If you are bypassing the AT&T Gateway using an XGSPON SFP stick (WAS-110, Azurespeed, ODI, etc.) running 8311 firmware, you likely encounter a total internet drop exactly every 14 days.
This solution uses UniFi Alarm Manager to force a renewal the moment an outage is detected. It doesn't just "fire and forget"—it reads the UDM logs to verify that the ISP actually sent an ACK (Acknowledgment).
You must determine which physical port your SFP stick is using.
- SSH into your UniFi Gateway:
ssh root@<your-gw-ip-addr> - Run this command to find the active WAN ID:
ubios-udapi-client GET /interfaces -r | jq '.[] | select(.status.wanStatus == "active") | .identification.id'
- Note the result: It is typically
eth9(the SFP+ port). If yours iseth8, replaceeth9in all subsequent scripts.
To allow Home Assistant to run commands on your UDM without a password, we must set up SSH keys. We store these in /config/.ssh so they are not deleted during Home Assistant updates.
- Generate the key in your Home Assistant terminal:
mkdir -p /config/.ssh ssh-keygen -t ed25519 -f /config/.ssh/id_ed25519 -N "" - Push the key to the Gateway:
ssh-copy-id -i /config/.ssh/id_ed25519 root@<your-gw-ip-addr>
This script triggers the renewal and then verifies the log for an ACK (Acknowledgment) from the AT&T OLT.
Path: /config/.ssh/verify_renew.sh
#!/bin/bash
# 1. Trigger the renewal via the SIGUSR1 signal (The most reliable way on v3.x/v4.x firmware)
ssh -i /config/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new root@<your-gw-ip-addr> \
"kill -SIGUSR1 \$(ps aux | grep '[u]dhcpc.*eth9' | awk '{print \$2}')"
# 2. Wait for the handshake to finish
sleep 3
# 3. Check the logs for the specific confirmation from the ISP
RESULT=$(ssh -i /config/.ssh/id_ed25519 root@<your-gw-ip-addr> "journalctl -n 50 | grep 'udhcpc.*lease.*obtained.*eth9' | tail -n 1")
if [[ -z "$RESULT" ]]; then
echo "Renewal Failed: No ISP acknowledgment found in logs."
exit 1
else
echo "Renewal Success! $RESULT"
exit 0
fiMake the script executable: chmod +x /config/.ssh/verify_renew.sh
Add the shell_command to link the bash script.
shell_command:
renew_wan_dhcp: "bash /config/.ssh/verify_renew.sh"This script runs the renewal and notifies your phone of the actual result.
alias: Trigger WAN Renewal with Notification
sequence:
- action: shell_command.renew_wan_dhcp
continue_on_error: true
response_variable: renew_result
- if:
- condition: template
value_template: "{{ renew_result['returncode'] == 0 }}"
then:
- action: notify.mobile_app_<your_phone>
data:
message: "WAN Renewal Successful on eth9!"
else:
- action: notify.mobile_app_<your_phone>
data:
title: "WAN Renewal Failed"
message: "The ISP did not acknowledge the renewal request. Check UDM logs."This creates a local endpoint for the UniFi Alarm Manager to hit.
alias: WAN DHCP Renewal
description: "Triggered by UniFi Alarm Manager Webhook"
triggers:
- trigger: webhook
allowed_methods:
- POST
- PUT
local_only: true
webhook_id: "<your-webhook-id>"
actions:
- action: script.trigger_wan_renewal_with_notification
mode: single- Open your UDM Web UI.
- Navigate to Network > Alarm Manager.
- Click Create Alarm:
- Category: Internet
- Condition: Internet Disconnected
- Under Action, select Webhook:
- Custom Webhook
- URL:
http://<your-ha-ip-addr>:8123/api/webhook/<your-webhook-id> - Method: POST
- Click Create.
When your AT&T lease drops or the OLT stops routing traffic, the UDM's internal health check detects a disconnect within seconds. It hits the Home Assistant Webhook, which triggers the SSH script. The script forces a fresh handshake and verifies it against the system logs, sending a confirmation directly to your phone.