Today I needed to deploy a Unifi Security Gateway (USG) into my existing network, which runs on several Unifi switches and APs. We use a router IP of 10.0.1.1 and require several DHCP Reservations. I’d put off upgrading to a USG due to limited configuration options for the DHCP server, but it turns out that reservations are totally possible.
Swapping Old Router for a USG
A UBNT employee recently posted this guide, so I thought I’d only need 5 minutes to deploy the USG. It ended up taking 3 hours due to some minor, but critical omissions in the guide which resulted in
Adoption Failed. Those omissions are highlighted in red in the steps below.
As the UBNT article provides no way to leave a public comment, here’s the process I followed that led to success. Please keep in mind this post is written from memory, so please comment if I’ve goofed up. I suspect the UBNT article was written in the same manner.
1) Configure the LAN Network in UniFi Controller
The UBNT Guide is correct. Begin by setting
Gateway/Submnet to 10.0.1.1/24 (or desired IP) in the UniFi Controller, then click Save.
2) Change the USG’s LAN IP
- Connect a PC’s Ethernet port directly to the USG’s LAN1 port and power up the USG.
- After the USG boots, indicated by a solid white light, SSH into 192.168.1.1 with username and password ubnt/ubnt.
- Execute the commands below, replacing 10.0.1.1 with the desired router IP you assigned in the UniFi Controller:
set interfaces ethernet eth1 address 10.0.1.1/24
delete interfaces ethernet eth1 address 192.168.1.1/24
The SSH session will lose connectivity at this point, but do not power off the USG! I’d incorrectly assumed that committing would save changes in non-volatile memory. This blog post was a great help. As soon as I unplugged the USG and walked into the patch closet to plug into our main switch, the LAN IP change was lost.
- Unplug the old router from the network and connect the USG’s LAN1 port to your main switch. The USG will fail to adopt if the old router is still connected.
- If you do not need to make DHCP Reservations, move along to the next step.
DHCP Reservations: As of December 2017, DHCP Reservations in the UniFi Controller are still an active feature request. Controller v5.5.x supports “fixed IP”, but a USG is a prerequisite, and a fixed IP can only be assigned to a client who has already connected to the network.My UniFi Controller recognized the USG and enabled “fixed IP” selection before the USG had been adopted (perhaps due to the
Adoption Failedstatus?). Before I adopted the USG, and with my old router disconnected, I manually selected
Use a fixed IP addressand clicked Save for all clients with existing DHCP reservations on the old router:
- Adopt the USG in the controller.
Connection Typeunder the USG’s WAN settings in the Controller, then connect your modem to the USG’s WAN1 port and click Queue Changes.
- Do not unplug USG after making command line changes via SSH.
- Do unplug old router before connecting USG LAN1 to network.
- Defining DCHP Reservations is possible when migrating from an old router to a USG. Simply click
Use Fixed IPon each client immediately before adoption.