root/speedtest.sh
@hourly /root/speedtest_to_influx.sh

Thanks - https://community.ubnt.com/t5/EdgeMAX/EdgeOS-Command-Line-Speed-Test-via-speedtest-net

Your Own Speedtest Mini Server

https://www.tecmint.com/speedtest-mini-server-to-test-bandwidth-speed/

wget http://c.speedtest.net/mini/mini.zip

speedtest-cli --secure --simple --no-pre-allocate --mini http://www.domain.co.uk/speedtest/mini/ >/tmp/speedtest-cli_result.txt

https://gist.github.com/sparanoid-bot/4441239

HOWTO: Time Based MAC Address Blocking

rule 10 {
    action drop
    description "Block Gaming PC"
    source {
        mac-address 11:11:11:11:11:11
    }
    time {
        starttime 22:00:00
        stoptime 07:59:59
        weekdays Mon,Tue,Wed,Thu
    }
    time {
        starttime 00:00:00
        stoptime 07:59:59
        weekdays Fri,Sat
    }
}
  1. Login
  2. Firewall / NAT
  3. Firewall Policies
  4. LAN_IN > Action > Edit Ruleset
  5. Add New Rule
  6. Description = Block Kids PC
  7. Tick Enable
  8. Action = Drop
  9. All Protocols
  10. Source = MAC Address
  11. Time > Start Time = 22:00:00 > Stop Time = 06:00:00
  12. Save
  13. Click little (x) next to tick
  14. Logout

Quoted here by me - https://community.ubnt.com/t5/EdgeMAX/Set-up-time-limits-for-kids-internet-access/m-p/1826628#M149231

Thanks to Ubiquiti Community Forum

HOWTO: Improve Throughput On PPPoE

configure
set system offload ipv4 pppoe enable
commit
save
exit

Thanks - https://blog.linitx.com/howto-significantly-improve-slow-throughput-edgerouter-lite-pppoe/

SSH Keys Access

Copy your SSH public key to the device...

scp /home/user/.ssh/id_rsa.pub ubnt@192.168.0.1:~/id_rsa.pub

Log in to the device...

ssh ubnt@192.168.0.1

Switch to configure mode...

configure

Load SSH key to the user...

loadkey ubnt ~/id_rsa.pub

Commit...

commit

Save ...

save

Exit...

exit

Logout and test...

exit
ssh ubnt@192.168.0.1

Thanks - https://community.ubnt.com/t5/EdgeMAX/ssh-authorized-keys/td-p/458361

Thanks - http://www.bciuca.com/2014/02/08/edgemax-ssh-pubkey/

Network Monitoring Data Collection

SNMP

https://github.com/jbehrends/monitoring_scripts/blob/master/graphite/edgerouter_metrics.sh

https://gist.github.com/nbrownus/b6a5b1e16256f5ba035b5c0dcbae7532

Grafana

https://grafana.com/dashboards/1756

NetFlow

configure
set system flow-accounting interface <interface>
# Optional parameter if flows should be collected for egress traffic.
# set system flow-accounting netflow enable-egress
set system flow-accounting netflow engine-id <0-255>
set system flow-accounting netflow server <IP of remote netflow monitoring tool> port 2055
set system flow-accounting netflow version <1|5|9>
commit

https://community.ubnt.com/t5/EdgeMAX/Help-setting-up-NetFlow/td-p/464367

https://community.ubnt.com/t5/EdgeMAX/Netflow/m-p/365221#M3097

https://www.reddit.com/r/Ubiquiti/comments/3kobad/netflow_on_edgerouter_x_on_17/

https://forums.manageengine.com/topic/ubiquiti-edgemax-analyzer-config-issue

nTop

http://www.ntop.org/nprobe/running-nprobe-and-ntopng-on-ubiquity-edgerouter-lite/

Forum

https://help.ubnt.com/hc/en-us/categories/200321064-EdgeMAX

Bootloader Update

curl -O https://dl.ubnt.com/firmwares/edgemax/v1.8.0/update-boot.sh
sudo bash update-boot.sh
reboot

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-X-X-SFP-bootloader-update/ba-p/1472216

uPnP

Config Tree > service > upnp > listen-on > interface

SNMP

Official UniFi MIBs can be downloaded from HERE and HERE (those are 2 different files).

https://github.com/jbehrends/monitoring_scripts/blob/master/graphite/edgerouter_metrics.sh

http://leerspace.com/2014/11/08/snmp-and-mrtg-ubiquiti-edgerouter-lite-ubuntu-server/

https://gist.github.com/nbrownus/dfd8ab05728bbf8ff5993ac0d34eaeb6

CLI

https://community.ubnt.com/t5/EdgeMAX/EdgeOS-CLI-Primer-part-1/td-p/285388

Edit Config Manually

You can edit the config file in the vi or nano editors ...

sudo vi /config/config.boot

... then check the file with these commands (in this example I have changed just the system 'host-name') ...

ubnt@erx:~# configure
[edit]
root@erx# load
Loading configuration from '/config/config.boot'...
Load complete.  Use 'commit' to make changes active.
[edit]
root@erx# compare
[edit system]
>host-name fish
[edit]
root@erx# commit
[edit]
root@erx# save
Saving configuration to '/config/config.boot'...
Done
[edit]
root@erx# exit

... then reboot to apply the changes ...

ubnt@erx:~# reboot

Change Config Editing Directly Safe Boot

Save a couple of copies of the current config.boot file with different names...

configure
save config.boot-old
save config.boot-new
exit

Then, edit the file config.boot-new and save it...

vi /config/config.boot-new    (press I to come out of view mode, then press ESC then press :wq to save)

Once finished...

configure
load config.boot-new
commit-confirm 10

If all is ok, issue confirm and save within 10 mins, otherwise, the router will reboot with the previous config.

Ubiquiti Community Forum Post

Change Network IP Address Range and Subnet

Assuming the network 192.168.1.0/24 is on switch0 (192.168.1.1), via cli (use SSH, eg.putty) type these commands...

configure
delete interfaces switch switch0 address
set interfaces switch switch0 address 10.0.0.1/24
commit
save

Change eth0 Config from PPPoE to IP

https://community.ui.com/questions/EdgeRouter-X-change-only-part-of-config-eth0-pppoe-to-static-ip/3cbd51c1-d2ab-4b68-9f24-e9d9737192b3

Firewall Regions Explanation

WAN_IN is from the internet, through the router, and onward to your LAN. In very general terms, you want to drop 90% of this mess - it's script kiddies, port scans, nigerian princes, and anyone else you don't want able to head through your router. Obviously, you're gonna want to allow ports 80, 443, 25, and others if you're running those types of services. If you haven't got any idea what I'm talking about with those three ports, better to not open them.

WAN_LOCAL is from the internet to your router, with no intention of going farther. Best to just drop everything on this interface -- unless, for example it's a router at a remote site, and you've got a static at your main site, so you allow traffic from 10.10.x.y/28 (note, I'm using private address space as an example, real world would depend on your ISP).

LAN_IN is everything inbound to the router from your LAN (e.g. 192.168.1.0/24) that's destined for somewhere else (WAN, other LAN such as 192.168.2.0/24). In a SMB, or SOHO setup, this is probably explicitly permissive. In an enterprise setting, this may or may not be permissive (e.g. blocking all outgoing traffic except for SFTP on a non-standard port).

LAN_LOCAL is everything inbound to the router from your LAN destined for the router. Again, unless you're doing enterprise routing, this is probably fairly open - although good SMB setups with guest networks may block the guest network range.

Command Auto Completion

You can press the ? key to find the top-level commands, then type that command and ? again to find the options for that top-level command.

?
show ?
show version
show interfaces
show interfaces ?
show interfaces ethernet

You can also use the keyboard Tab button to complete the options.

Show Configuration

There are 2 ways to show the current configuration - in a tree or in commands:-

show configuration all
show configuration commands

If you use the 'commands' option, you can then grep or 'match' the output to limit results.

show configuration commands | match system

Edit Configuration

You have to enter 'edit' mode first, and it will show you after every command that you are in this 'edit' mode with a separate line just above the prompt showing [edit]...

configure

When you have finished your command changes, you can show your changes, to check...

compare

To make the changes active, you have to save them...

commit

Then, come out of configure mode...

exit

Unifi Security Gateway USG

USG Manual Quick Start Guide

Port Forwarding

Unifi Cloud Key

Troubleshooting Offline Cloud Key and Other Stability Issues

UniFi - Accounts and Passwords for Controller, Cloud Key, and Other Devices

EdgeRouter or USG Virgin Media Cable SuperHub3

  1. If so as you say WAN to USG cable in bottom socket.
  2. Set USG to get a DHCP address on the WAN side.
  3. No other settings required to be input.
  4. Delete or disable your current BT PPPoE settings though if they are still in USG or ER-X.
  5. After setting up USG you will need to reboot the Virgin hub.

Superhub3 Modem Mode Ubiquiti Amplifi

as legacy1 turn on modem mode on the hub.. turn off both hub and the Amplifi Router, making sure got ethernet cable attached nearest the coax cable going into the WAN port of the Amplifi Router.. turn on the hub give it a few minutes then the Amplifi Router..

this would mean the Amplifi Router deals with all DHCP/NAT security etc etc.. just means only 1 port will be active on the hub.

Ubiquiti and Virgin Media Cable

  1. Set the Virgin Superhub to run in modem only mode. This stops it being a router and makes it like the oldVirgin/Telewest/NTL cable modem from Scientific Atlanta etc.
  2. Connect alternative router to the bottom RJ-45 ethernet socket only on the Superhub.
  3. When you have set up new router don't forget to reboot Virgin Superhub.

How do I put my Virgin Media hub into modem mode?

EdgeRouter VDSL

ECI Openreach modem for FTTC
B-FOCuS V-2FUb/r Rev.B

Yes it does support BT FTTC Infinity. Use PPoE and connect to white BT modem with Cat 5e cable. Set MTU at 1492.

https://community.ubnt.com/t5/UniFi-Routing-Switching/does-edgerouter-support-vdsl/td-p/1112045

https://community.plus.net/t5/Fibre-Broadband/Config-for-Ubiquiti-ER-X-EdgeRouter-X-on-Plusnet-FTTC/m-p/1293820

https://community.ubnt.com/t5/EdgeMAX/BT-infinity-fibre-optic-setup/m-p/1183648/highlight/true#M57491

http://wiki.indie-it.com/wiki/DSL_Devices#British_Telecom

Purchase

https://mangolassi.it/search?term=er-x&in=titlesposts

TOUGHSwitch PoE

Downloads

Firmware

User Guide

Default IP Address

192.168.1.20

https://192.168.1.20

Default Username & Password

Username: ubnt
Password: ubnt

Maximum Password Length

Eight characters

IPSec VPN Passthrough

http://community.ubnt.com/t5/EdgeMAX/Newbie-Simple-1-LAN-1-WAN-SOHO-Setup/td-p/1377745

HOWTO: INSTALL: DEPENDANT SOFTWARE:

** THIS IS NOW NO LONGER REQUIRED. PLEASE SEE 16.04 INSTRUCTIONS BELOW **

ORACLE JAVA 8:

Add the repository:

sudo nano /etc/apt/sources.list

# Java 8
deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main 
deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main

Save (CTRL+o) and exit (CTRL+x).

Add the keyserver and install the software:

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com EEA14886
sudo apt-get update
sudo apt-get install jsvc oracle-java8-installer oracle-java8-set-default

Check the installed version:

java -version

MongoDB:

Open the sources.list and add the line shown in bold at the end of the file:

sudo nano /etc/apt/sources.list

deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen

Save (CTRL+o) and exit (CTRL+x).

Add the keyserver and install the software:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
sudo apt-get update
sudo apt-get install mongodb

HOWTO: INSTALL: UniFi

NEW METHOD

Easy Update Scripts

Latest script for Ubuntu 16.04 = 5.10.25 (June 2019)

UniFi Controller Versions



OLD METHOD

UniFi can either be installed from a .deb file or via a PPA repository:

Ubuntu Server 16.04 From .deb File:

  1. Visit Ubiquiti's download page
  2. In the SOFTWARE section, click on "UniFi v4.x.x Controller for Debian/Ubuntu Linux"
  3. Locate the file called "unifi_sysvinit_all.deb" and download it
sudo dpkg -i unifi_sysvinit_all.deb
sudo apt-get -f install

Ubuntu Server 14.04 From .deb File:

  • Visit Ubiquiti's download page
  • In the SOFTWARE section, click on "UniFi v4.x.x Controller for Debian/Ubuntu Linux"
  • Locate the file called "unifi_sysvinit_all.deb" and download it
sudo dpkg -i --force-depends unifi_sysvinit_all.deb

Ubuntu Server 14.04 From Repository:

The following is an installation on Ubuntu Server 14.04.

Add the repository and keyservers by editing the following file adding the lines shown in bold at the end of the file:

sudo nano /etc/apt/sources.list
# Ubiquiti Unifi
deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti
 
# Mongodb
deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen

Add the following key servers, the first for Unifi itself the second for MongoDB:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
sudo apt-get update

Finally, install the software:

sudo apt-get install unifi stable, or
sudo apt-get install unifi-rapid better than standard not as bleeding edged as beta
sudo apt-get install unifi-beta

HOWTO: Install a valid SSL Certificate in UniFi Controller

https://kx.cloudingenium.com/ubiquiti/unifi/install-valid-ssl-certificate-ubiquiti-networks-unifi-controller/

LetsEncrypt SSL Certificate

https://lg.io/2015/12/13/using-lets-encrypt-to-secure-cloud-hosted-services-like-ubiquitis-mfi-unifi-and-unifi-video.html

RaspberryPi:

Official

http://community.ubnt.com/t5/UniFi-Wireless/Raspberry-Pi-and-Unifi/m-p/1167782#M91180

http://community.ubnt.com/t5/UniFi-Wireless/Finished-Raspberry-PI2-Image/m-p/1187658#M94346

http://community.ubnt.com/t5/UniFi-Controller-Installation/UniFi-Installing-the-Controller-software-on-Raspberry-Pi/ta-p/1127992

https://community.ubnt.com/t5/UniFi-Wireless/Unifi-4-6-3-on-raspberry-pi-2/m-p/1249829

https://community.ubnt.com/t5/UniFi-Wireless/New-upgraded-Raspberry-Pi-2-as-a-unifi-controller/td-p/1164776

Unofficial

Logan Marchione.

Kowen Houston - Instructions here.

Kowen Houston - Download here.

Erik Van Paassen

Lowe Family

Amazon Web Services

  1. Install a UniFi Cloud Controller on Amazon Web Services
  2. Change the Firmware Using Local Upgrade Via SSH
  3. Adopt to Remote UniFi Controller Via SSH

https://www.youtube.com/watch?v=NSMM5dT1vSk

https://www.youtube.com/watch?v=y5tkToD_nds

Cloud Controller

https://miketabor.com/install-ubiquiti-unifi-controller-cloud/

https://www.stevejenkins.com/blog/2016/05/diy-cloud-hosting-ubiquiti-ubnt-unifi-controller/

HOWTO: POST INSTALLATION ACTIONS:

Define The Java Version:

Edit the following file, adding the path to Java 8 installation:

sudo nano /etc/init.d/unifi

JAVA_HOME= # Edit this line to match that shown below

JAVA_HOME=/usr/lib/jvm/java-8-oracle

Open The Required Firewall Ports:

Open ports on the server's firewall (in this example UFW):

For internal connection:

sudo ufw allow from 192.168.0.0/24 to any port 8080 proto tcp
sudo ufw allow from 192.168.0.0/24 to any port 8081 proto tcp
sudo ufw allow from 192.168.0.0/24 to any port 8443 proto tcp
sudo ufw allow from 192.168.0.0/24 to any port 8843 proto tcp
sudo ufw allow from 192.168.0.0/24 to any port 8880 proto tcp
sudo ufw allow from 192.168.0.0/24 to any port 27117 proto tcp
sudo ufw allow from 192.168.0.0/24 to any port 3478 proto udp

Details of the ports required by Unifi can be found here.

Port 3478 UDP relates to STUN server usage so if you are not using VOIP hardware this port is not needed.

If your server already uses any of the ports listed above how to change those used by Unifi can be found here.

The file to alter to use different ports can be found in the following location:

/usr/lib/unifi/data/system.properties

Accessing The Web Interface:

https://your.server.ip:8443/manage

All being well you should see similar to the picture below:

Unifi Controller Home Screen.jpg

INFO:

Fix Clients Not Connecting to Nearest Access Point

Roku

https://community.roku.com/t5/Wi-Fi-connectivity/Problems-Connecting-to-Closest-Unifi-Access-Point/td-p/535155

Legacy Products

Ubiquiti's Vintage and Legacy Products

Classic Interface

Unifi New To Legacy Interface -01.jpg

Switch to the legacy Unifi Controller interface.

LED Lights

https://help.ubnt.com/hc/en-us/articles/204910134-UniFi-LED-Color-Patterns-in-UniFi-Devices

Wireless Networks + VLAN

Unifi Controller Admin

Wireless Networks

  • "red" --> normal
  • "green" --> advanced options --> VLAN 10

Networks

  • "red" --> Corporate --> Subnet 192.168.x.x/24
  • "green" --> VLAN Only --> VLAN 10

Profiles

  • Switch Ports --> "green" --> Native Network = "green(10)"
  • Switch Ports --> "red" --> Native Network = "red"

Unifi Traffic Bandwidth Limiting

How To Set Traffic Bandwith Limits

Unifi Krack Patch

Fix Krack Vulnerability

Backup File

/var/lib/unifi/backup/autobackup/

https://help.ubnt.com/hc/en-us/articles/205231940

config.properties File

Location, creation & edition:

cd var/lib/unifi/sites/{site_name} # This can be found from the address bar in the browser, if it is the first controller you have created it should be called 'default'
sudo touch config.properties
sudo nano -w config.properties

Log Files

https://help.ubnt.com/hc/en-us/articles/204959834

Zero Handoff

https://help.ubnt.com/hc/en-us/articles/205144590

HOWTO: VARIOUS

Start, Stop or Restart

sudo service unifi start|stop|restart

View Log File

cat /var/log/unifi/server.log

Reset and Restore Original Firmware

https://support.purplewifi.net/en/support/solutions/articles/1000024706-ubiquiti-unifi-ap-restoring-to-original-firmware

Turn off Radios

2.4Ghz

  • Select the AP, go to Config > RADIOS > Radio 2G > uncheck "Allow meshing from other access points".
  • Go to WLANS > WLAN 2G > from the dropdown select Off instead of Default.
  • Apply Changes

5Ghz

  • Select the AP, go to Config > RADIOS > Radio 5G > uncheck "Allow meshing from other access points".
  • Go to WLANS > WLAN 5G > from the dropdown select Off instead of Default.
  • Apply Changes

HOWTO: FIX:

High TCP Latency

https://tipsforefficiency.com/unifi-high-tcp-latency/

https://tipsforefficiency.com/unifi-auto-optimize-network/

Restore Recordings

https://help.ui.com/hc/en-us/articles/220670367-UniFi-Video-How-to-Reset-a-UniFi-Video-Installation-for-Linux-UVC-NVR#2

Unblock Client

Go to the UniFi app > ...More > IPS Traffic Log > Select the alert > Client > Block / Unblock / Unauthorize / Reconnect

Lost Password

If you need to reset your UniFi password at HostiFi, you should use the password reset link from your controller. This article is for resetting passwords on non-HostiFi controllers, to help users migrate when they have lost their old credentials.

Find the "name" of the admin you want to reset with this command:

mongo --port 27117 ace --eval "db.admin.find().forEach(printjson);"

Replace <username> with the admin account name you found above:

mongo --port 27117 ace --eval 'db.admin.update( { "name" : "<username>" }, { $set : { "x_shadow" : "$6$ybLXKYjTNj9vv$dgGRjoXYFkw33OFZtBsp1flbCpoFQR7ac8O0FrZixHG.sw2AQmA5PuUbQC/e5.Zu.f7pGuF7qBKAfT/JRZFk8/" } } )'

Now you can log in as that admin with the password password.

https://support.hostifi.com/en/articles/3561102-how-to-reset-unifi-password-from-ssh

Repair MongoDB

mongod --dbpath /usr/lib/unifi/data/db --smallfiles --logpath /usr/lib/unifi/logs/server.log --repair

https://help.ubnt.com/hc/en-us/articles/360006634094#3

Restore Backup

https://help.ubnt.com/hc/en-us/articles/204952144-UniFi-How-can-I-restore-a-backup-configuration-

LG Nexus 5 Not Connecting To UAP AC Lite 5GHz Wi-Fi

Change the 5GHz Channel to less than 52.

Thanks - https://community.ubnt.com/t5/UniFi-Wireless/AP-AC-Lite-5Ghz-no-SSID-shown-Nexus-5-not-connecting-to-5Ghz/td-p/1954343

Error: ace_stat bad offset repair database

Assertion failure: _unindex failed: bad offset:0 accessing file: /usr/lib/unifi/data/db/ace.0 - consider repairing database

https://community.ubnt.com/t5/UniFi-Wireless/HOW-TO-Repair-MongoDB-on-Linux/td-p/2198176 (with handy auto repair script)

https://community.ubnt.com/t5/UniFi-Wireless/Repair-MongoDB-filling-HD-with-tmp-repairDatabase-directories/td-p/1746765

https://community.ubnt.com/t5/UniFi-Wireless/How-to-repair-Mongo-DB-and-Restore-Journaling/td-p/1799965

https://community.ubnt.com/t5/UniFi-Wireless/Repair-Replace-Corrupted-Collections-in-MongoDB/td-p/2131432

My Forum Post

NOTES

Need to add a second virtual disk for the repair.

repairDatabase requires free disk space equal to the size of your current data set plus 2 gigabytes. If the volume that holds dbpath lacks sufficient space, you can mount a separate volume and use that for the repair. When mounting a separate volume for repairDatabase you must run repairDatabase from the command line and use the --repairpath switch to specify the folder in which to store temporary repair files. For example:

--repairpath <path>

Default: A _tmp_repairDatabase_<num> directory under the dbPath. Specifies a working directory that MongoDB will use during the --repair operation. When --repair completes, the --repairpath directory is empty, and dbPath contains the repaired files. The --repairpath must be within the dbPath. You can specify a symlink to --repairpath to use a path on a different file system.

mongod --repair --repairpath /opt/vol2/data


NEW

sudo -i
service unifi stop
service unifi-voip stop
service unifi-video stop
pkill -KILL mongod
pidof mongod
rm -fv /var/lib/unifi/db/mongod.lock
su -c "mongod --dbpath /var/lib/unifi/db --repair" unifi
service unifi start

OLD

$ /usr/bin/mongo --port 27117
MongoDB shell version: 2.0.4
connecting to: 127.0.0.1:27117/test
> use ace
switched to db ace
> db.repairDatabase()
{ "ok" : 1 }
> exit
bye

If that does not work, then you will have to stop unifi, uninstall, clear db folder (/usr/lib/unifi/data/db), install same version, restore from backup.

sudo apt-get remove unifi
sudo apt-get autoremove (to nuke mongodb stuff)
mv /var/lib/unifi /var/lib/unifi.bak (later to be deleted)
sudo apt-get install unifi

Error: MongoDB Journal Files Eating Disc Space.

A. MONGO DB PRUNE OLD DATA FIX

wget "https://help.ubnt.com/hc/article_attachments/115024095828/mongo_prune_js.js"
sudo mongo --port 27117 < mongo_prune_js.js

Official Unifi Page

B. SMALL FILES FIX

  1. stop system wide mongodb from starting
  2. edit system.properties file for smallfiles parameter
  3. start unifi
sudo nano /etc/init/mongodb.conf
     ENABLE_MONGODB="no"
sudo nano /usr/lib/unifi/data/system.properties
     unifi.db.extraargs=--smallfiles
sudo update-rc.d -f mongodb remove
sudo service unifi start

Thanks - https://community.ubnt.com/t5/UniFi-Wireless/UNIFI-Eating-all-disk-space-Mongodb/td-p/395410

Also - https://help.ubnt.com/hc/en-us/articles/204911424-UniFi-How-to-remove-prune-older-data-and-adjust-mongo-database-size

$ ll /var/lib/mongodb/journal/
total 3.1G
drwxr-xr-x 2 mongodb nogroup 4.0K 2015-08-03 15:54 .
drwxr-xr-x 3 mongodb mongodb 4.0K 2015-08-03 15:22 ..
-rw------- 1 mongodb nogroup 1.0G 2015-08-03 15:54 prealloc.0
-rw------- 1 mongodb nogroup 1.0G 2015-08-03 15:43 prealloc.1
-rw------- 1 mongodb nogroup 1.0G 2015-08-03 15:43 prealloc.2
$ rm -rfv /var/lib/mongodb/journal/*
removed ‘/var/lib/mongodb/journal/prealloc.0’
removed ‘/var/lib/mongodb/journal/prealloc.1’
removed ‘/var/lib/mongodb/journal/prealloc.2’
$ df
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sda1      ext4   10G  3.5G  6.0G  37% /
$ nano /usr/lib/unifi/data/system.properties 
unifi.db.nojournal=true       # disable mongodb journaling

Error: Keystore Missing.

If the the following is listed in the error log file:

/usr/lib/unifi/data/keystore (No such file or directory)

FIX

sudo service unifi stop
sudo keytool -genkey -keyalg RSA -alias selfsigned -keystore /usr/lib/unifi/data/keystore -storepass aircontrolenterprise -validity 365 -keysize 2048 -destalias unifi

Answer the following questions by pressing enter up until the line starting "Is CN=" when you will need to answer "Y" then press enter:

What is your first and last name?
 [Unknown]:  
What is the name of your organizational unit?
 [Unknown]:  
What is the name of your organization?
 [Unknown]:  
What is the name of your City or Locality?
 [Unknown]:  
What is the name of your State or Province?
 [Unknown]:  
What is the two-letter country code for this unit?
 [Unknown]:  
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
 [no]:

Finally start Unifi:

sudo service unifi start

Thanks to Calvin Bui.

HOME

  1. Modem Router Firewall
  2. POE Switch
  3. Wi-Fi Access Point

LINKS

Perform A Site Survey

https://ubntwiki.com/guides/performing_a_site_survey - Quick and dirty without speciality equipment/software.

Tools

Unifi Planner

Unifi Design Center

Doorbell

https://store.ui.com/collections/unifi-protect/products/uvc-g4-doorbell

UniFi Protect Network Video Recorder

https://store.ui.com/collections/unifi-protect/products/unifi-protect-nvr

UniFi Dream Machine Pro

https://store.ui.com/collections/unifi-network-routing-switching/products/udm-pro

Various Useful

Why devices are not connecting to the closest AP?

Mental Home Network

Mental Home Network

Guest Network

https://www.youtube.com/watch?v=I8D6ju2AvpI

https://help.ubnt.com/hc/en-us/articles/115000166827-UniFi-Wireless-Guest-Network-Setup

Ubiquiti Videos

Various

Review

http://arstechnica.com/gadgets/2015/10/review-ubiquiti-unifi-made-me-realize-how-terrible-consumer-wi-fi-gear-is/

CLI

https://help.ubnt.com/hc/en-us/articles/204976584-EdgeMAX-Connect-to-CLI-With-Telnet

http://community.ubnt.com/t5/tkb/v2/page/blog-id/CLI_Basics%40tkb/page/1

EdgeRouter Pro

http://community.ubnt.com/t5/EdgeMAX/Newbie-Simple-1-LAN-1-WAN-SOHO-Setup/m-p/1377745

http://community.ubnt.com/t5/EdgeMAX/Basic-SOHO-Home-Config/m-p/398057

https://help.ubnt.com/hc/en-us/articles/205197660-EdgeMAX-SOHO-Example

http://sohovercomplicated.com/edgerouter-basic-soho-router-firewall-part-1-the-basics/

UniFi

https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-3-2-7-is-released/ba-p/1085473

https://community.ubnt.com/t5/UniFi-Wireless/Unifi-4-2-Controller-Install-Guide-Linux-Ubuntu-Server-14-10/td-p/1158280

https://community.ubnt.com/t5/UniFi-Wireless/UNIFI-controller-for-linux/m-p/962877

https://community.ubnt.com/t5/UniFi-Wireless/UniFi-controller-on-Debian-v7-1-x64-not-working/td-p/523245

http://wiki.ubnt.com/UniFi_FAQ#Operation_and_Deployment

http://sunstatetechnology.com/docs/UniFiControllerInstallation.pdf

https://calvin.me/install-unifi-controller-ubuntu/

https://community.ubnt.com/t5/UniFi-Wireless/Unifi-Controller-Setup-for-Remote-Location-Cloud-NOC/td-p/312142

http://community.ubnt.com/t5/UniFi-Controller-Installation/UniFi-Install-the-controller-software-on-the-UniFi-Video-NVR/ta-p/814754

https://www.youtube.com/watch?v=NSMM5dT1vSk

http://www.msdist.co.uk/Unifi_questions_extract_from_Ubiquiti_Forum.pdf

https://www.youtube.com/watch?v=juE0qH-D6Gs&index=3&list=PLqmQzXAOhOQj8AT31sc1seFJG0v0sSQ0m

https://www.youtube.com/watch?v=uKxgyt1kArw&index=15&list=PLqmQzXAOhOQj8AT31sc1seFJG0v0sSQ0m

Error related:

https://community.ubnt.com/t5/UniFi-Wireless/UniFi-Apache-500-Error/td-p/948953

https://community.ubnt.com/t5/UniFi-Wireless/UniFi-on-Ubuntu-help-needed/td-p/238635

http://community.ubnt.com/t5/UniFi-Wireless/HTTP-Status-400/td-p/621497

http://community.ubnt.com/t5/UniFi-Wireless/Apache-Tomcat-HTTP-Status-400/m-p/654089/highlight/true

http://forum.thecus.com/viewtopic.php?f=36&t=8004