this post was submitted on 08 Jun 2025
4 points (100.0% liked)

Ubiquiti

665 readers
4 users here now

Unofficial Ubiquiti community.

Discover innovations, troubleshoot, and optimize your Ubiquiti products and software.

founded 2 years ago
MODERATORS
Fenk@lemmy.ml
4
How can I identify this 1Mbps being generated by my UDR? (piefed.ca)
submitted 19 hours ago by GreatBlueHeron@piefed.ca to c/ubiquiti@lemmy.ml
1 comments fedilink hide all child comments
 

In my home network I have a UniFi Dream Router connected to an EdgeRouter X. The UDR is not being used as designed - I'm using it as a combo WiFi access point and 4 port switch. It also runs my UniFi Network application to manage my other UniFi APs. It complains that it has no internet access, but still does the job I need it to do.

I'm seeing fairly consistent 1Mbps traffic being generated by the UDR. I say it's generated by the UDR because when I look at the ethernet ports and connected WiFi devices I can't see it coming from anywhere - I can see it going out the port connected to the EdgeRouter X, and on the EdgeRouter I can see it coming in from the UDR but I can't see where it goes from there - it's into my main Cisco switch and mixed with all my other traffic.

I was hoping to be able to identify it by turning on Traffic Analysis on ERX, but I see nothing at all. I suspect because the ERX is not routing - it's configured as a switch? Similarly, when I ssh into the ERX and run tcpdump, I only see the broadcast and multicast traffic from the UDR - I can't see anything that might be this 1Mbps.

As I was typing this I thought maybe it's the UniFi Network application updating the browser page I have open to it all the time so I closed that and it made no difference.

Any suggestions what this traffic might be or suggestions for how to identify it?

top 1 comments
sorted by: hot top controversial new old
[–] greyfox@lemmy.world 1 points 9 hours ago

Since the ER-X is Linux under the hood the easiest thing to do would be to just ssh in and run tcpdump.

Since you suspect this is from the UDR itself you should be able to filter for the IP of the UDRs management interface. That should get you destination IPs which will hopefully help track it down.

Not sure what would cause that sort of traffic, but I know there used to be a WAN speed test on the Unifi main page which could chew up a good amount of traffic. Wouldn't think it would be constant though.

Do you have other Unifi devices that might have been adopted with layer 3 adoption? Depending on how you setup layer 3 adoption even if devices are local to your network they might be using hairpin NAT on the ER-X which might look like internet activity destined for the UDR even though it is all local.