https://wiki.mikrotik.com/wiki/Manual:Interface/VLAN
VLAN successfully passes through regular Ethernet bridges
https://wiki.mikrotik.com/wiki/Manual:Basic_VLAN_switching
https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration
DHCP offering lease without success issue with Mikrotik on the far side of Ubiquiti device.
Make sure that radio does not have the VLAN configured on just the WAN interface. Easiest way would be to put it in bridge mode and use the management VLAN.
When trying to SSH to older devices like a Ubiquiti Bullet2, you may receive an error saying
no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc,blowfish-cbc
The work around is to manually specify the cipher with the “-c” option. You will also probably need to specify the KexAlgorithm “Key Exchange Algorithm”
ssh -c aes128-cbc -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@192.168.1.20
You can see what ciphers SSH supports by running “ssh -Q cipher”
Example output
ssh -Q cipher 3des-cbc aes128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com chacha20-poly1305@openssh.com
More information
https://www.openssh.com/legacy.html
The following commands can be run from a ssh session to your UNMS instance.
sudo ~unms/app/unms-cli set-superadmin
Should get something like the following
UNMS Users
┌─────────┬───────────┬───────────────────────────┬──────────────┬────────────┐
│ (index) │ username │ email │ role │ two-factor │
├─────────┼───────────┼───────────────────────────┼──────────────┼────────────┤
│ 0 │ 'larry' │ 'larry@incredigeek.com' │ 'admin' │ false │
│ 1 │ 'bob' │ 'bob@incredigeek.com' │ 'admin' │ false │
└─────────┴───────────┴───────────────────────────┴──────────────┴────────────┘To change a user to a Super Admin, add “–username username” to the above command.
Example:
sudo ~unms/app/unms-cli set-superadmin --username bob
UNMS Users
┌─────────┬───────────┬───────────────────────────┬──────────────┬────────────┐
│ (index) │ username │ email │ role │ two-factor │
├─────────┼───────────┼───────────────────────────┼──────────────┼────────────┤
│ 0 │ 'larry' │ 'larry@incredigeek.com' │ 'admin' │ false │
│ 1 │ 'bob' │ 'bob@incredigeek.com' │ 'superadmin' │ false │
└─────────┴───────────┴───────────────────────────┴──────────────┴────────────┘Note that there does not appear to be a way to
Edit the “/tmp/system.cfg”
Change the line that contains “dhcpc.status=disabled” to
dhcpc.status=enabled
add the following lines
dhcpc.1.devname=br0 dhcpc.1.fallback=192.168.1.20 dhcpc.1.fallback_netmask=255.255.255.0 dhcpc.1.status=enabled
Save and exit and save changes
/usr/etc/rc.d/rc.softrestart save
Log into the GUI and verify everything looks correct. Under the network tab it was still showing that it had a static address, although it pulled a DHCP IP.
SSH into CPE
ssh ubnt@192.168.1.20
open up the “/tmp/system.cfg” file
vi /tmp/system.cfg
Find the “radio.1.chanbw=” line and change to the following
radio.1.chanbw=10
Note: it may say “radio.1.chanbw=0” that looks to be the default and works for 20mhz
exit file with
esc + :wq + Return or Enter
Save settings with
/usr/etc/rc.d/rc.softrestart save
Change AP to 10Mhz and the CPE should reconnect.
AirOS uses udhcpc for the DHCP client on Ubiquiti Radios. To renew the DHCP address you can kill the udhcpc process and it’ll automatically restart and get a new address.
Renew DHCP lease
Kill udhcpc with the following command.
killall udhcpc
Other info
Print info about the DHCP lease. May need to change “info.br1” to “info.eth0” or some other interface.
cat /etc/udhcpc/info.eth0
Example output.
XW.v6.2.0# cat /etc/udhcpc/info.br1 u_interface="br1" u_broadcast="" u_subnet="255.255.255.0" u_ip="10.93.0.10" u_router="10.93.0.1" u_dns="8.8.8.8 1.1.1.1" u_hostname="" u_serverid="10.93.0.1" u_domain="" u_leasetime=600 u_timestamp="1143249941" u_started=1142593 u_pid=936 XW.v6.2.0#
Command arguments that udhcp is run with. Info was collected by running the “ps | grep udhcp” command. Note that the interface “eth0” can be different if the device is in bridge mode.
/sbin/udhcpc -f -i eth0 -s /etc/udhcpc/udhcpc -p /var/run/udhcpc.eth0.pid -h device_name
udhcpc help output
XW.v6.2.0# udhcpc --help
BusyBox v1.24.2 (2019-07-03 11:13:35 EEST) multi-call binary.
Usage: udhcpc [-fbqvRB] [-t N] [-T SEC] [-A SEC/-n]
[-i IFACE] [-s PROG] [-p PIDFILE]
[-oC] [-r IP] [-V VENDOR] [-F NAME] [-x OPT:VAL]... [-O OPT]...
-i,--interface IFACE Interface to use (default eth0)
-s,--script PROG Run PROG at DHCP events (default /usr/share/udhcpc/default.script)
-p,--pidfile FILE Create pidfile
-B,--broadcast Request broadcast replies
-t,--retries N Send up to N discover packets (default 3)
-T,--timeout SEC Pause between packets (default 3)
-A,--tryagain SEC Wait if lease is not obtained (default 20)
-n,--now Exit if lease is not obtained
-q,--quit Exit after obtaining lease
-R,--release Release IP on exit
-f,--foreground Run in foreground
-b,--background Background if lease is not obtained
-S,--syslog Log to syslog too
-r,--request IP Request this IP address
-o,--no-default-options Don't request any options (unless -O is given)
-O,--request-option OPT Request option OPT from server (cumulative)
-x OPT:VAL Include option OPT in sent packets (cumulative)
Examples of string, numeric, and hex byte opts:
-x hostname:bbox - option 12
-x lease:3600 - option 51 (lease time)
-x 0x3d:0100BEEFC0FFEE - option 61 (client id)
-F,--fqdn NAME Ask server to update DNS mapping for NAME
-V,--vendorclass VENDOR Vendor identifier (default 'udhcp VERSION')
-C,--clientid-none Don't send MAC as client identifier
-v Verbose
Signals:
USR1 Renew lease
USR2 Release lease
XW.v6.2.0#
Note that you can also send a signal to the PID of udhcpc and have it renew the address. To do that use the following command, replacing pidofudhcpc to pid of udhcp.
kill -s USR1 pidofudhcpc
or use the following command to find the pid for you.
kill -s SIGUSR1 $(pgrep udhcpc)
Gain access to radio via ssh
ssh ubnt@192.168.1.20
open up the /tmp/system.cfg
vi /tmp/system.cfg
Delete the following line. To move the cursor to the following line and type “dd” and vi will delete the whole line.
dhcpc.status=disabled
Add the following 5 lines. Hit “i” to enter vi insert mode.
br0 should be correct interface in most scenarios.
dhcpc.1.devname=br0
dhcpc.1.fallback=192.168.1.20
dhcpc.1.fallback_netmask=255.255.255.0
dhcpc.1.status=enabled
dhcpc.status=enabled
Save the file by hitting esc and then “:wq” followed by Return/Enter
Save the config changes and reboot the radio so it pulls an address.
/usr/etc/rc.d/rc.softrestart save && reboot
Initial setup from command line
initial-setup
show interfaces
ubnt@ubnt:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
br0 10.2.2.1/24 u/u Local Bridge
br0.73 - u/u
br0.75 - u/u
eth0 192.168.99.1/24 u/u Internet
eth1 - u/u Local Bridge
eth2 - u/D Local Bridge
eth3 - u/u eth3-pc1
eth4 - u/u eth4-printer
eth5 - u/u eth5-pc3
eth6 - u/u eth6-rotuer
eth7 - u/u eth7-extra
lo 127.0.0.1/8 u/u
::1/128
ubnt@ubnt:~$
Double tab in session to show more commands
wsubnt@ubnt:~$ Possible completions: add Add an object to a service clear Clear system information configure Enter configure mode connect Establish a connection copy Copy data debug Enable debugging of specified routing protocol delete Delete a file disconnect Take down a connection generate Generate an object initial-setup Enter initial configuration dialog no Disable or reset operational variable ping Send Internet Control Message Protocol (ICMP) echo request ping6 Send IPv6 Internet Control Message Protocol (ICMP) echo request reboot Reboot the system release Release specified variable rename Re-name something. renew Renew specified variable reset Reset a service restart Restart a service set Set system or shell options show Show system information ubnt@ubnt:~$ ws
Scenario: Remote device in a PTP configuration has been reset to factory defaults and is not connected.
Objective: Reconnect remote device and reconfigure using backup file
We’ll refer to Radio A as the radio you initially have access to
Radio B will be the remote radio that was reset.
Reinitiate temporary wireless connection
We know that the default Ubiquiti Wireless settings are
SSID=ubnt
Channel Width=20Mhz
Security=None
To reconnect the device wirelessly we can setup the Radio A as an AP with the above wireless settings.
Setup temporary network connection
Radio B should now connect wirelessly, but is going to be on a static 192.168.1.20 address. There are a handful of ways to overcome this.
Configure remote device via SSH
Open up your backup file with a text editor and copy the whole config
Once access is gained to Radio B, open up the /tmp/system.cfg file, delete all the contents and paste in the contents of the backup configuration.
Save file and write changes to radio with
/usr/etc/rc.d/rc.softrestart save
Final steps
The device should now apply the backup settings and disconnect again as it should now have the proper SSID and settings.
Restore Radio A’s settings and verify that both sides reconnect.
SSH into radio
ssh ubnt@192.168.1.20
Put the following two lines into the /tmp/system.cfg file. Doesn’t matter where
unms.uri=REPLACE-WITH-UNMS-KEY unms.status=enabled
Apply changes with
/usr/etc/rc.d/rc.softrestart save
Go accept device in UNMS.