Install etherwake with
apt install etherwake -y
After it is installed, run etherwake with the target mac address.
etherwake AA:BB:CC:00:11:22
How To send Wake on LAN (WoL) packets to Device from Ubiquiti UDM/CloudKey
Reply
Category Archives: Ubiquiti
Running tcpdump on Ubiquiti Airmax Equipment
Ubiquiti Airmax gear has tcpdump included. We can easily use it to capture packets to a file and then use SCP from the device to copy the file for analysis.
SSH to the device
ssh ubnt@192.168.1.20 cd /tmp/
Start tcpdump with the following command. Change ath0 and file.cap to the appropriate interface and file name.
tcpdump -i ath0 -w file.cap
After we are done collecting, we can quit with ctrl + c
Now we can use scp or sftp to copy the files off. There is an issue using scp or sftp from a normal Linux machine to the radio, fails with a “sh: /usr/libexec/sftp-server: not found”. It works fine if you initiate scp from the radio.
scp /tmp/file.cap username@remoteip:~/
Find UniFi Network Cloud Inform URL
What is the format for the UniFi Network Cloud inform URL?
The format for the UniFi inform URL should be similar to the following
a38927b1-23aa-e95d-94b4-8394abce9302.unifi-hosting.ui.comNow Where is the UniFi Cloud Inform Link?
The inform URL is supposed to be on the cloud console page. However, it appears that it doesn’t show the link if you are not Owner.
Web Development Tools to the rescue!
On the UniFi console page, click on “About this Console”
Open up the Web Tools, Click on the Network tab, make sure that you have the Domain column enabled.
Refresh the page.
Look for the Domain that matches the UniFi Cloud URL format.
Example: a38927b1-23aa-e95d-94b4-8394abce9302.unifi-hosting.ui.com
You can confirm this is the correct URL by browsing to it directly. It should redirect to your cloud instance.
Extra tip: If you are migrating from a UniFi Console (CloudKey, UDM, DreamMachine) to UniFi Cloud, you can restore a backup of your CloudKey (Or other console) and then use the Host Inform Override option (from CloudKey) to tell all the devices on the network to connect to the cloud instance. May need to reboot or force provision.
Change VLAN ID Ubiquiti Radio from SSH
First we’ll need to ssh into the device
ssh ubnt@192.168.1.20
Next lets open up the config file
vi /tmp/system.cfg
Now search for vlan and replace the vlan id with the appropriate number
In VI you can search by hitting / and then type in vlan
After you have changed all the vlan ids, save the file with esc, wq, enter.
Now we can save the config with
cfgmtd -f /tmp/system.cfg -w && reboot
OIDs for UI / Ubiquiti Solar Charge Controller
Here is a list of OIDs for Ubiquiti’s solar charge controller. You can download the
Top interesting ones are
- Battery Voltage 1.3.6.1.4.1.41112.1.11.1.1.2
- Panel Voltage 1.3.6.1.4.1.41112.1.11.1.2.2
snmptranslate -Pu -Tz -m ./UBNT-MIB:./UBNT-SUNMAX-MIB "org" "1.3" "dod" "1.3.6" "internet" "1.3.6.1" "directory" "1.3.6.1.1" "mgmt" "1.3.6.1.2" "mib-2" "1.3.6.1.2.1" "transmission" "1.3.6.1.2.1.10" "experimental" "1.3.6.1.3" "private" "1.3.6.1.4" "enterprises" "1.3.6.1.4.1" "ubnt" "1.3.6.1.4.1.41112" "ubntMIB" "1.3.6.1.4.1.41112.1" "ubntORTable" "1.3.6.1.4.1.41112.1.1" "ubntOREntry" "1.3.6.1.4.1.41112.1.1.1" "ubntORIndex" "1.3.6.1.4.1.41112.1.1.1.1" "ubntORID" "1.3.6.1.4.1.41112.1.1.1.2" "ubntORDescr" "1.3.6.1.4.1.41112.1.1.1.3" "ubntSnmpInfo" "1.3.6.1.4.1.41112.1.2" "ubntSnmpGroups" "1.3.6.1.4.1.41112.1.2.1" "ubntORInfoGroup" "1.3.6.1.4.1.41112.1.2.1.1" "ubntORCompliance" "1.3.6.1.4.1.41112.1.2.1.2" "ubntAirosGroups" "1.3.6.1.4.1.41112.1.2.2" "ubntAirFiberGroups" "1.3.6.1.4.1.41112.1.2.3" "ubntEdgeMaxGroups" "1.3.6.1.4.1.41112.1.2.4" "ubntUniFiGroups" "1.3.6.1.4.1.41112.1.2.5" "ubntAirVisionGroups" "1.3.6.1.4.1.41112.1.2.6" "ubntMFiGroups" "1.3.6.1.4.1.41112.1.2.7" "ubntUniTelGroups" "1.3.6.1.4.1.41112.1.2.8" "ubntAFLTUGroups" "1.3.6.1.4.1.41112.1.2.9" "ubntSunMaxGroups" "1.3.6.1.4.1.41112.1.2.10" "sunMaxCompliances" "1.3.6.1.4.1.41112.1.2.10.1" "sunMaxGroups" "1.3.6.1.4.1.41112.1.2.10.2" "ubntAirFIBER" "1.3.6.1.4.1.41112.1.3" "ubntEdgeMax" "1.3.6.1.4.1.41112.1.5" "ubntUniFi" "1.3.6.1.4.1.41112.1.6" "ubntAirVision" "1.3.6.1.4.1.41112.1.7" "ubntMFi" "1.3.6.1.4.1.41112.1.8" "ubntUniTel" "1.3.6.1.4.1.41112.1.9" "ubntAFLTU" "1.3.6.1.4.1.41112.1.10" "ubntSunMax" "1.3.6.1.4.1.41112.1.11" "sunMaxMIB" "1.3.6.1.4.1.41112.1.11.1" "sunMaxBatteryStats" "1.3.6.1.4.1.41112.1.11.1.1" "sunMaxBatCurrent" "1.3.6.1.4.1.41112.1.11.1.1.1" "sunMaxBatVoltage" "1.3.6.1.4.1.41112.1.11.1.1.2" "sunMaxBatPower" "1.3.6.1.4.1.41112.1.11.1.1.3" "sunMaxBatTemp" "1.3.6.1.4.1.41112.1.11.1.1.4" "sunMaxPvPanelStats" "1.3.6.1.4.1.41112.1.11.1.2" "sunMaxPVCurrent" "1.3.6.1.4.1.41112.1.11.1.2.1" "sunMaxPVVoltage" "1.3.6.1.4.1.41112.1.11.1.2.2" "sunMaxPVPower" "1.3.6.1.4.1.41112.1.11.1.2.3" "sunMaxOutPutStats" "1.3.6.1.4.1.41112.1.11.1.3" "sunMaxOutCurrent" "1.3.6.1.4.1.41112.1.11.1.3.1" "sunMaxOutVoltage" "1.3.6.1.4.1.41112.1.11.1.3.2" "sunMaxOutPower" "1.3.6.1.4.1.41112.1.11.1.3.3" "security" "1.3.6.1.5" "snmpV2" "1.3.6.1.6" "snmpDomains" "1.3.6.1.6.1" "snmpProxys" "1.3.6.1.6.2" "snmpModules" "1.3.6.1.6.3" "zeroDotZero" "0.0"
Get battery voltage
We can get the battery voltage from the controller with the following SNMP walk command. Change the community “ubnt” to your SNMP community.
snmpwalk -c ubnt -v2c 10.96.1.9 1.3.6.1.4.1.41112.1.11.1.1.2
Return value is
SNMPv2-SMI::enterprises.41112.1.11.1.1.2.0 = INTEGER: 24990
You may need to add a zero if you are trying to add the OID in LibreNMS for a custom OID.
Restart UniFi services on UDM
Mark manages the Ubiquiti UniFi applications at Incredigeek Inc. and is unable to access the UniFi controller. It starts loading and then stops. The URL bar shows that it is trying to load a null network site.
Thankfully the WiFi is still working, Mark thinks to himself, but how am I supposed to manage the network? I am able to access the UniFi Core application, so maybe I can login using a secure shell and check on the application.
ssh root@192.168.1.1
Once logged in, and after using the google, he finds that unifi-os restart will restart the UniFi applications. But I just need to restart the Network application. Running “unifi-os” –help reveals the following options.
# unifi-os --help Usage: /usr/sbin/unifi-os [stop start restart shell 'update url']
Oh shell!
unifi-os shell
Alternatively, we know that on the UDM’s the UniFi Applications are run inside a Docker container. We could run “docker ps” to show the containers and then “docker exec -it unifi-os bash”
Now we can restart just the UniFi Network application.
systemctl restart unifi
It can take a little bit to restart.
UDM Pro Error Changing WAN IP Addresses
There appears to be a bug on the UDM Pro that you can encounter while trying to update your WAN IP addresses. The error was similar to “Can’t change IP Address “PublicIP” used in Default Network”
It appears that the issue stems from the Internet Source IP being used in the LAN Network settings.
The way to work around this is to disable the Internet Source IP. However, this is greyed out which keeps us from making any changes. We can however use the Chrome Developer tools to get around this restriction.
- Enable the Legacy Interface. UniFi Network Settings -> System -> Legacy Interface
- Go to Settings -> Networks -> Edit (Select Default Network)
- Open up the Dev tools with Ctrl + Shift + i and select Console
- Paste the following in and hit enter
$$('[disabled]').forEach( a => a.disabled=false )
- Find “Internet Source IP”, Disable and Save!
Swap back to the new user interface and go change the WAN IP address.
Disable Wireless Security (WPA2) Preshared Key on Ubiquiti AC
Update: Found this handy dandy FAQs link https://help.ui.com/hc/en-us/articles/115009192828
Included in the FAQ is a section on “How to Disable Wireless Security on airMAX AC Devices?”
The default security configuration for AC devices since firmware version 8.5.11 was changed to WPA2 AES with a pre-shared key 0000:0000.
Ubiquiti Default AC device WPA2 Preshared key
On Ubiquiti AC radios, you can not disable WPA 2 security through the web interface. This is not necessarily bad, however, what happens if you have a client that is reset and will only connect to the default ubnt SSID?
Fortunately there is a way to disable the WPA2 Preshared key.
- Log into the device over ssh.
- Run the following command to disable WPA2 in the config
sed -i s/aaa.1.wpa.mode=2/aaa.1.wpa.mode=0/g /tmp/system.cfg - Save the config file with
/usr/etc/rc.d/rc.softrestart save - Login to the client device and configure the SSID.
After you are done, you can click the enable button to re-enable Wireless Security.
Note: aaa.1.wpa.mode=2 doesn’t appear to be on all devices. If not, change “wpasupplicant.status=enabled” to “wpasupplicant.status=disabled”
Auto Reboot Ubiquiti Devices with ubntmod.sh
Most of the heavy lifting is done by the ubntmod.sh script. All you need is the IP addresses for the access points. The script will figure out the connected devices, reboot them first, then reboot the AP.
Here is a quick run down of the steps we need to perform.
- Create list of AP’s and put them into an ap.lst file
- Install ubntmod.sh script
- Configure usernames and passwords to use with ubntmod.sh
- Setup crontab to automatically run
Create list of AP’s and put them into an ap.lst file
This is really as simple as creating the ap.lst file and filling it with the access point IP addresses. One per line. The script uses wstalist to discover connected devices.
nano ap.lst
Install ubntmod.sh script
Installing the script is really hard. 2 lines to get setup.
wget http://incredigeek.com/home/downloads/ubntmod/ubntmod.sh
chmod +x ./ubntmod.sh
More information can be found here.
https://www.incredigeek.com/home/ubntmod/
Setup usernames and passwords to use with ubntmod.shd
When you first run ubntmod.sh without the -y option, it should prompt you to setup usernames and passwords to use. After this is setup, the script automatically reads from the config file for future use.
You can manually modify the ubntmod.conf file update any usernames or passwords.
Example contents of ubntmod.conf file.
unpw=( "ubnt,ubnt" "ubnt,password" "admin,password" )
Setup crontab to automatically run
Open up crontab with
crontab -e
Configure the time. Refer to here for crontab date syntax
10 1 * * * cd /home/bob/ && ./ubntmod.sh -A
That’s it. Should be good to go.
Troubleshooting SSH “No Matching Key Exchange/Host Key Method/Type Found” errors
It can be common for older devices to throw errors like the following when trying to ssh into them.
Unable to negotiate with 192.168.1.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
or
Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer: ssh-rsa
There can also be a No Matching Cipher Found error. We have talked about that in the past.
The issue is that your version of SSH does not support those older, and most likely insecure, Key Exchange and Host Key algorithms types. The errors do give us enough info to add the right options to connect to the device.
No Matching Key Exchange Method Found
For the “no matching key exchange method found.” we need to manually add the KexAlgorithms option. KexAlgorithms means Key Exchange Algorithm.
ssh -o KexAlgorithms=+diffie-hellman-group14-sha1 username@192.168.1.1
Change out “diffie-hellman-group14-sha1” for a supported Key Exchange algorithm.
No Matching Host Key Type Found
This issue is with the Host Key algorithm type. We’ll use the -o option with the HostKeyAlgorithms option.
ssh -o HostKeyAlgorithms=+ssh-rsa admin@192.168.1.1
Change our ssh-rsa with a supported “Their offer:” Host Key.
Putting it all together
You can combine the options if needed.
ssh -o KexAlgorithms=+diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-rsa admin@192.168.1.1
We have covered some of these topics before. Be sure to check them out.
no matching cipher found. Their offer: aes128-cbc,3des-cbc…
no matching key exchange method found. Their offer: diffie-hellman-group1-sha1