UniFi - USG: How to Adopt a USG into an Existing Network


Overview


This article describes how to adopt a UniFi Security Gateway (USG) into an existing network, and replacing an already functioning router. For first time setup where an existing router is not being replaced, please use the USG's Quick Start Guide (QSG), followed by the UniFi User Guide. Find each model's QSG in their product page when navigating from here.

NOTES & REQUIREMENTS: This article applies to the all USG models: UniFi Security GatewayUniFi Security Gateway Pro or UniFi Security Gateway XG.

Table of Contents


  1. Introduction
  2. Plan the Deployment
  3. Upgrading Firmware Before Adoption
  4. Configure the LAN Network
  5. Change the USG LAN IP Before Adoption
  6. Adopt the USG and Configure the WAN
  7. Related Articles

Introduction


Back to Top

With gateway devices having a static LAN IP, the process of adopting a USG can differ from that of a UniFi Access Point (UAP) and a UniFi Switch (USW) in that it may require some initial IP configuration prior to adoption. This article will guide users through the process.


Plan the Deployment


Back to Top

When deploying into an existing network, the USG will replace the current router or firewall device. The USG's WAN will plug into the Internet connection and its LAN into the switch for the internal network.

IMPORTANT: When replacing a current router, the USG will substitute it and take over its IPs, so to prevent issues during the process, remove the old router before attempting to adopt. 

If an Internet Service Provider's (ISP) modem is currently acting as the router, there are additional considerations in the modem’s configuration. It is usually best to put the modem into bridge or passthrough mode, so the USG’s WAN obtains the public IP, and the modem’s involvement is limited to bridging. See the modem’s and ISP’s documentation for instructions and options, as these can vary widely. The current router’s LAN subnet and IP will need to change, as it will no longer be connected directly into the LAN network. 


Upgrading Firmware Before Adoption


Back to Top

To upgrade the firmware before adoption an SSH client is required. The USG will need internet access to complete the upgrade process.

1. Open your SSH client and open up a session to 192.168.1.1.

2. Log in with the default username and password of "ubnt".

3. Use the following command:

upgrade LINK_TO_FIRMWARE_HERE
NOTE: USG Downloads Page by Model

To find the firmware link, navigate to the downloads page. From here, select download button shown below. 

Ubiquiti_Networks_-_Downloads.png

Accept the terms if you wish to proceed. Then select Copy URL. This URL will be used in step 3 above.

After entering the upgrade command the USG will reboot with the newest firmware image. If the USG has not been adopted it will still be in a default state.


Configure the LAN Network


Back to Top

To configure the IP and other LAN parameters that will be deployed to the USG once adopted, launch the UniFi Controller. Once there:

  1. Go to Settings > Networks
  2. Find the network you wish to edit, and click on Edit, under Actions on the far right of the LAN table.
  3. Set the IP and DHCP parameters as desired, and click Save.
  4. Now the configuration is ready to deploy to the USG. It may be adopted now.

Change the USG LAN IP Before Adoption


Back to Top

If the controller is on a subnet other than the USG’s default 192.168.1.0/24, it is necessary to change the USG’s LAN IP so the controller and USG can communicate. To do so, follow these steps (for USG version 4.3.60 and newer):

  1. Go to https://192.168.1.1 on your browser.
  2. It will prompt you to enter your username and password. Use your UniFi Controller credentials.
  3. Go to the Configuration section and edit the LAN IP and DHCP server parameters as necessary.
If the USG is using an older version prior to 4.3.60 or if for some reason performing this configuration via CLI is preferred, click here to see the CLI steps. It is recommended to always upgrade to the newest firmware available to avoid security issues.

1. Connect a computer to the LAN NIC (LAN port) of the USG. It will obtain a 192.168.1.x IP from DHCP.

2. SSH into 192.168.1.1 using username and password combination of ubnt / ubntSee this article for more on default username and password and this article if you need guidance with SSH.

3. For this example, the controller is on 10.0.0.50/24, so let's change the USG’s LAN IP to 10.0.0.1. Choose an available IP within the subnet of the local controller.

4. In the SSH session, run the following:

For USG:

configure
set interfaces ethernet eth1 address 10.0.0.1/24
delete interfaces ethernet eth1 address 192.168.1.1/24
commit

For USG Pro:

configure
set interfaces ethernet eth0 address 10.0.0.1/24
delete interfaces ethernet eth0 address 192.168.1.1/24
commit

Now the USG’s LAN IP is 10.0.0.1/24. The SSH session will drop.  

NOTE: On the USG Pro, if the controller is in the 192.168.2.0/24 subnet, it is necessary to delete the eth2 address 192.168.2.1/24 before committing the changes.

5. Plug the USG’s LAN into the network with the controller at 10.0.0.50

6. Go to the UniFi Controller and adopt it. Note: Before adopting, make sure you changed the LAN network in the Controller Settings as described above, so it doesn’t revert back to the default controller configuration of 192.168.1.1/24.


Adopt the USG and Configure the WAN


Back to Top

To adopt the USG, navigate to the Devices section using the side menu on the left.

  1. Find the USG and click the Adopt button. The controller will provision the configuration as currently defined in the controller and reboot. While it’s doing that, configure your WAN interface specifics.
  2. Navigate to Settings > Network > WAN and edit the network. In the Connection Type drop-down, pick the appropriate type for your Internet connection. Refer to information provided by your ISP to obtain this information. If using a static IP WAN, make sure to also define two DNS servers here. This is optional for DHCP and PPPoE WANs, as your ISP will likely assign a DNS server, but can be manually specified in that case if desired.
  3. After the WAN configuration provisions to the USG, unplug the WAN from the existing router, and plug the USG's WAN to the Internet connection. For cable and DSL service, it is often required to power cycle the modem after connecting a new gateway device. In those cases, power cycle the modem after plugging in the USG’s WAN.

After the modem boots back up, you should have Internet connectivity from your LAN via the USG. Verify the WAN information in the controller (following step 2 once again).


Related Articles


Back to Top

UniFi - Accounts and Passwords for Controller, Cloud Key and Other Devices

Intro to Networking - How to Establish a Connection Using SSH

UniFi - Setting Up UniFi for Beginners

UniFi - Advanced Adoption of a "Managed By Other" Device


We're sorry to hear that!