unifi

i have moved my entire network to a unifi system. this wiki just details things which are of importance for the setup to be smooth. Migrating it was quite straight forward. this guide assumes that you have a full unifi setup, which comprise:

• usg gateway
• unifi switch (poe)
• unifi cloudkey (controller)
• unifi access point(s)

jump straight to…

• setting up unifi hardware
• dynamic dns setup
• aggregating nas links
• reserve your device ips
• setting up your cloudkey
• adopting new access points
• install snmp on your cloudkey
• troubleshooting snmp issues
• unable to download snmp
• vpn setup on unifi
• mongodb fix
• unifi poller setup

ssh commands required
majority of the ssh commands requires nano or vim. my choice of a terminal editor would be nano. to find out more how to use nano, visit the following page to get the basics.

look out for notes
notes are placed in the guides, these markers requires your attention.

• 🗣 note: comments which you should take note of.
• ⚠️ important: comments which are important.

report inaccuracies and errors
if something in this guide is inaccurate, wrong, or outdated, report it by scanning the qr code.

---

👨🏻‍💻 [setting up the hardware]

1. refer to the following help guide from unifi on how to have your hardware setup.

• unifi beginner’s guide

---

👨🏻‍💻 [setting up private domain (dynamic dns)]

1. first, you will need to have a static ip from your isp provider.

2. secondly, you need to sign up for a dns service (e.g namecheap)

3. thirdly, after you have had your unifi setup and already connected to the internet, the dns service can be found at the following.

4. login to your controller then navigate to settings > gateway > dynamic dns

🗣 note: navigation menu is based on the new layout.

5. settings for unifi dns settings below are only for namecheap, for other dns companies, please look at their guides and settings.

---

👨🏻‍💻 [aggregating nas links]

1. after plugging your nas lan cables into the switch, just select the first port of two and click on aggregate.

2. apply changes and you’re done.

---

👨🏻‍💻 [reserving your device ips]

🗣 note: this is important for me as i want my devices to retain its internal ip addresses.

1. login to your controller.

2. go to devices.

3. select the device. (e.g. access point)

4. click on the gear icon. (config)

5. locate network and key in the ip address.

---

👨🏻‍💻 [moving to cloudkey]

🗣 note: if you are using an os-based unifi controller and will be moving to a unifi cloudkey, these are the steps to migrate.

1. follow the instructions to pre-setup your cloudkey and remove it from your unifi switch.

2. backup your current os-based controller.

3. shutdown your os-based controller.

4. plug in and start your cloudkey controller to be adopted.

• ⚠️ **important: it is important to know that if you fail to shutdown the original controller, you will have issues adopting your unifi devices onto the cloudkey
• visit unifi and sign-up for an account. if done correctly, you will be able to see your CloudKey which require adopting.

once you have completed the adoption, from unifi’s cloudkey portal

launch your site and restore your settings and your devices will automatically adopt.

---

👨🏻‍💻 [getting access points to recognise a new controller]

🗣 note: if you will be adding a new access point to your setup, follow these steps.

1. ssh into ap with controller’s credentials.

2. reset to default with the following command:

    syswrapper.sh restore-default

3. the connection will be terminated.

4. now ssh into the new access point using default credentials ubnt/ubnt.

5. run the command:

    use mca-cli shell

6. followed by:

    set-inform x.x.x.x:8080/inform

🗣 note: x.x.x.x refers to your cloudkey-ip.

7. the access point will reboot and then provision.

---

👨🏻‍💻 [installing snmp on cloudkey]

🗣 note: the snmp installation is not presistent meaning by you will need to have the daemon installed after a firmware upgrade.

1. ssh into your cloudkey.

2. execute the following in sequence:

    apt-get update
    apt-get install snmpd
    apt-get install nano
    nano /etc/snmp/snmpd.conf

3. locate line 17 and comment that line out.

4. uncomment line 19.

    #  Listen for connections from the local system only
        #agentAddress  udp:127.0.0.1:161
    #  Listen for connections on all interfaces (both IPv4 *and* IPv6)
        agentAddress udp:161,udp6:[::1]:161

5. look for rocommunity and change the community string to your preference as shown below:

    rocommunity mycloudkey233 10.0.1.1/24

6. restart snmp:

    /etc/init.d/snmpd restart

7. exit your terminal.app.

---

👨🏻‍💻 [if snmp daemon is unable to start]

🗣 note: if you ever encounter snmpd service not being able to start after the re-installation, it is likely an error with the config file. Below shows the example and how the get around it. error message is as shown below:

  root@AMDC-UniFi-CloudKey:~# /etc/init.d/snmpd start
  [....] Starting snmpd (via systemctl): snmpd.serviceJob for snmpd.service failed.
  'systemctl status snmpd.service' and 'journalctl -xn' for details.
  failed!

1. ssh into your controller.

2. locate the following and ensure that it reflects accordingly:

    #  Listen for connections from the local system only
        #agentAddress  udp:127.0.0.1:161 << ENSURE THAT THIS LINE IS COMMENTED OUT
    #  Listen for connections on all interfaces (both IPv4 *and* IPv6) 
        agentAddress udp:161,udp6:[::1]:161

3. save and restart snmpd.

---

👨🏻‍💻 [if snmp is unable to be installed]

if you’re having problems installing snmpd onto your cloudKey after a firmware upgrade, you will need to have the current items removed and reinstalled. The error messages you will receive is as shown below:

    root@AMDC-UniFi-CloudKey:~# apt-get install snmpd
    ...
    ...
    Job for snmpd.service failed. See 'systemctl status snmpd.service' and 'journalctl -xn' for details.
    invoke-rc.d: initscript snmpd, action "start" failed.
    dpkg: error processing package snmpd (--configure):
    ...
    E: Sub-process /usr/bin/dpkg returned an error code (1)

1. follow these steps:

    sudo dpkg --purge snmpd
    sudo apt-get purge snmpd
    sudo apt-get auto remove

2. once done, you can following the guide to have snmpd reinstalled.

---

👨🏻‍💻 [setting up l2tp vpn]

🗣 note: vpn server moved from macOS to the unifi system. prior to setting this up. in my macOS server app, i had the usg-gateway ip added to the domain name of my setup in the dns.

e.g. amdc.media < 10.0.1.10, 10.0.1.1

with this, the usg-gateway can be forwarded to the domain name setup. i am not sure about having this possible on macOS catalina though, you can refer to utilising the dns-enabler in the macOS wiki page.

1. login to your controller’s gui.

2. go to navigate to settings > configuration profiles > radius.

3. edit the default radius settings to enable the assigned vlan.

4. save and close.

5. enable the radius server. navigate to settings > gateway > radius. toggle radius server to on and enter your desired password.

6. create the vpn server. navigate to settings > vpn > vpn servers > create vpn server.

• key in your vpn name.

• enable your vpn service.

• change vpn type to l2tp.

• key in your desired pre-shared key.

• for gateway ip/subnet, have it set to an ip away from your lan. i kept mine to a limit of 6 ips.

• save and exit.

7. create your vpn user account. navigate to settings > gateway > radius. locate user and create a new account.

8. key in your desired username.

9. key in your desired password.

🗣 note: this is your account password and is not your pre-shared key.

10. leave vlanid blank.

11. select tunnel type as l2tp.

12. select ipv4 for the tunnel medium type.

13. save and exit.

14. configure vpn on your client (e.g mobile device) and attempt to connect.

---

👨🏻‍💻 [fixing mongodb on cloudkey]

⚠️ important: the db which cloudkey uses can get corrupted if you have your cloudkey do an improper shutdown of the cloudkey. you will need to ensure that you have your unifi settings, db, etc, backed up. these backup settings can be found within the controller settings. i have mine done daily at 2am. if you have not done so, i suggest you set this up immediately in your unifi controller settings. this has saved me a couple times.

1. ssh to the unifi cloudkey.

2. key in the following command:

    dpkg -P unifi.

3. after this is done, access cloudkey using your browser.

4. press install under unifi.

5. wait and let the service be brought up.

6. recover the configuration backup from the latest backup.

---

👨🏻‍💻 [unifi-poller]

unifi-poller allows you to push your unifi statistics into influxdb and then plotted into grafana. this guide is based on the guide from unifi-poller which originally has its setup done solely on the synology.

⚠️ important: this guide assumes that you have the following pre-requisites put in place.

• docker installed in synology
• unifi system (gateway, switch, access points)
• influxdb
• grafana

setting up the database for influxdb

🗣 note: if you had varken setup, you can create the database within the influxdb container or if you don’t, you can choose to have influxdb installed on your server. to install influxdb on your macOS, just ssh in and execute the following:

  brew install influxdb 

follow step 3 onwards.

1. launch a terminal.app and ssh into your synology.

2. in the terminal window, access your influxdb bash:

    docker exec -it influxdb bash 

3. type the following to gain access to influxdb:

    influx

4. next type these in sequence (hit enter after each line):

    CREATE DATABASE unifi 
    USE unifi
     CREATE USER unifipoller WITH PASSWORD 'yourpassword' WITH ALL PRIVILEGES
    GRANT ALL ON unifi TO unifipoller

setting up a user in your unifi system

1. login to your unifi gui page.

2. go to settings > admins

3. create a new read-only user with a password of your choice.

🗣 note: i kept the password separate from the influxdb password for security reasons but this is entirely up to you. you will need to use this password in the unifi-poller config file later.

don’t define an email and don’t require password to be changed as well.

option 1: setting up unifi-poller container

1. login to your synology gui and access to docker

2. go to registry and then search for unifi-poller and choose the one from golift/unifi-poller:latest

3. once downloaded, launch it and then choose advanced settings

4. proceed to the environment tab and add the following, once done click on apply:

    UP_INFLUXDB_URL = http://influxdb.ip
    UP_UNIFI_DEFAULT_URL = http://controller.ip
    UP_UNIFI_DEFAULT_USER = unifipoller
    UP_UNIFI_DEFAULT_PASS = password of unifipoller
    UP_POLLER_DEBUG = true
    UP_UNIFI_DEFAULT_SAVE_DPI = true
    UP_UNIFI_CONTROLLER_0_SAVE_DPI = true

🗣 note: if you’re using the influxdb docker container, then your url will be http://influxdb:8086, if installed out of synology, it will be http://macos.ip:8086

option 2: setting up a docker-compose.yml

1. if you had varken setup and created the unifipoller db within the influxdb container in docker, you can add the unifi-poller container to the existing docker-compose.yml file.

2. see sample docker-compose.yml file on the formatting and where to place the configuration lines within.

• docker-compose.yml

🗣 note: save it as a .yml file.

3. once done, change your directory to where the docker-compose.yml file is located and execute:

    docker-compose up -d unifi-poller 

setting up grafana

🗣 note: if you had varken setup, you can simply create a new datasource for your influxdb, else you can also install grafana on your macOS server by running the command:

  brew install grafana

default login for grafana on fresh installs are username: admin password: admin

1. login to your grafana gui

2. create a new datasource. when selecting, choose influxdb and key in the following items:

    name: unifi-poller
    url: http://influxdb:8086 

🗣 note: change the influxdb url accordingly. http://influxdb:8086 should only be used if your influxdb is installed as a docker container, else use your macOS ip.

    database: unifi

3. enable basic auth and enter the username password you used when you create the unifi database earlier.

4. click on save and test. if all works well, you will get a datasource correct/saved.

5. on the main page, click on the + sign to import the dashboards:

7. search for the following dashboards and key in the dashboard number to import them (e.g. 10419):

    client dpi: 10419
    site: 10414
    usw: 10417
    usg: 10416
    uap: 10415
    clients: 10418

8. save each dashboard as you import them and you’re done. i had mine placed within a folder for ease of access.

---