This article provides details about UNMS's generic key and how it works, as well as describing the fundamentals of the device registration process.
- EdgeRouter: 1.9.7+ /EdgeSwitch: 1.7.3+ / UFiber OLT: 1.0.0+ / airMAX (AC): 8.4.1+ / airMAX (M): 6.1.3+ / airCube: 1.0.0+
- Also please note that UNMS doesn't support older airMAX devices with firmware versions 4.x, 5.x or 7.x.
Table of Contents
- UNMS Generic Key Details
- Behind the Scenes: How Does the UNMS Key Work?
- How to Manually Register a Device via Device UI
- How to Register a Device via SSH
- Related Articles
The purpose of the UNMS key is to provide a secure communication using AES encryption while telling a device where to look for a UNMS server. The process of device registration using the generic UNMS key and the device specific UNMS key ensures secure communication between the user's devices and UNMS.
UNMS Generic Key Details
Here is an example of the UNMS key:
wss:// your.domain.com :443 + n9yU137QSwTzBXnF...9Sk0pC7sDKGnpbxiHRI9W +
The UNMS key consists of several parts (shown in different colors above), each with their own purpose. In the table below the UNMS key appears split in its different parts, and each section's purpose described.
|wss://||WebSocket Secure connection protocol|
|your.domain.com||Hostname or IP of the server where UNMS runs|
|:443||Port for devices to access UNMS server|
|n9yU137QSwTzBXnF...9Sk0pC7sDKGnpbxiHRI9W||Advanced Encryption Standard key (AES key)|
Behind the Scenes: How Does the UNMS Key Work?
When a new instance of UNMS is installed, it creates its own UNMS key which is called The Generic UNMS Key. This key represents a pointer for any device being added to the system for the first time. When the generic UNMS key is entered into a device's settings, that device will try to connect to UNMS using the hostname / IP and the port part of that key (see the third row of the table above).
If the connection is successful, the AES key part of UNMS key is used for secure communication between the device and UNMS. When the connection is established for the first time then a new AES key is generated for the device. This new AES key replaces the original AES key in the generic UNMS key, creating The Device Specific UNMS Key. Then the device specific UNMS key rewrites the generic UNMS key on the device and UNMS stores the device’s MAC address and AES key in PostgreSQL database.
From that point forward, each time the device wants to communicate with UNMS, the AES key part of the device specific UNMS key is used and UNMS uses the AES key from the PostgreSQL database for decryption/encryption.
How to Manually Register a Device via Device UI
This is only necessary for devices that cannot be found via the UNMS Remote Discovery tool.
1. Open UNMS and go to the Devices section.
2. In the upper, right side, click the arrow on the ADD DEVICE button.
3. Click the "Copy UNMS key to clipboard" to copy the key which will be pasted in step 6. The key is the same for all devices.
4. In your browser type in the IP address of the device, that should open the device's login screen. Insert the correct credentials and you will get to the Device administration screen.
5. Go to the System or Services section.
6. Paste the UNMS key.
7. Enable the UNMS connection.
8. Save the device configuration.
9. Now you can go back to the UNMS and check the 'devices' table. You should see the newly added device there. Authorize the device in the UNMS devices list and assign it to a (Client)Site.
How to Register a Device via SSH
admin@ER-X# delete service unms disable
admin@ER-X# set service unms connection generic UNMS key
Saving configuration to '/config/config.boot'... Done
1. Edit device configuration in file
2. To apply the configuration use command