A Brief Introduction to Cat6 vs Cat6a vs Cat7 vs Fiber

To put it simple, the twisted pair specifications: Cat6 (Class E), Cat6a (Class EA), and Cat7 (Class F) all support 10GBASE-T applications with differentiated performances.

Check the below chart to get a full understanding of the specifications and typical applications of Cat6 vs Cat6a vs Cat7.

ALL backward compatible – you can plug a newer twisted pair cable into a device that is designed for a slower cable.

The fastest Ethernet cable yet is Cat8, which can support data rate up to 40Gbps, four times of Cat6a cable. If you are looking for high-speed data center and server room cabling, check out Cat8 Cable for 25GBASE-T and 40GBASE-T Network.

The minimum grade of cabling to be deployed in a 10GBASE-T network should be Cat6a cable.

Fiber Cable

Multimode Fiber Patch Cables are a good choice for transmitting data and voice signals over shorter distances. They are typically used for data and audio/visual applications in local-area networks and connections within buildings. Multimode cables are generally color-coded orange or aqua;

The Aqua Fiber Patch Cables are for higher performance 10Gbps, 40Gbps, and 100Gbps Ethernet and fiber channel applications.

Singlemode Fiber Patch Cables are the best choice for transmitting data over long distances. They are usually used for connections over large areas, such as college campuses and cable television networks. They have a higher bandwidth than multimode cables to deliver up to twice the throughput. Most singlemode cabling is color-coded yellow.

Reference

https://community.fs.com/blog/should-we-use-cat6-or-cat6a-for-10gbase-t.html

UDM Pro commands

List of commands to troubleshoot UDM Pro;

The best command for packet related issues is tcpdump

tcpdump <interface> -w <filename.pcap>

Most of the commands are just Linux commands. However some are unique to the UDM/UDM-P.

Cisco/EdgeOS/VyOs Command/Best descriptionUDM/UDM-P SSH Command
show versioninfo
show system hardware and installed softwareubnt-device-info summary
show cpu tempetureubnt-systool cputemp
show fan speedubnt-fan-speed
show uptimeuptime
show ip routenetstat -rt -n
show tech-support (dump a file for tech support)ubnt-make-support-file <file.tar.gz>
show ppp summerypppstats
show current userwhoami
show logcat /var/log/messages
show interface summaryifstat
show interfacesifconfig
show other Ubiquiti devices on local LAN segment (ubnt-discovery)ubnt-tools ubnt-discover
show config (wireless)cat /mnt/data/udapi-config/unifi
show DHCP leases (to NSname)cat /mnt/data/udapi-config/dnsmasq.lease
packet capturetcpdump
shutdownpoweroff
reloadreboot
show ipsec saipsec statusall
factory resetfactory-reset.sh
show system burnt in MAC addressubnt-tools hwaddr
Unifi Server commands (logs files)
show unifi server logscat /mnt/data/unifi-os/unifi/logs/server.log
show unifi server setttingscat /mnt/data/unifi-os/unifi-core/config/settings.yaml
show unifi server http logscat /mnt/data/unifi-os/unifi-core/logs/http.log
show unifi server http logs (errors)cat /mnt/data/unifi-os/unifi-core/logs/errors.log
show unifi server discovery logcat /mnt/data/unifi-os/unifi-core/logs/discovery.log
show unifi system logscat /mnt/data/unifi-os/unifi-core/logs/system.log

Tested with 1.8.3-5

To restart UDM Pro to release memory pressure without restarting, SSH and enter this;

unifi-os restart

To update udm pro software;

Start unifi shell = “unifi-os shell” and then apt update && upgrade

Resource

Click this link to see the reference.

Cloud key upgrade

Upgrading cloud key sucks but works. After upgrade log in to unifi ui. You would see blue lights back on. Disable system-d. Check if dnsmasq is working, if not try to install resloveconf package.

Enable systemd using these commands;

sudo systemctl enable systemd-resolved
sudo systemctl start systemd-resolved
sudo systemctl status systemd-resolved

Login to your cloud key and make sure its working (blue lights :))

DNS resolution will not work. The problem is pihole unbound resolution. Add these lines to /etc/resolveconf.conf

nameserver 8.8.8.8
nameserver 8.8.4.4

check the status of dnsmasq;

#disable systemd-resolved first
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
sudo systemctl status dnsmasq
sudo systemctl status dnsmasq

If dnsmasq is running, proceed. don’t restart. reinstall pihole and restore from backup. Follow these after pihole installation (couldn’t find an easier solution);

#Reconfigure lighttpd port (for example 8080)
nano /etc/lighttpd/lighttpd.conf
#Restart lighttpd
/etc/init.d/lighttpd restart
#Change the pi-hole random password to your liking
pihole -a -p

Pi-hole has dnsmasq embedded in pihole-FTL, and a separate dnsmasq on the host is not required and causes problems as you have discovered.

sudo netstat -nltup | grep 'Proto\|:53 \|:5053 \|:5353 \|:5335 \|:8953 \|:67 \|:80 \|:471'

sudo service dnsmasq stop

sudo systemctl disable dnsmasq

sudo apt-get remove dnsmasq-base

sudo service pihole-FTL start

Pihole somehow keep existing configuration. Navigate to the URL and it should be up and running.

To re-purpose cloud key, follow this link.

Resources

https://stackoverflow.com/questions/24967855/curl-6-could-not-resolve-host-google-com-name-or-service-not-known

Setting Traefik on unRAID

This is a basic Traefik setup. Follow these steps to setup Traefik as reverse proxy on unRAID.

We will be using Traefik 2.x as reverse proxy on unRAID v 6.9.x. we will be setting up unRAID ui and Traefik dashboard to show traffic can be routed to any container running on unRAID.

DNS records configuration

We need to create DNS records, all pointing to unRAID box. We will be using unRAID default “local” domain running on 192.168.1.20. Since we own foo.com domain so our DNS records would be;

tower.local.foo.com -> 192.168.1.20
traefik-dashboard.local.foo.com -> 192.168.1.20

How and where to configure these depends on the DNS server, for example PI-HOLE etc.

Reconfiguring unRAID HTTP Port

unRAID web ui is using port 80 but Traefik will be listening on port 80. We need to reconfigure this port.

Go to Settings -> Management Access, and change HTTP port to 8080 from 80.

In case Traefik container is not working, we can always access unRAID server at http://192.168.1.20:8080.

Traefik configuration

In order to configure Trafik we will be using a mix of dynamic configuration (via Docker labels), and static configuration (via configuration files).

Place the following yml configuration files in your appdata share.

appdata/traefik/traefik.yml

api:
  dashboard: true
  insecure: true

entryPoints:
  http:
    address: ":80"

providers:
  docker: {}
  file:
    filename: /etc/traefik/dynamic_conf.yml
    watch: true

appdata/traefik/dynamic_conf.yml

http:
  routers:
    unraid:
      entryPoints:
      - http
      service: unraid
      rule: "Host(`tower.local.foo.com`)"
  services:
    unraid:
      loadBalancer:
        servers:
        - url: "http://192.168.1.20:8080/"

Make sure yml has two space indentation.

Setup Traefik Container

Go to the Docker tab in unRAID and ADD CONTAINER.
We need to fill in the following configuration:

Name: traefik
Repository: traefik:latest
Network Type: bridge

Add a port mapping from 80 → 80, so that Traefik can listen for incoming HTTP traffic.

Add a path where we mount our /mnt/user/appdata/traefik to /etc/traefik so that Traefik can actually read our configuration.

Add another path where we mount our Docker socket /var/run/docker.sock to /var/run/docker.sockRead-only is sufficient here.

This is required so Traefik can listed for new containers and read their labels, which is used for the dynamic configuration part. We are using this exact mechanism to expose the Treafik dashboard now.

Add a label
• key = traefik.http.routers.api.entrypoints
• value = http

Add another label
• key = traefik.http.routers.api.service
• value = api@internal

And a final label
• key = traefik.http.routers.api.rule
• value = Host(`traefik-dashboard.local.foo.com`)

Our container configuration should look like this;

Run container, and view container log to make sure its running. You will see something like this;

The screen will scroll with new logs. Traefik is up and running.

Open browser, we are able to access unRAID at http://tower.local.foo.com, and the Traefik dashboard at http://traefik-dashboard.local.foo.com.

Proxying any Container

In order to add another container to our Traefik configuration we simply need to add a single label to it.

Assuming we have a Portainer container running we can add a label with

  • key = traefik.http.routers.portainer.rule
  • value = Host(`portainer.local.foo.com`)

If our container is only exposing a single port, Traefik is smart enough to pick it up, and no other configuration is required.

If Portainer container would expose multiple ports, but the webUI is accessible on port 3900 we would need to add an additional label with

  • key = traefik.http.services.portainer.loadbalancer.server.port
  • value = 8080

For external hosts to take advantage of terafik, point their DNS entry to traefik host. Obviously we have to define router and services in traefik dynamic file.

Resources

https://datosh.github.io/post/unraid_reverse_traefik/

Reddit reference

Move Pi-Hole databases and list to different location

Create a new folder in new location, for example pihole-db.

mkdir pihole-db
# make sure folder has this permission
chmod 775 pihole-db
# change user/group to pihole on this folder
chown pihole:pihole pihole-db

We will be creating symlink (symbolic link) by copying database to pihole-db.

https://unix.stackexchange.com/questions/218557/how-to-change-ownership-of-symbolic-links

# Pihole-FTL.db
# stop Pihole service
sudo service pihole-FTL stop
cp /etc/pihole/pihole-FTL.db /srv/pihole-data
chown pihole:pihole pihole-FTL.db
# rm /etc/pihole/pihole-FTL.db
# create link in /etc/pihole
ln -s /srv/pihole-db/pihole-FTL.db pihole-FTL.db
# change owner/group of symlinks
sudo chown -h pihole:pihole pihole-FTL.db

# start the service
sudo service pihole-FTL start
# check service status
# systemctl status pihole-FTL

Open browser, navigate to a site and see if pihole-FTL works.

Pihole-FTL started working. Let’s move others;

# gravity.db
sudo service pihole-FTL stop
cp /etc/pihole/gravity.db /srv/pihole-db
ls -l /srv/pihole-db
chown pihole:pihole /srv/pihole-db/gravity.db
rm /etc/pihole/gravity.db
# create symlink in /etc/pihole
ln -s /srv/pihole-db/gravity.db gravity.db
# change owner/group of symlinks
sudo chown -h pihole:pihole gravity.db

# verify
sudo service pihole-FTL start

# macvendor.db
sudo service pihole-FTL stop
cp /etc/pihole/macvendor.db /srv/pihole-db
ls -l /srv/pihole-db

chown pihole:pihole /srv/pihole-db/macvendor.db
rm /etc/pihole/macvendor.db
# create symlink in /etc/pihole
ln -s /srv/pihole-db/macvendor.db macvendor.db
sudo chown -h pihole:pihole macvendor.db
# verify
sudo service pihole-FTL start

# list.1.raw.githubusercontent.com.domains
sudo service pihole-FTL stop
cp /etc/pihole/list.1.raw.githubusercontent.com.domains /srv/pihole-db
ls -l /srv/pihole-db

rm /etc/pihole/list.1.raw.githubusercontent.com.domains
# create symlink in /etc/pihole
ln -s /srv/pihole-db/list.1.raw.githubusercontent.com.domains list.1.raw.githubusercontent.com.domains
# verify
sudo service pihole-FTL start

Make sure you have changed owner and group of sym(Symbolic) links of these databases.

https://www.freecodecamp.org/news/symlink-tutorial-in-linux-how-to-create-and-remove-a-symbolic-link/

sudo chown -h pihole:pihole pihole-FTL.db
sudo chown -h pihole:pihole macvendor.db
sudo chown -h pihole:pihole gravity.db

Make sure you can see these permissions;

To reset, run this command;

chmod 664 gravity.db

Here is your modified file system;

To rebuild gravity database, run this and see the time stamp;

pihole -g

https://discourse.pi-hole.net/t/gravity-database/46182

For macvendor database refer to this;

Resources

https://www.cyberciti.biz/faq/linux-log-files-location-and-how-do-i-view-logs-files/