Skip to content

Category: Networking

Unifi Access Point SSH upgrade

Published by Robin on July 26, 2019

I was in the process of upgrading a few Unifi Access Point firmware’s and ran in to a problem where the AP’s would not (re)connect to the Unifi Controller when I initiated the firmware update. It was stuck in the update state without actually updating the firmware. The controller showed them as offline/updating.
It was still able to ping it and it was reachable over SSH.

I needed a way to update the firmware using SSH. I looked up the exact firmware download URL on https://www.ui.com/download/. I connected to the specific AP using SSH (Putty) and was able to perform the update manually by running the following command: 

((`which nohup` /usr/bin/syswrapper.sh upgrade http://dl.ui.com/unifi/firmware/U7PG2/4.0.42.10433/BZ.qca956x.v4.0.42.10433.190518.0923.bin >/dev/null 2>/dev/null)&) ; sleep 1

This command took a few minutes to start running and successfully completed the firmware update. I was able to manage them again in the controller with it’s new firmware.

If the AP is on a low firmware level, it may come back with a error that it could not download the firmware because of a certificate error. In that case you can simply change https:// to http://.

Leave a Comment

T-Mobile Thuis fiber with EdgeRouter X SFP (updated)

Published by Robin on July 24, 2018

Update 10-2021: I have updated this post at the end since it is for (some) new customers possible to configure only VLAN300 for both internet and television. So a router with built-in switch is not required.

In my previous post I have shown you my configuration with T-Mobile Thuis fiber with the EdgeRouter Lite. I’ve told you there that I still had a few configuration issues with IPTV. I wasn’t able to create a working scenario without a few (annoying) workarounds.
So to create a better working setup I have chosen to replace the EdgeRoute Lite with the EdgeRouter X SFP. As the name already tells you, this router has an built-in SFP (fiber) port. This router is alo has switching capabilities and PoE (Power over Ethernet) to directly power my Ubiquiti Access Points.

My set-up

I have updated my set-up a bit since my last post. I have added the (two) Ubiquiti AP’s to the PoE ports on the EdgeRouter instead of the managed switch, so I can get rid of the PoE converters. The T-Mobile settopbox is directly attached to the EdgeRouter. I can also chose to attach these to the managed switch, so I can add more settopboxes than two. All my other ethernet devices are attached to the managed switches (like my Tradfri gateway, PS4, SmartTV, HTPC, etc.)
Both switches are configured to deliver VLAN300 (internet) and VLAN640 (IPTV). Between both switches is a trunk configured to transfer both VLAN’s.

The configuration of the EdgeRouter X SFP

Below here is a copy of my configuration with a few details like port mappings, IP assignments and passwords cleared.
In short, i have the following configuration:

  1. Configure ETH5/SFP as the WAN port;
  2. Create an internal switch for seperating traffic to VLAN300 (internet) and VLAN640 (IPTV) and VLAN1 for the internal network;
  3. Configure the PoE ports for the Access Points;
  4. Configure the internal switch and assign the ports on the router for internet, internal network or iptv;
  5. Configure default firewall rules, allow NAT, configure offloading, etc.

Click ‘read more’ to view the configuration details.

Continue readingT-Mobile Thuis fiber with EdgeRouter X SFP (updated)

44 Comments

T-Mobile Thuis Fiber with EdgeRouter Lite

Published by Robin on October 12, 2017

Update 10-2021: I have updated this post at the end since it is for (some) new customers possible to configure only VLAN300 for both internet and television. So a router with built-in switch is not required.

The amount of configuration information on T-Mobile Thuis fiber connections with EdgeRouter equiptment is a bit scarce. The configuration looks a lot like the KPN Fiber and Vodafone configuration, but is slightly different.

I have chosen to use a fiber to ethernet converter, the TP-Link MC220L. But I think that I will buy the new EdgeRouter 4 when it comes to the Netherlands. Which is roughly the EdgeRouter X with fiber port and the EdgeRouter Lite combined. But for now, this configuration is based on the EdgeRouter Lite 3.

T-Mobile and their VLAN’s

At first, we need to know that T-Mobile seperates the internet and IPTV connection using VLAN’s. VLAN300 is used for the internet traffic and VLAN640 is used for the IPTV traffic. T-Mobile seperates this traffic in their own router. We will have to do the same in our configuration. Later on, we will devide our connection using a bridge in to two seperate VLAN’s. These VLAN’s will be made available in the switches.

My set-up

My set-up is fairly basic. In the diagram below, I have drawn out my setup. Let me talk you through it; The fiber connection comes in at the fiber converter and is attached to the ETH0 interface of the EdgeRouter-Lite (ER-L). The LAN connection is on ETH1 and is connected to anĀ managed ethernet switch. The ETH2 is (in my case) directly attached to the IPTV box.
The switch has (multiple) Ubiquiti UniFi access points attached, a few wired devices (laptop, Ikea Tradfri gateway, a computer) and a (trunk) connection to another managed switch in the living room for my Playstation, TV and HTPC.

The configuration of the EdgeRouter Lite

Below here is a copy of my configuration, with a few details cleared. These are port mappings, static IP assignments and passwords. What this configuration does is the following:

  1. Create ETH0 for the WAN connection, with DHCP enabled so it receives it’s (external) IP from T-Mobile
  2. Split ETH0 in to ETH0.300 for the VLAN300 and ETH0.640 for the VLAN640 traffic (internet and iptv)
  3. Creathe ETH1 with local IP adresses in the 192.168.0.0/24 range. ETH1 has VLAN300 attached for the internet traffic.
  4. Creathe ETH2 without an IP adres (T-Mobile will handle that itself) with VLAN640 attached for IPTV.
  5. Create a few default firewall rules to block harmful traffic.
  6. Allow NAT for VLAN300 for the internet traffic
  7. Enable an IGMP proxy for IPTV
Continue readingT-Mobile Thuis Fiber with EdgeRouter Lite
16 Comments