Difference between revisions of "Ubiquiti"
Plittlefield (talk | contribs) (→iPerf) |
Plittlefield (talk | contribs) (→iPerf) |
||
Line 770: | Line 770: | ||
https://www.stevejenkins.com/blog/2015/10/using-the-ubiquiti-edgerouters-built-in-bandwidth-tester/ | https://www.stevejenkins.com/blog/2015/10/using-the-ubiquiti-edgerouters-built-in-bandwidth-tester/ | ||
+ | |||
+ | To test UPLOAD speed, run ... | ||
iperf3 -c iperf.as42831.net -p 5300-5400 | iperf3 -c iperf.as42831.net -p 5300-5400 | ||
Full output ... | Full output ... | ||
− | + | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
ubnt@erx:~$ iperf3 -c iperf.as42831.net -p 5300-5400 | ubnt@erx:~$ iperf3 -c iperf.as42831.net -p 5300-5400 | ||
Connecting to host iperf.as42831.net, port 5300 | Connecting to host iperf.as42831.net, port 5300 | ||
Line 810: | Line 795: | ||
[ 5] 0.00-10.00 sec 256 MBytes 215 Mbits/sec 32 sender | [ 5] 0.00-10.00 sec 256 MBytes 215 Mbits/sec 32 sender | ||
[ 5] 0.00-10.04 sec 255 MBytes 213 Mbits/sec receiver | [ 5] 0.00-10.04 sec 255 MBytes 213 Mbits/sec receiver | ||
− | + | iperf Done. | |
+ | |||
+ | ... and to test DOWNLOAD speed, add the extra command line option '''-R''' ... | ||
+ | |||
+ | ubnt@erx:~$ iperf3 -c iperf.as42831.net -p 5300-5400 '''-R''' | ||
+ | Connecting to host iperf.as42831.net, port 5300 | ||
+ | Reverse mode, remote host iperf.as42831.net is sending | ||
+ | [ 5] local 192.168.1.2 port 45878 connected to 31.132.7.130 port 5300 | ||
+ | [ ID] Interval Transfer Bitrate | ||
+ | [ 5] 0.00-1.00 sec 62.0 MBytes 519 Mbits/sec | ||
+ | [ 5] 1.00-2.00 sec 61.5 MBytes 516 Mbits/sec | ||
+ | [ 5] 2.00-3.00 sec 42.8 MBytes 358 Mbits/sec | ||
+ | [ 5] 3.00-4.00 sec 60.4 MBytes 508 Mbits/sec | ||
+ | [ 5] 4.00-5.00 sec 62.2 MBytes 522 Mbits/sec | ||
+ | [ 5] 5.00-6.00 sec 61.6 MBytes 517 Mbits/sec | ||
+ | [ 5] 6.00-7.00 sec 62.0 MBytes 520 Mbits/sec | ||
+ | [ 5] 7.00-8.00 sec 62.2 MBytes 522 Mbits/sec | ||
+ | [ 5] 8.00-9.00 sec 62.0 MBytes 519 Mbits/sec | ||
+ | [ 5] 9.00-10.00 sec 62.1 MBytes 522 Mbits/sec | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | [ ID] Interval Transfer Bitrate Retr | ||
+ | [ 5] 0.00-10.04 sec 602 MBytes 503 Mbits/sec 744 sender | ||
+ | [ 5] 0.00-10.00 sec 599 MBytes 502 Mbits/sec receiver | ||
iperf Done. | iperf Done. | ||
Latest revision as of 08:38, 12 April 2024
Ubiquiti Networks is an American technology company started in 2005. Based in New York, NY, Ubiquiti manufactures wireless data communication products for enterprise and wireless broadband providers with a primary focus on under-served and emerging markets.
Unifi Cloud Key Gen2 Plus
Migration
Cloud Key 1
Migrating our SDN network settings and historical data from the original Cloud Key to the Cloud Key Gen2 was extraordinarily simple:
- Download a backup from your original Cloud Key. (In UniFi Controller, go to Settings > Maintenance > Backup. Click Download Backup).
- Safely shut down your original Cloud Key. (Settings > Maintenance > Cloud Key Operations. Click the Shut Down Cloud Key button.)
- After following the initial setup of your UniFi Cloud Key G2, start the setup wizard.
- Select restore from a previous backup. Then upload the backup from your original Cloud Key.
Unifi Controller Self Hosted
...
https://lazyadmin.nl/home-network/migrate-unifi-controller/
Unifi Security Gateway
The UniFi Security Gateway extends the UniFi Enterprise System to provide cost-effective, reliable routing and advanced security for your network.
Ubiquiti - Unifi Security Gateway
Ubiquiti - Unifi Security Gateway - Quick Start Guide
How to access the Draytek Vigor 130 via the Unifi USG
UniFi - UAP Antenna Radiation Patterns
https://help.ubnt.com/hc/en-us/articles/115005212927-UniFi-UAP-Antenna-Radiation-Patterns
Speed Test Network
https://blog.ui.com/2019/08/13/ubiquiti-launches-a-speed-test-network/
UNMS
Ubiquiti Network Management System
AirMAX AirOS
Update
WEB
TFTP
airMAX - How to Reset Your Device with TFTP Firmware Recovery
root@ubuntu:tftp 192.168.1.20 tftp> bin tftp> trace tftp> put WA.v8.5.0.36727.180118.1314.bin Sent 1965199 bytes in 35.2 seconds tftp> exit
Then, SSH in, rename file, run the update command.
SSH
airMAX - How to Upgrade the Firmware Via CLI SSH
ssh ubnt@deviceip cd /tmp/ wget http://url/firmwarefile.bin mv firmwarefile.bin fwupdate.bin fwupdate.real -m /tmp/fwupdate.bin
OTHERS
UBNTMOD Update Linux Shell Script
Downloads
Point-to-MultiPoint (PtMP)
How to Configure a Point-to-Point Link (Layer 2, Transparent Bridge)
Align Antennas
Test Data Transfer Rate
On computer other side of bridge...
sudo iperf -s -p 5201
On computer this side of bridge...
sudo iperf -c 192.168.0.252 -p 5201 ------------------------------------------------------------ Client connecting to 192.168.0.252, TCP port 5201 TCP window size: 85.0 KByte (default) ------------------------------------------------------------ [ 3] local 192.168.0.250 port 41222 connected with 192.168.0.252 port 5201 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.1 sec 75.2 MBytes 62.5 Mbits/sec
Returns
Unifi Controller in the Cloud
Set up UniFi Controller on Google Cloud Platform
Install a UniFi Cloud Controller on Amazon Web Services
Migrating Sites with Site Export Wizard
VPN
IPsec L2TP
EdgeRouter - IPsec L2TP Server
EdgeMAX L2TP over IPsec VPN Server with Firewall Exceptions (VIDEO)
EdgeRouter - PPTP VPN with local users / RADIUS
OpenVPN
Disable IGMP Snooping
Edit the config.properties file...
config.igmpsnoop_enabled.[ssid]=false
UniFi - Explaining the config.properties File
Using Raspberry Pi as a Monitor for UniFi Video Cameras
https://www.youtube.com/watch?v=oRrgn3DWinE
Ubiquiti RELEASES
https://community.ui.com/releases/
Unifi UPGRADE Controller Software
NEW
OLD
Easy Upgrade Scripts for Ubuntu Linux
Unifi UPGRADE Access Point Firmware
ssh ubnt@IP upgrade https://dl.ubnt.com/path/to/upgrade-vX.Y.Z.bin
https://help.ubnt.com/hc/en-us/articles/204910064-UniFi-Changing-the-firmware-of-a-UniFi-device
Unifi Best Channel Selection Multiple UAPs
Try to use different channels on each UAP, I recommend the following Radio Settings.
- Devices > UAP > Config > Radios
2.4 GHz Channel width: HT20 Chanel: 1/6/11 | Choose one of these channels, a RF scan will help you choose the most clean one. Transmit Power: Low ( Medium ) 5GHz Channel width: VHT40 | Optional VHT80/VHT160 might decrease wireless stability Chanel: 36/44 | Optional (149/157) Choose one of these channels, a RF scan will help you choose the most clean one. Avoid using DFS Channels Transmit Power: Medium ( High )
Unifi Multiple Super Admins
Setup First Super Admin Account First, setup the controller with the first super admin account like normal. Usually, the first account that you create when setting it up is the original super admin.
Next, enable Cloud Access to that account.
Add Second (or more) Admin Accounts
Next, add the second (and third, fourth, etc. if applicable) admin account.
Login to New Admin Account(s) and Enable Cloud Access
Login to the controller with the new admin account, navigate to Cloud Access, enable it and enter the username for the Cloud Access account. Note that this username will be different than the username used for the original super admin account.
Repeat this process for additional admins.
Change Admin(s) to Super Admin(s)
Log back in to the controller with the original super admin account, then change the admin account(s) to super admin using the "Role" drop-down menu.
Now you can have multiple super admin accounts each with their own Cloud Access accounts.
Why do this? Why not just have one super admin account and multiple admin accounts?
I found that there isn't much difference between the two account types, other than that admins cannot adopt devices, setup new sites, and don't have access to the Maintenance or Auto Backup menu options on the left navigation pane. For us, we wanted all three administrators to have those functions.
Unifi Delete Super Admin
Settings > Admins > Select User > Edit > Role > Read Only > Save Settings > Admins > Select User > Delete
Unifi Unblock Client
On both the web interface and the smart phone app...
Insights > Client > Unblock
Unifi Video
Controller
Glenn R's Easy Installation and Update Script
https://www.ui.com/download/unifi-video
Latest Software: 3.10.10
Restore Recordings
Unifi Video Firmware Upgrade To Fix Sun Shadow Issues
ubnt_system_cfg write test.analytics.bgmodel ubnt4; cfgmtd -w -p /etc; reboot
https://community.ubnt.com/t5/UniFi-Video-Blog/UniFi-Video-3-9-7-Release/ba-p/2393780
Unifi Video Cloud Account
Unifi Video Firewall Ports
7080 7443 7446
https://help.ubnt.com/hc/en-us/articles/217875218-UniFi-Video-Ports-Used
Unifi Switch 24
Reboot
- With a paper clip, depress the Reset button until you feel it click. Hold for 1 second, then let go.
Reset
Correct Method
Resetting a Unifi Switch
- Power off the device: Just unplug the power cable
- Forget the device in the controller: Open your controller, select the device, click settings and scroll down to forget (only if applicable)
- Unplug all network cables: A PoE enabled switch will not factory reset when it is providing PoE to connected devices
- Plug the power back in and let the device boot, do NOT press the reset button yet!
- Wait for the device to fully boot, the led will turn dark blue (or stay white if it wasn’t adopted before, approximately 5 minutes max)
- Press the reset button for 5 seconds: Use a paperclip to press the button for 5 seconds to initiate the factory reset
- When the reset is completed the led will turn pale blue. You can now adopt the switch in the controller
https://lazyadmin.nl/home-network/reset-unifi-switch/
Normal Method
- With a paper clip, depress the Reset button until you feel it click. Hold for 10 seconds, then let go.
Hail Mary Method
- Unplug the power cable.
- With a paper clip, depress the Reset button until you feel it click. Hold firm.
- Plug in power, while continuing to hold paper clip firm.
- Wait until the LED begins flashing in a repeating pattern: Off Blue White.
- Release paper clip reset.
- Unplug the power cable. Wait 5 seconds; say Hail Mary, and plug power cable back in.
EdgeMax Dual WAN Failover Load Balancing
https://help.ubnt.com/hc/en-us/articles/205145990-EdgeMAX-Dual-WAN-load-balance-feature
Unifi VoIP - Configure Network Controller
http://www.northbynorth.ca/howto-configure-a-unifi-network-for-voip/
UniFi VoIP - How To Manage Themes
https://help.ubnt.com/hc/en-us/articles/224333808-UniFi-VoIP-Theme-Management-Guide
UniFi VoIP - How to Manually Upgrade UVP App/Platform
EdgeMAX
DHCP
TCP Dump Check
sudo tcpdump -npi switch0 -vv port 67 or port 68
List Active Leases
show dhcp leases pool LAN
List Expired Leases
show dhcp leases expired
Clear Lease For IP Address
clear dhcp lease ip 192.168.0.124
Fix Errors In Syslog
show log | grep 'dhcpd'
If you see similar to this in the syslog...
Mar 1 01:59:34 ubnt dhcpd: uid lease 192.168.0.124 for client fc:ec:da:62:f1:98 is duplicate on LAN
...then run the command...
clear dhcp lease ip 192.168.0.124
...which will clear all mention of that IP and restart the DHCP daemon.
EdgeRouterX with DrayTek Vigor 130
The Vigor 130 is a pre-configured VDSL2 / ADSL2+ modem that takes a VDSL2 or ADSL2+ connection and performs full pass-through / bridge to Ethernet presentation, which can then be used by a device such as a router to connect directly to the internet. For the official specification of the Vigor130, refer to this link.
The Vigor 130 does not store any Internet usernames or passwords itself - those go into your router, or whatever you are connecting to the Vigor 130.
The settings on the Vigor 130 are correct for most UK lines out of the box, so in most cases it should only be necessary to configure the router that it is connected to.
The DrayTek Vigor 130 modem has a web interface available on http://192.168.2.1 (username of "admin" and password of "admin" by default).
This can be used to check ADSL / VDSL diagnostic information or re-configure the modem to bridge a DHCP / Static IP connection if required.
Some routers such as the Vigor 2860 and Vigor 2925 can display the Vigor 130's VDSL statistics automatically in the router's web interface, which can be found in the [Online Status] > [Physical Connection] page of the router's web interface.
Default Vigor 130 settings:
- Configured to pass through a PPPoE connection
- VDSL2 VLAN Tag is set to 101
- ADSL VPI/VCI is set to 0/38 for PPPoA connections, 0/101 for MPoA connections
The above are the correct settings for the majority of UK ISPs so you do not need to change any settings on your Vigor 130 or access its web interface. Go straight to your router setup. Some exceptions are Kingston/Karoo, O2 and Vodafone Ireland - each of those has their own settings, so check with them for their latest, specifically for your DSL type (ADSL or VDSL).
Setup Procedure:
- Connect the RJ-11 port (marked 'DSL') on the Vigor 130 to the VDSL or ADSL line.
- Connect the RJ-45 Ethernet port on the Vigor 130 to the WAN ethernet port of your router (or PC).
- Configure the WAN interface on your router to use PPPoE and enter the username and password details for the internet connection.
DrayTek Vigor 130 (Official Web Page)
Maintaining Access to the DrayTek Vigor 130 Web GUI Interface
Install NANO Editor
configure set system package repository debian url http://archive.debian.org/debian/ set system package repository debian distribution wheezy set system package repository debian components main commit save exit cat /etc/apt/sources.list deb http://archive.debian.org/debian/ wheezy main # debian # sudo apt-get update sudo apt-get check sudo apt-get install nano
HOWTO: Ping Test
/bin/ping -c5 1.1.1.1
HOWTO: Show PPP Connection Drops
show log | grep 'pppd'
Feb 6 09:25:38 ubnt pppd[1896]: Serial link appears to be disconnected. Feb 6 09:25:44 ubnt pppd[1896]: Connection terminated: no multilink. Feb 6 09:25:44 ubnt pppd[1896]: Modem hangup Feb 6 09:26:49 ubnt pppd[1896]: Timeout waiting for PADO packets Feb 6 09:26:54 ubnt pppd[1896]: Connected to e4:81:84:78:94:64 via interface eth0 Feb 6 09:26:54 ubnt pppd[1896]: Connect: ppp0 <--> eth0 Feb 6 09:26:54 ubnt pppd[1896]: CHAP authentication succeeded Feb 6 09:26:54 ubnt pppd[1896]: peer from calling number E4:81:84:78:94:64 authorized Feb 6 09:26:55 ubnt pppd[1896]: local IP address xxx.xxx.xx.xx Feb 6 09:26:55 ubnt pppd[1896]: remote IP address xxx.xxx.130.249
HOWTO: Show PPP Log Verbose
Full details...
show interfaces pppoe pppoe0 log | cat
No response to 6 echo-requests Serial link appears to be disconnected. ipcp: down Connect time 103.8 minutes. Sent 88650017 bytes, received 2817987958 bytes. Script /etc/ppp/ip-down started (pid 8751) sent [LCP TermReq id=0x1a "Peer not responding"] sent [LCP TermReq id=0x1b "Peer not responding"] Connection terminated: no multilink. Modem hangup Script /etc/ppp/ip-down finished (pid 8751), status = 0x0
Just connected times...
show interfaces pppoe pppoe0 log | grep 'Connect time'
PPP Templates
/opt/vyatta/etc/pppoe-provider-template
PPP Disconnects Check Script
# cat /root/ppp_disconnects_to_grafana.sh #!/bin/bash LOGFILE=$HOME/ppp_disconnected.log NEW_LOG=$(egrep -i 'pppd.*disconnected' /var/log/messages |tail -n1 |sed 's/ / /') echo "NEW_LOG=$NEW_LOG" if [ ! -f $LOGFILE ]; then echo $NEW_LOG > $LOGFILE else OLD_LOG=$(cat $LOGFILE) echo "OLD_LOG=$OLD_LOG" if [ "$NEW_LOG" == "$OLD_LOG" ] ; then echo No change echo "pppd,host=erx result=0" | nc 192.168.0.252 8094 else echo $NEW_LOG > $LOGFILE echo Change echo "pppd,host=erx result=1" | nc 192.168.0.252 8094 /usr/bin/python /usr/bin/pushover-cli --quiet "${NEW_LOG}" "ERX" fi fi
HOWTO: Show DNS Information
show dns forwarding status show dns forwarding statistics
HOWTO: Show Configuration
Config...
show configuration all
Commands...
show configuration commands
HOWTO: Check Firewall Port Forwarding Rules
Check config...
show configuration commands |grep 'port-forward'
Check kernel firewall iptables...
sudo -i iptables -L -v -n
HOWTO: Edit Date and Time On A Firewall Rule
show configuration commands |grep 'firewall.*' configure set firewall name LAN_IN rule 30 time starttime '21:59:59' commit save exit
HOWTO: Enable and Disable Firewall Rule
show configuration commands |grep 'firewall' (so you can find the correct rule) configure delete firewall name LAN_IN rule 20 disable (to enable rule) set firewall name LAN_IN rule 20 disable (to disable rule) commit save exit
HOWTO: Change Default User Password
configure set system login user ubnt authentication plaintext-password MyN3wP4ssw0rd commit save exit
HOWTO: Hardware Offloading
UPDATE: Yeah, jury is still out on this... on the ER-X it does not seem to make any difference and if you're using Smart Queue Management QoS then it won't work on that anyway!
Offloading is used to execute functions of the router using the hardware directly, rather than a process of software functions to greatly increase performance.
https://help.ubnt.com/hc/en-us/articles/115006567467
HOWTO: Smart Bandwidth Queue
Find your Download and Upload speed on the Internet (http://speedtest.net)
EdgeOS > QoS > Smart Queue > WAN Interface: pppoe0 > Upload: <upload speed> Mbits/sec > Download: <download speed> Mbits/sec > Apply
https://community.ubnt.com/t5/EdgeRouter/ER-X-QoS-Smart-Queue-WAN-Interface-SOLVED/td-p/2315465
HOWTO: Bandwidth Limit Single IP Address
This will limit a single IP address of 192.168.0.17 (the teenager) to 1Mb download and 500Kb upload speed...
EdgeOS > QoS > Basic Queue > Add Queue > Source: 192.168.0.17 > Rate (upload): 500k > Queue Type: SFQ > Reverse Rate (download): 1m > Queue Type: SFQ > Apply
HOWTO: URL Blocking Proxy
configure set service webproxy listen-address 192.168.0.1 (IP Address of your edge router!) set service webproxy url-filtering squidguard local-block twitter.com set service webproxy url-filtering squidguard local-block facebook.com set service webproxy url-filtering squidguard local-block youtube.com commit save exit
https://help.ubnt.com/hc/en-us/articles/205202680-EdgeMAX-Web-proxy-service-for-filtering
https://ahmeddirie.com/technology/networking/url-filtering-and-blocking-crap-with-vyatta/
HOWTO: Add DNS Entries
ssh ubnt@192.168.0.1 ubnt@ubnt:~$ configure [edit] ubnt@ubnt# set system static-host-mapping host-name unifi inet 192.168.0.252 [edit] ubnt@ubnt# commit [edit] ubnt@ubnt# save Saving configuration to '/config/config.boot'... Done [edit] ubnt@ubnt# exit exit ubnt@ubnt:~$ logout Connection to 192.168.0.1 closed. host unifi ping unifi
HOWTO: Keep Custom Scripts After Firmware Upgrade
root@ubnt:~# ls -lah /config/scripts/ total 20 -rwxr-xr-x 1 root root 168 Mar 22 10:16 check_pppd.sh -rwxr-xr-x 1 root root 545 Apr 5 11:19 ppp_disconnects_to_grafana.sh -rwxr-xr-x 1 root root 244 Mar 22 10:11 speedtest.sh -rwxr-xr-x 1 root root 194 Mar 22 10:12 speedtest_to_influx.sh
root@ubnt:~# ls -lah /config/scripts/post-config.d/ total 20 -rwxr-xr-x 1 root vyattacf 215 Mar 24 17:43 startup
cat /config/scripts/post-config.d/startup #!/bin/bash startup='/tmp/startup_check' if [ -e $startup ]; then echo "Startup exists. Exiting." exit 0; fi cp -a /config/scripts/*.sh /root/ crontab -u root /config/scripts/root.crontab cp -a /config/scripts/speedtest-cli /usr/local/bin/ cp -a /config/scripts/pushover-cli /usr/bin/ cp -a /config/scripts/pushover-cli.conf /etc/ touch $startup exit 0
HOWTO: Upgrade EdgeOS firmware
https://help.ubnt.com/hc/en-us/articles/205146110-EdgeMAX-Upgrading-EdgeOS-firmware
ER-X
https://www.ui.com/download/edgemax/edgerouter-x
NEW IMAGES WITH BOOTLOADER IMAGE
- Update firmware using cli (shown below this)
- Reboot
- Run commands below to Update Bootloader Image
- Reboot (this can take up to 10 minutes)
ubnt@erx:~$ show system boot-image The system currently has the following boot image installed: Current boot version: UNKNOWN Current boot md5sum : 7580ebd7ce9303243292f586ab7c6daf New uboot version is available: boot_e51_001_1e49c.tar.gz New boot md5sum : e2a286b6ff09ce6d14f631dafaff6027 Run "add system boot-image" to upgrade boot image. ubnt@erx:~$ add system boot-image Uboot version [UNKNOWN] is about to be replaced Warning: Don't turn off the power or reboot during the upgrade! Are you sure you want to replace old version? (Yes/No) [Yes]: Preparing to upgrade...Done Copying upgrade boot image...Done Checking boot version: Current is UNKNOWN; new is e51_001_1e49c ...Done Checking upgrade image...Done Writing image...Done Upgrade boot completed ubnt@erx:~$ show system boot-image The system currently has the following boot image installed: Current boot version: e51_001_1e49c Current boot md5sum : e2a286b6ff09ce6d14f631dafaff6027 ubnt@erx:~$ reboot now
Note: The ER-X/ER-X-SFP/EP-R6 has more limited storage, and in some cases upgrade may fail due to not enough space. If this happens, remove the old backup image first (using "delete system image" command below) before doing upgrade. The system will always have at least 2 images so you are alright to remove the older one.
Command Line
show version show system image delete system image show system image add system image https://dl.ui.com/firmwares/edgemax/v1.10.11/ER-e50.v1.10.11.5274269.tar show system image show system image storage sudo shutdown
Turn off for 3 minutes. Turn on.
show version show system image logout
HOWTO: How to Limit the Download/Upload Rate of LAN
https://help.ubnt.com/hc/en-us/articles/220716608
Useful CLI
https://www.reddit.com/r/Ubiquiti/comments/33zkhu/useful_edgerouter_cli_commands_settings/
Firewall CLI
ssh ubnt@192.168.0.1 ubnt@ubnt:~$ configure ubnt@ubnt# show firewall name LAN_IN ubnt@ubnt# edit firewall name LAN_IN ubnt@ubnt# run show configuration commands ubnt@ubnt# set rule 7 time starttime '21:50:00' ubnt@ubnt# set rule 8 time starttime '21:50:00' ubnt@ubnt# compare ubnt@ubnt# commit ubnt@ubnt# top ubnt@ubnt# show firewall name LAN_IN ubnt@ubnt# save ubnt@ubnt# exit ubnt@ubnt:~$ logout
Install Pushover Command Line Client
sudo -i curl -o /usr/bin/pushover-cli https://raw.githubusercontent.com/markus-perl/pushover-cli/master/pushover-cli chmod +x /usr/bin/pushover-cli nano /etc/pushover-cli.conf
user=uJzixzfTJNOTTHISONExxxxVJHGaZF4V token=ak5x2hzNOTHISONEon8vpea9 priority=normal verbose=0 quiet=0
root@ubnt:~# cp -av /usr/bin/pushover-cli /config/scripts/ root@ubnt:~# cp -av /etc/pushover-cli.conf /config/scripts/
/usr/bin/python /usr/bin/pushover-cli --quiet "Message :-)" "TEST"
Check PPP Disconnects CLI
#!/bin/bash # # check_pppd.sh # SHOW_LOG=$(egrep -i 'pppd.*disconnected' /var/log/messages |tail -n1) /usr/bin/python /usr/bin/pushover-cli --quiet "${SHOW_LOG}" "ERX"
crontab -e @daily ~/check_pppd.sh
ROOT Crontabs After Firmware Upgrade CLI
47 2,14 * * * /root/speedtest.sh @hourly /root/speedtest_to_influx.sh @daily /root/check_pppd.sh * * * * * /root/ppp_disconnects_to_grafana.sh
Speedtest CLI
iPerf
https://www.stevejenkins.com/blog/2015/10/using-the-ubiquiti-edgerouters-built-in-bandwidth-tester/
To test UPLOAD speed, run ...
iperf3 -c iperf.as42831.net -p 5300-5400
Full output ...
ubnt@erx:~$ iperf3 -c iperf.as42831.net -p 5300-5400 Connecting to host iperf.as42831.net, port 5300 [ 5] local 192.168.1.2 port 45850 connected to 31.132.7.130 port 5300 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 26.2 MBytes 220 Mbits/sec 15 398 KBytes [ 5] 1.00-2.00 sec 26.0 MBytes 217 Mbits/sec 0 447 KBytes [ 5] 2.00-3.00 sec 25.2 MBytes 212 Mbits/sec 0 482 KBytes [ 5] 3.00-4.00 sec 25.6 MBytes 215 Mbits/sec 14 380 KBytes [ 5] 4.00-5.00 sec 25.3 MBytes 212 Mbits/sec 0 428 KBytes [ 5] 5.00-6.00 sec 25.4 MBytes 213 Mbits/sec 0 471 KBytes [ 5] 6.00-7.00 sec 25.6 MBytes 215 Mbits/sec 1 375 KBytes [ 5] 7.00-8.00 sec 25.6 MBytes 215 Mbits/sec 0 425 KBytes [ 5] 8.00-9.00 sec 25.4 MBytes 213 Mbits/sec 0 460 KBytes [ 5] 9.00-10.00 sec 25.5 MBytes 214 Mbits/sec 2 359 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 256 MBytes 215 Mbits/sec 32 sender [ 5] 0.00-10.04 sec 255 MBytes 213 Mbits/sec receiver iperf Done.
... and to test DOWNLOAD speed, add the extra command line option -R ...
ubnt@erx:~$ iperf3 -c iperf.as42831.net -p 5300-5400 -R Connecting to host iperf.as42831.net, port 5300 Reverse mode, remote host iperf.as42831.net is sending [ 5] local 192.168.1.2 port 45878 connected to 31.132.7.130 port 5300 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 62.0 MBytes 519 Mbits/sec [ 5] 1.00-2.00 sec 61.5 MBytes 516 Mbits/sec [ 5] 2.00-3.00 sec 42.8 MBytes 358 Mbits/sec [ 5] 3.00-4.00 sec 60.4 MBytes 508 Mbits/sec [ 5] 4.00-5.00 sec 62.2 MBytes 522 Mbits/sec [ 5] 5.00-6.00 sec 61.6 MBytes 517 Mbits/sec [ 5] 6.00-7.00 sec 62.0 MBytes 520 Mbits/sec [ 5] 7.00-8.00 sec 62.2 MBytes 522 Mbits/sec [ 5] 8.00-9.00 sec 62.0 MBytes 519 Mbits/sec [ 5] 9.00-10.00 sec 62.1 MBytes 522 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.04 sec 602 MBytes 503 Mbits/sec 744 sender [ 5] 0.00-10.00 sec 599 MBytes 502 Mbits/sec receiver iperf Done.
OLD
speedtest-cli / deprecated in favour of iPerf3 above
UPDATE - SEPTEMBER 2022 / add --secure option to fix error
UPDATE - APRIL 2021 / new version fixes not working on ER-X
Download python software ...
curl -O https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py chmod a+rx speedtest.py sudo mv speedtest.py /usr/local/bin/speedtest-cli ls -lah /usr/local/bin/speedtest-cli
Test python software (server ID 32775 is Trooli in Maidstone) ...
speedtest-cli --secure --simple --no-pre-allocate --server 32775
Write shell scripts for cron ...
vi /root/speedtest.sh /usr/local/bin/speedtest-cli --secure --simple --no-pre-allocate >/tmp/speedtest_result.txt SHOW_LOG=$(cat /tmp/speedtest_result.txt) /usr/bin/python /usr/bin/pushover-cli --quiet "${SHOW_LOG}" "SPEEDTEST"
chmod +x /root/speedtest.sh
vi /root/speedtest_to_influx.sh echo "speedtest,host=erx download=`grep 'Download' /tmp/speedtest_result.txt | awk '{ print $2 }'`,upload=`grep 'Upload' /tmp/speedtest_result.txt | awk '{ print $2 }'`" | nc 192.168.0.252 8094 chmod +x /root/speedtest_to_influx.sh
Add shell scripts to cron ...
crontab -e 7 11,23 * * * /root/speedtest.sh @hourly /root/speedtest_to_influx.sh
Thanks - https://community.ubnt.com/t5/EdgeMAX/EdgeOS-Command-Line-Speed-Test-via-speedtest-net
Your Own Speedtest Mini Server
https://www.tecmint.com/speedtest-mini-server-to-test-bandwidth-speed/
wget http://c.speedtest.net/mini/mini.zip speedtest-cli --secure --simple --no-pre-allocate --mini http://www.domain.co.uk/speedtest/mini/ >/tmp/speedtest-cli_result.txt
https://gist.github.com/sparanoid-bot/4441239
HOWTO: Time Based MAC Address Blocking
rule 10 { action drop description "Block Gaming PC" source { mac-address 11:11:11:11:11:11 } time { starttime 22:00:00 stoptime 07:59:59 weekdays Mon,Tue,Wed,Thu } time { starttime 00:00:00 stoptime 07:59:59 weekdays Fri,Sat } }
- Login
- Firewall / NAT
- Firewall Policies
- LAN_IN > Action > Edit Ruleset
- Add New Rule
- Description = Block Kids PC
- Tick Enable
- Action = Drop
- All Protocols
- Source = MAC Address
- Time > Start Time = 22:00:00 > Stop Time = 06:00:00
- Save
- Click little (x) next to tick
- Logout
Quoted here by me - https://community.ubnt.com/t5/EdgeMAX/Set-up-time-limits-for-kids-internet-access/m-p/1826628#M149231
Thanks to Ubiquiti Community Forum
HOWTO: Improve Throughput On PPPoE
configure set system offload ipv4 pppoe enable commit save exit
Thanks - https://blog.linitx.com/howto-significantly-improve-slow-throughput-edgerouter-lite-pppoe/
SSH Keys Access
Copy your SSH public key to the device...
scp /home/user/.ssh/id_rsa.pub ubnt@192.168.0.1:~/id_rsa.pub
Log in to the device...
ssh ubnt@192.168.0.1
Switch to configure mode...
configure
Load SSH key to the user...
loadkey ubnt ~/id_rsa.pub
Commit...
commit
Save ...
save
Exit...
exit
Logout and test...
exit ssh ubnt@192.168.0.1
Thanks - https://community.ubnt.com/t5/EdgeMAX/ssh-authorized-keys/td-p/458361
Thanks - http://www.bciuca.com/2014/02/08/edgemax-ssh-pubkey/
Network Monitoring Data Collection
SNMP
https://github.com/jbehrends/monitoring_scripts/blob/master/graphite/edgerouter_metrics.sh
https://gist.github.com/nbrownus/b6a5b1e16256f5ba035b5c0dcbae7532
Grafana
https://grafana.com/dashboards/1756
NetFlow
configure set system flow-accounting interface <interface> # Optional parameter if flows should be collected for egress traffic. # set system flow-accounting netflow enable-egress set system flow-accounting netflow engine-id <0-255> set system flow-accounting netflow server <IP of remote netflow monitoring tool> port 2055 set system flow-accounting netflow version <1|5|9> commit
https://community.ubnt.com/t5/EdgeMAX/Help-setting-up-NetFlow/td-p/464367
https://community.ubnt.com/t5/EdgeMAX/Netflow/m-p/365221#M3097
https://www.reddit.com/r/Ubiquiti/comments/3kobad/netflow_on_edgerouter_x_on_17/
https://forums.manageengine.com/topic/ubiquiti-edgemax-analyzer-config-issue
nTop
http://www.ntop.org/nprobe/running-nprobe-and-ntopng-on-ubiquity-edgerouter-lite/
Forum
https://help.ubnt.com/hc/en-us/categories/200321064-EdgeMAX
Bootloader Update
curl -O https://dl.ubnt.com/firmwares/edgemax/v1.8.0/update-boot.sh sudo bash update-boot.sh reboot
uPnP
Config Tree > service > upnp > listen-on > interface
SNMP
Official UniFi MIBs can be downloaded from HERE and HERE (those are 2 different files).
https://github.com/jbehrends/monitoring_scripts/blob/master/graphite/edgerouter_metrics.sh
http://leerspace.com/2014/11/08/snmp-and-mrtg-ubiquiti-edgerouter-lite-ubuntu-server/
https://gist.github.com/nbrownus/dfd8ab05728bbf8ff5993ac0d34eaeb6
CLI
https://community.ubnt.com/t5/EdgeMAX/EdgeOS-CLI-Primer-part-1/td-p/285388
Edit Config Manually
You can edit the config file in the vi or nano editors ...
sudo vi /config/config.boot
... then check the file with these commands (in this example I have changed just the system 'host-name') ...
ubnt@erx:~# configure [edit] root@erx# load Loading configuration from '/config/config.boot'... Load complete. Use 'commit' to make changes active. [edit] root@erx# compare [edit system] >host-name fish [edit] root@erx# commit [edit] root@erx# save Saving configuration to '/config/config.boot'... Done [edit] root@erx# exit
... then reboot to apply the changes ...
ubnt@erx:~# reboot
Change Config Editing Directly Safe Boot
Save a couple of copies of the current config.boot file with different names...
configure save config.boot-old save config.boot-new exit
Then, edit the file config.boot-new and save it...
vi /config/config.boot-new (press I to come out of view mode, then press ESC then press :wq to save)
Once finished...
configure load config.boot-new commit-confirm 10
If all is ok, issue confirm and save within 10 mins, otherwise, the router will reboot with the previous config.
Change Network IP Address Range and Subnet
Assuming the network 192.168.1.0/24 is on switch0 (192.168.1.1), via cli (use SSH, eg.putty) type these commands...
configure delete interfaces switch switch0 address set interfaces switch switch0 address 10.0.0.1/24 commit save
Change eth0 Config from PPPoE to IP
Firewall Regions Explanation
WAN_IN is from the internet, through the router, and onward to your LAN. In very general terms, you want to drop 90% of this mess - it's script kiddies, port scans, nigerian princes, and anyone else you don't want able to head through your router. Obviously, you're gonna want to allow ports 80, 443, 25, and others if you're running those types of services. If you haven't got any idea what I'm talking about with those three ports, better to not open them.
WAN_LOCAL is from the internet to your router, with no intention of going farther. Best to just drop everything on this interface -- unless, for example it's a router at a remote site, and you've got a static at your main site, so you allow traffic from 10.10.x.y/28 (note, I'm using private address space as an example, real world would depend on your ISP).
LAN_IN is everything inbound to the router from your LAN (e.g. 192.168.1.0/24) that's destined for somewhere else (WAN, other LAN such as 192.168.2.0/24). In a SMB, or SOHO setup, this is probably explicitly permissive. In an enterprise setting, this may or may not be permissive (e.g. blocking all outgoing traffic except for SFTP on a non-standard port).
LAN_LOCAL is everything inbound to the router from your LAN destined for the router. Again, unless you're doing enterprise routing, this is probably fairly open - although good SMB setups with guest networks may block the guest network range.
Command Auto Completion
You can press the ? key to find the top-level commands, then type that command and ? again to find the options for that top-level command.
? show ? show version show interfaces show interfaces ? show interfaces ethernet
You can also use the keyboard Tab button to complete the options.
Show Configuration
There are 2 ways to show the current configuration - in a tree or in commands:-
show configuration all show configuration commands
If you use the 'commands' option, you can then grep or 'match' the output to limit results.
show configuration commands | match system
Edit Configuration
You have to enter 'edit' mode first, and it will show you after every command that you are in this 'edit' mode with a separate line just above the prompt showing [edit]...
configure
When you have finished your command changes, you can show your changes, to check...
compare
To make the changes active, you have to save them...
commit
Then, come out of configure mode...
exit
Unifi Security Gateway USG
Unifi Cloud Key
Troubleshooting Offline Cloud Key and Other Stability Issues
UniFi - Accounts and Passwords for Controller, Cloud Key, and Other Devices
EdgeRouter or USG Virgin Media Cable SuperHub3
- If so as you say WAN to USG cable in bottom socket.
- Set USG to get a DHCP address on the WAN side.
- No other settings required to be input.
- Delete or disable your current BT PPPoE settings though if they are still in USG or ER-X.
- After setting up USG you will need to reboot the Virgin hub.
Superhub3 Modem Mode Ubiquiti Amplifi
as legacy1 turn on modem mode on the hub.. turn off both hub and the Amplifi Router, making sure got ethernet cable attached nearest the coax cable going into the WAN port of the Amplifi Router.. turn on the hub give it a few minutes then the Amplifi Router..
this would mean the Amplifi Router deals with all DHCP/NAT security etc etc.. just means only 1 port will be active on the hub.
Ubiquiti and Virgin Media Cable
- Set the Virgin Superhub to run in modem only mode. This stops it being a router and makes it like the oldVirgin/Telewest/NTL cable modem from Scientific Atlanta etc.
- Connect alternative router to the bottom RJ-45 ethernet socket only on the Superhub.
- When you have set up new router don't forget to reboot Virgin Superhub.
How do I put my Virgin Media hub into modem mode?
EdgeRouter VDSL
ECI Openreach modem for FTTC B-FOCuS V-2FUb/r Rev.B
Yes it does support BT FTTC Infinity. Use PPoE and connect to white BT modem with Cat 5e cable. Set MTU at 1492.
https://community.ubnt.com/t5/UniFi-Routing-Switching/does-edgerouter-support-vdsl/td-p/1112045
http://wiki.indie-it.com/wiki/DSL_Devices#British_Telecom
Purchase
- http://www.broadbandbuyer.co.uk/products/21797-ubiquiti-er-x-uk/
- https://linitx.com/product/ubiquiti-edgemax-edgerouter-x-uk-psu/14588
https://mangolassi.it/search?term=er-x&in=titlesposts
TOUGHSwitch PoE
Downloads
Default IP Address
192.168.1.20
Default Username & Password
Username: ubnt Password: ubnt
Maximum Password Length
Eight characters
IPSec VPN Passthrough
http://community.ubnt.com/t5/EdgeMAX/Newbie-Simple-1-LAN-1-WAN-SOHO-Setup/td-p/1377745
HOWTO: INSTALL: DEPENDANT SOFTWARE:
** THIS IS NOW NO LONGER REQUIRED. PLEASE SEE 16.04 INSTRUCTIONS BELOW **
ORACLE JAVA 8:
Add the repository:
sudo nano /etc/apt/sources.list # Java 8 deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main
Save (CTRL+o) and exit (CTRL+x).
Add the keyserver and install the software:
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com EEA14886 sudo apt-get update sudo apt-get install jsvc oracle-java8-installer oracle-java8-set-default
Check the installed version:
java -version
MongoDB:
Open the sources.list and add the line shown in bold at the end of the file:
sudo nano /etc/apt/sources.list deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen
Save (CTRL+o) and exit (CTRL+x).
Add the keyserver and install the software:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10 sudo apt-get update sudo apt-get install mongodb
HOWTO: INSTALL: UniFi
NEW METHOD
Latest script for Ubuntu 16.04 = 5.10.25 (June 2019)
OLD METHOD
UniFi can either be installed from a .deb file or via a PPA repository:
Ubuntu Server 16.04 From .deb File:
- Visit Ubiquiti's download page
- In the SOFTWARE section, click on "UniFi v4.x.x Controller for Debian/Ubuntu Linux"
- Locate the file called "unifi_sysvinit_all.deb" and download it
sudo dpkg -i unifi_sysvinit_all.deb sudo apt-get -f install
Ubuntu Server 14.04 From .deb File:
- Visit Ubiquiti's download page
- In the SOFTWARE section, click on "UniFi v4.x.x Controller for Debian/Ubuntu Linux"
- Locate the file called "unifi_sysvinit_all.deb" and download it
sudo dpkg -i --force-depends unifi_sysvinit_all.deb
Ubuntu Server 14.04 From Repository:
The following is an installation on Ubuntu Server 14.04.
Add the repository and keyservers by editing the following file adding the lines shown in bold at the end of the file:
sudo nano /etc/apt/sources.list
# Ubiquiti Unifi deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti # Mongodb deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen
Add the following key servers, the first for Unifi itself the second for MongoDB:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10 sudo apt-get update
Finally, install the software:
sudo apt-get install unifi stable, or sudo apt-get install unifi-rapid better than standard not as bleeding edged as beta sudo apt-get install unifi-beta
HOWTO: Install a valid SSL Certificate in UniFi Controller
LetsEncrypt SSL Certificate
RaspberryPi:
Official
http://community.ubnt.com/t5/UniFi-Wireless/Raspberry-Pi-and-Unifi/m-p/1167782#M91180
http://community.ubnt.com/t5/UniFi-Wireless/Finished-Raspberry-PI2-Image/m-p/1187658#M94346
https://community.ubnt.com/t5/UniFi-Wireless/Unifi-4-6-3-on-raspberry-pi-2/m-p/1249829
Unofficial
Kowen Houston - Instructions here.
Kowen Houston - Download here.
Amazon Web Services
- Install a UniFi Cloud Controller on Amazon Web Services
- Change the Firmware Using Local Upgrade Via SSH
- Adopt to Remote UniFi Controller Via SSH
https://www.youtube.com/watch?v=NSMM5dT1vSk
https://www.youtube.com/watch?v=y5tkToD_nds
Cloud Controller
https://miketabor.com/install-ubiquiti-unifi-controller-cloud/
https://www.stevejenkins.com/blog/2016/05/diy-cloud-hosting-ubiquiti-ubnt-unifi-controller/
HOWTO: POST INSTALLATION ACTIONS:
Define The Java Version:
Edit the following file, adding the path to Java 8 installation:
sudo nano /etc/init.d/unifi JAVA_HOME= # Edit this line to match that shown below JAVA_HOME=/usr/lib/jvm/java-8-oracle
Open The Required Firewall Ports:
Open ports on the server's firewall (in this example UFW):
For internal connection:
sudo ufw allow from 192.168.0.0/24 to any port 8080 proto tcp sudo ufw allow from 192.168.0.0/24 to any port 8081 proto tcp sudo ufw allow from 192.168.0.0/24 to any port 8443 proto tcp sudo ufw allow from 192.168.0.0/24 to any port 8843 proto tcp sudo ufw allow from 192.168.0.0/24 to any port 8880 proto tcp sudo ufw allow from 192.168.0.0/24 to any port 27117 proto tcp sudo ufw allow from 192.168.0.0/24 to any port 3478 proto udp
Details of the ports required by Unifi can be found here.
Port 3478 UDP relates to STUN server usage so if you are not using VOIP hardware this port is not needed.
If your server already uses any of the ports listed above how to change those used by Unifi can be found here.
The file to alter to use different ports can be found in the following location:
/usr/lib/unifi/data/system.properties
Accessing The Web Interface:
https://your.server.ip:8443/manage
All being well you should see similar to the picture below:
INFO:
Fix Clients Not Connecting to Nearest Access Point
Roku
Legacy Products
Ubiquiti's Vintage and Legacy Products
Classic Interface
Switch to the legacy Unifi Controller interface.
LED Lights
https://help.ubnt.com/hc/en-us/articles/204910134-UniFi-LED-Color-Patterns-in-UniFi-Devices
Wireless Networks + VLAN
Unifi Controller Admin
Wireless Networks
- "red" --> normal
- "green" --> advanced options --> VLAN 10
Networks
- "red" --> Corporate --> Subnet 192.168.x.x/24
- "green" --> VLAN Only --> VLAN 10
Profiles
- Switch Ports --> "green" --> Native Network = "green(10)"
- Switch Ports --> "red" --> Native Network = "red"
Unifi Traffic Bandwidth Limiting
How To Set Traffic Bandwith Limits
Unifi Krack Patch
Backup File
/var/lib/unifi/backup/autobackup/
https://help.ubnt.com/hc/en-us/articles/205231940
config.properties File
Location, creation & edition:
cd var/lib/unifi/sites/{site_name} # This can be found from the address bar in the browser, if it is the first controller you have created it should be called 'default' sudo touch config.properties sudo nano -w config.properties
Log Files
https://help.ubnt.com/hc/en-us/articles/204959834
Zero Handoff
https://help.ubnt.com/hc/en-us/articles/205144590
HOWTO: VARIOUS
Start, Stop or Restart
sudo service unifi start|stop|restart
View Log File
cat /var/log/unifi/server.log
Reset and Restore Original Firmware
Turn off Radios
2.4Ghz
- Select the AP, go to Config > RADIOS > Radio 2G > uncheck "Allow meshing from other access points".
- Go to WLANS > WLAN 2G > from the dropdown select Off instead of Default.
- Apply Changes
5Ghz
- Select the AP, go to Config > RADIOS > Radio 5G > uncheck "Allow meshing from other access points".
- Go to WLANS > WLAN 5G > from the dropdown select Off instead of Default.
- Apply Changes
HOWTO: FIX:
High TCP Latency
https://tipsforefficiency.com/unifi-high-tcp-latency/
https://tipsforefficiency.com/unifi-auto-optimize-network/
Restore Recordings
Unblock Client
Go to the UniFi app > ...More > IPS Traffic Log > Select the alert > Client > Block / Unblock / Unauthorize / Reconnect
Lost Password
If you need to reset your UniFi password at HostiFi, you should use the password reset link from your controller. This article is for resetting passwords on non-HostiFi controllers, to help users migrate when they have lost their old credentials.
Find the "name" of the admin you want to reset with this command:
mongo --port 27117 ace --eval "db.admin.find().forEach(printjson);"
Replace <username> with the admin account name you found above:
mongo --port 27117 ace --eval 'db.admin.update( { "name" : "<username>" }, { $set : { "x_shadow" : "$6$ybLXKYjTNj9vv$dgGRjoXYFkw33OFZtBsp1flbCpoFQR7ac8O0FrZixHG.sw2AQmA5PuUbQC/e5.Zu.f7pGuF7qBKAfT/JRZFk8/" } } )'
Now you can log in as that admin with the password password.
https://support.hostifi.com/en/articles/3561102-how-to-reset-unifi-password-from-ssh
Repair MongoDB
mongod --dbpath /usr/lib/unifi/data/db --smallfiles --logpath /usr/lib/unifi/logs/server.log --repair
https://help.ubnt.com/hc/en-us/articles/360006634094#3
Restore Backup
https://help.ubnt.com/hc/en-us/articles/204952144-UniFi-How-can-I-restore-a-backup-configuration-
LG Nexus 5 Not Connecting To UAP AC Lite 5GHz Wi-Fi
Change the 5GHz Channel to less than 52.
Error: ace_stat bad offset repair database
Assertion failure: _unindex failed: bad offset:0 accessing file: /usr/lib/unifi/data/db/ace.0 - consider repairing database
https://community.ubnt.com/t5/UniFi-Wireless/HOW-TO-Repair-MongoDB-on-Linux/td-p/2198176 (with handy auto repair script)
NOTES
Need to add a second virtual disk for the repair.
repairDatabase requires free disk space equal to the size of your current data set plus 2 gigabytes. If the volume that holds dbpath lacks sufficient space, you can mount a separate volume and use that for the repair. When mounting a separate volume for repairDatabase you must run repairDatabase from the command line and use the --repairpath switch to specify the folder in which to store temporary repair files. For example:
--repairpath <path>
Default: A _tmp_repairDatabase_<num> directory under the dbPath. Specifies a working directory that MongoDB will use during the --repair operation. When --repair completes, the --repairpath directory is empty, and dbPath contains the repaired files. The --repairpath must be within the dbPath. You can specify a symlink to --repairpath to use a path on a different file system.
mongod --repair --repairpath /opt/vol2/data
NEW
sudo -i service unifi stop service unifi-voip stop service unifi-video stop pkill -KILL mongod pidof mongod rm -fv /var/lib/unifi/db/mongod.lock su -c "mongod --dbpath /var/lib/unifi/db --repair" unifi service unifi start
OLD
$ /usr/bin/mongo --port 27117 MongoDB shell version: 2.0.4 connecting to: 127.0.0.1:27117/test > use ace switched to db ace > db.repairDatabase() { "ok" : 1 } > exit bye
If that does not work, then you will have to stop unifi, uninstall, clear db folder (/usr/lib/unifi/data/db), install same version, restore from backup.
sudo apt-get remove unifi sudo apt-get autoremove (to nuke mongodb stuff) mv /var/lib/unifi /var/lib/unifi.bak (later to be deleted) sudo apt-get install unifi
Error: MongoDB Journal Files Eating Disc Space.
A. MONGO DB PRUNE OLD DATA FIX
wget "https://help.ubnt.com/hc/article_attachments/115024095828/mongo_prune_js.js" sudo mongo --port 27117 < mongo_prune_js.js
B. SMALL FILES FIX
- stop system wide mongodb from starting
- edit system.properties file for smallfiles parameter
- start unifi
sudo nano /etc/init/mongodb.conf ENABLE_MONGODB="no" sudo nano /usr/lib/unifi/data/system.properties unifi.db.extraargs=--smallfiles sudo update-rc.d -f mongodb remove sudo service unifi start
Thanks - https://community.ubnt.com/t5/UniFi-Wireless/UNIFI-Eating-all-disk-space-Mongodb/td-p/395410
$ ll /var/lib/mongodb/journal/ total 3.1G drwxr-xr-x 2 mongodb nogroup 4.0K 2015-08-03 15:54 . drwxr-xr-x 3 mongodb mongodb 4.0K 2015-08-03 15:22 .. -rw------- 1 mongodb nogroup 1.0G 2015-08-03 15:54 prealloc.0 -rw------- 1 mongodb nogroup 1.0G 2015-08-03 15:43 prealloc.1 -rw------- 1 mongodb nogroup 1.0G 2015-08-03 15:43 prealloc.2
$ rm -rfv /var/lib/mongodb/journal/* removed ‘/var/lib/mongodb/journal/prealloc.0’ removed ‘/var/lib/mongodb/journal/prealloc.1’ removed ‘/var/lib/mongodb/journal/prealloc.2’
$ df Filesystem Type Size Used Avail Use% Mounted on /dev/sda1 ext4 10G 3.5G 6.0G 37% /
$ nano /usr/lib/unifi/data/system.properties unifi.db.nojournal=true # disable mongodb journaling
Error: Keystore Missing.
If the the following is listed in the error log file:
/usr/lib/unifi/data/keystore (No such file or directory)
FIX
sudo service unifi stop sudo keytool -genkey -keyalg RSA -alias selfsigned -keystore /usr/lib/unifi/data/keystore -storepass aircontrolenterprise -validity 365 -keysize 2048 -destalias unifi
Answer the following questions by pressing enter up until the line starting "Is CN=" when you will need to answer "Y" then press enter:
What is your first and last name? [Unknown]: What is the name of your organizational unit? [Unknown]: What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit? [Unknown]: Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]:
Finally start Unifi:
sudo service unifi start
Thanks to Calvin Bui.
HOME
LINKS
Perform A Site Survey
https://ubntwiki.com/guides/performing_a_site_survey - Quick and dirty without speciality equipment/software.
Tools
Doorbell
https://store.ui.com/collections/unifi-protect/products/uvc-g4-doorbell
UniFi Protect Network Video Recorder
https://store.ui.com/collections/unifi-protect/products/unifi-protect-nvr
UniFi Dream Machine Pro
https://store.ui.com/collections/unifi-network-routing-switching/products/udm-pro
Various Useful
Why devices are not connecting to the closest AP?
Mental Home Network
Guest Network
https://www.youtube.com/watch?v=I8D6ju2AvpI
https://help.ubnt.com/hc/en-us/articles/115000166827-UniFi-Wireless-Guest-Network-Setup
Ubiquiti Videos
Review
CLI
https://help.ubnt.com/hc/en-us/articles/204976584-EdgeMAX-Connect-to-CLI-With-Telnet
http://community.ubnt.com/t5/tkb/v2/page/blog-id/CLI_Basics%40tkb/page/1
EdgeRouter Pro
http://community.ubnt.com/t5/EdgeMAX/Newbie-Simple-1-LAN-1-WAN-SOHO-Setup/m-p/1377745
http://community.ubnt.com/t5/EdgeMAX/Basic-SOHO-Home-Config/m-p/398057
https://help.ubnt.com/hc/en-us/articles/205197660-EdgeMAX-SOHO-Example
http://sohovercomplicated.com/edgerouter-basic-soho-router-firewall-part-1-the-basics/
UniFi
https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-3-2-7-is-released/ba-p/1085473
https://community.ubnt.com/t5/UniFi-Wireless/UNIFI-controller-for-linux/m-p/962877
http://wiki.ubnt.com/UniFi_FAQ#Operation_and_Deployment
http://sunstatetechnology.com/docs/UniFiControllerInstallation.pdf
https://calvin.me/install-unifi-controller-ubuntu/
https://www.youtube.com/watch?v=NSMM5dT1vSk
http://www.msdist.co.uk/Unifi_questions_extract_from_Ubiquiti_Forum.pdf
https://www.youtube.com/watch?v=juE0qH-D6Gs&index=3&list=PLqmQzXAOhOQj8AT31sc1seFJG0v0sSQ0m
https://www.youtube.com/watch?v=uKxgyt1kArw&index=15&list=PLqmQzXAOhOQj8AT31sc1seFJG0v0sSQ0m
Error related:
https://community.ubnt.com/t5/UniFi-Wireless/UniFi-Apache-500-Error/td-p/948953
https://community.ubnt.com/t5/UniFi-Wireless/UniFi-on-Ubuntu-help-needed/td-p/238635
http://community.ubnt.com/t5/UniFi-Wireless/HTTP-Status-400/td-p/621497
http://community.ubnt.com/t5/UniFi-Wireless/Apache-Tomcat-HTTP-Status-400/m-p/654089/highlight/true