I have been troubleshooting a really peculiar problem with my Unifi Setup that perplexed me for several days. Since I use HDMI over IP to stream my cable box to several TVs around the house over cat5, I wanted to isolate the video on its own VLAN. I use Mirabox extenders, and as I was working on my article about putting my video on its own VLAN, I found out that UniFi has a big problem with that.
The HDMI extenders use multicast to broadcast their signal to the receivers, and when the signal is running through the UniFi Switches, DHCP is completely swamped. This is a known problem:
https://www.reddit.com/r/Ubiquiti/comments/9fpxhc/anyone_used_ubiquiti_switches_with_a_bunch_of/
https://community.ubnt.com/t5/UniFi-Routing-Switching/IGMP-Snooping/td-p/1349848/page/3
So basically HDMI extenders use multicast, which flood the switch regardless of what VLAN they are tagged to (as of September of 2018). I plugged my TVs into a Netgear GS105 and it’s working fine. Hopefully Ubiquiti builds the IGMPv3 full support feature that was requested in 2016. Ironically, I just sold my old D-Link switch that did this for $15. Sigh. Still love the UniFi, though.
Upgrades
As I was doing this, I realized that my device firmware was out of date, and I tried to figure out how to address that. I could not figure out how to upgrade it from the controller.
A little Googling showed me that the controller knows which firmware version it can support, and in my case, I was running the controller version 5.8.24, and it supports device firmware up to 3.9.42.9152.
Then I tried to upgrade. If you recall my earlier post, I installed my controller on a CentOS server using semi-supported controller rpms. For whatever reason, the maintainer has not created RPMs for the 5.9.29 controller, so no upgrades at all for me.
So installing on CentOS was a mistake.
Moving to Ubuntu
Since Debian packages are the native format for the UniFi controller software, I switched to my Ubuntu rig that formerly was my crypto miner.
Prep
First, I downloaded the configuration from my CentOS controller from Settings -> Maintenance. When it says ‘The Backup File should begin downloading Shortly’, it meant it. It took a few minutes.
Then I followed the instructions from Ubiquiti, which worked perfectly, and then started my controller. The first setup screen allows you to restore from a backup, and I picked my backup file, and it restored my controller perfectly. Very simple. Then I was able to upgrade all my devices and APs.
One AP would not re-adopt, and so I had to Google that, too. I was able to factory reset then ssh into the AP with ‘ubnt/ubnt’ and run the command:
syswrapper.sh restore-default
and then I was able to re-adopt using the UI and ‘ubnt/ubnt’ as the ap username/password.
Fixing my Certificate setup
Finally I needed to switch my LetsEncrypt certificate setup. It involved making a few minor changes to the prior set of steps:
adding the user in Ubuntu is:
adduser pfSenseCertCopier --force-badname
I didn’t know how to remove the password initially, so I had to clear it with:
passwd -d pfSenseCertCopier
UniFi installs in a different place, and services are managed differently, so the visudo entry ought to be:
pfSenseCertCopier ALL=(root) NOPASSWD:/usr/bin/keytool, /usr/sbin/service
and the contents of installUnifiCertificate.sh ought to be:
#!/bin/bash sudo keytool -delete -alias unifi -keystore /var/lib/unifi/keystore -storepass aircontrolenterprise > /dev/null 2>&1 sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore ~/unifi.p12 -srcstoretype PKCS12 -alias unifi -srcstorepass test1234 > /dev/null 2>&1 sudo service unifi restart> /dev/null 2>&1 echo 'Success'
And, of course, pointing the scripts on the server to the correct host.
Done
And that takes care of it. If you happen to find this, I’d recommend that you not install the controller on CentOS, and to pester Ubiquiti for full IGMPv3 support.
What I’m listening to as I do this:
D-Nice’s ‘Call Me D-Nice‘. I heard the title track a bit ago on a Pandora station, then I heard it again on SiriusXM’s Rock the Bells station on their ‘Salute the Sample’ bit, where they said that the backing track was from a song called ‘Buzzsaw’ by the Turtles. I always enjoy hearing the source music from the samples of early hip-hop, since the ability to see new music in the original hooks is crazy to me.