Background

Some Unifi switches have been seen to stop passing traffic to other switches or routers.  This appears to be caused by Spanning Tree Protocol (STP) loop protection causing the uplink port to be blocked.  Depending on where the Unifi controller is hosted this can cause the switch to appear offline and can stop DHCP traffic from passing to and through it.


Solution

There are two potential solution steps for this issue. Both should be applied and tested.


1. Upgrade the firmware of the switch to the latest available version.  

This should be done via the controller if possible. If the controller is off site or unreachable past the blocked port then a host (eg. Laptop) running the latest Unifi Network Controller software with a basic configuration can be used to temporarily adopt the switch and apply the latest firmware.  The switch may need to be reset to defaults to allow adoption with this temporary controller.

Firmware can also be applied via SSH with a reachable HTTP/S server hosting the firmware file although the Unifi controller method is easier.


2. Disable STP.

Using either the permanent or temporary Unifi controller select the switch from the list of devices and under advanced settings disable STP. 

You can also disable spanning-tree per port if you need it elsewhere in your network. In this case just disable for your router uplink port. 


In some cases disabling STP from the controller first can allow for the switch to reach the internet to retrieve the firmware update file directly. This is fine if the controller is not attached past a blocked port.


2.1 Temporarily disable via CLI

To temporarily disable spanning-tree e.g. if you need to reach out to a cloud based controller then run the following commands via CLI

  1. Find your switch IP address, if it can't get DHCP from an upstream device it will statically assign as either 192.168.1.10 or 192.168.1.20.
  2. Enter the switch CLI  as per https://support.snappernet.co.nz/support/solutions/articles/5000875521-unifi-switch-full-cli-access-alternative-to-debug-window-
  3. enter the commands 'configure' [enter] then 'no spanning-tree' [enter]



This change is effective immediately and if applicable the DHCP client will get a new address from the upstream DHCP server so your SSH session will drop. You should then be able to adopt into your remote controller, provision changes etc.. 

NOTE: You may need to do this more than once to get it fully provisioned.