I’m writing this down so I can find it later.
The management IP address on my Unifi US-16-XG is wrong. I’m going to change it via a combination of the controller and the CLI. Let’s hope this works.
Hope? Why hope?
Unifi switches are designed to be managed via the webgui (i.e. their controller).
I’m sure this will also work on my US-48 switch too.
Get connected and get in
I’ve done this both via ssh and via the serial port.
You can ssh to your device, using the same credentials you use on your Unifi controller. You’ll see something like this:
[dan@pro02:~] $ ssh dan@10.0.0.249
dan@10.0.0.249's password: 
BusyBox v1.19.4 (2017-12-08 16:58:50 MST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
  ___ ___      .__________.__
 |   |   |____ |__\_  ____/__|
 |   |   /    \|  ||  __) |  |   (c) 2010-2017
 |   |  |   |  \  ||  \   |  |   Ubiquiti Networks, Inc.
 |______|___|  /__||__/   |__|
            |_/                  http://www.ubnt.com
      Welcome to UniFi USW-XG!
If you connect via the serial port, you may have to play around with the baud rate. I suggest you keep increasing it until it works. From my MacBook, this works for me:
screen /dev/tty.usbserial-FTE1VN5U 115200
You’re in!
OK, I’m in. Now, what do I telnet to?
US.v3.9.15# netstat -na | grep LISTEN tcp 0 0 127.0.0.1:2222 0.0.0.0:* LISTEN tcp 0 0 10.0.0.249:22 0.0.0.0:* LISTEN tcp 0 0 ::ffff:127.0.0.1:23 :::* LISTEN unix 2 [ ] DGRAM 2988 @IPC_WEBRTC_LISTENER US.v3.9.15#
In the above, you can see two items of interest:
- 10.0.0.249:22 – the original ssh connection
- 127.0.0.1:2222 – my next connection
Here we go:
US.v3.9.15# telnet 127.0.0.1 2222 Warning! The changes may break controller settings and only be effective until reboot. (UBNT) >
NOTE: you have to hit ENTER a second time for that Warning and prompt to appear.
Configuration mode
Let’s enable the configuration mode.
(UBNT) >enable enable (UBNT) #
Help!
What to do next?
(UBNT) #?
?
application              Start or stop an application.
cablestatus              Isolate the problem in the cable attached to an
                         interface.
capture                  Enable CPU packets capturing.
clear                    Reset configuration to factory defaults.
configure                Enter into Global Config Mode.
copy                     Uploads or Downloads file.
debug                    Configure debug flags.
delete                   Deletes the given image or the language pack file.
dir                      Display directory information.
disconnect               Close remote console session(s).
dot1x                    Configure dot1x privileged exec parameters.
enable                   Set the password for the enable privilege level.
erase                    Erase configuration file.
exit                     To exit from the mode.
filedescr                Sets text description for a given image.
help                     Display help for various special keys.
hostname                 Change the system hostname.
ip                       Configure IP parameters.
logout                   Exit this session. Any unsaved changes are lost.
network                  Configuration for inband connectivity.
quit                     Exit this session. Any unsaved changes are lost.
reload                   Reset the switch.
renew                    To renew IP Address.
script                   Apply/Delete/List/Show/Validate Configuration Scripts.
set                      Set Router Parameters.
show                     Display Switch Options and Settings.
snmp-server              Configure SNMP server parameters.
telnetcon                Configure telnet connection parameters.
terminal                 Set terminal line parameters.
update                   Updates the bootloader on the node from the
                         active/backup image.
vlan                     Type 'vlan database' to enter into VLAN mode.
write                    Configures save options.
(UBNT) #
(UBNT) #
Ahh! I’ll try network.
Network
(UBNT) #network ?
network ?
ipv6                     Configure IPv6 parameters for system network.
mac-address              Configure MAC Address.
mac-type                 Select the locally administered or burnedin MAC
                         address.
mgmt_vlan                Configure the Management VLAN ID of the switch.
parms                    Configure Network Parameters of the device.
protocol                 Select DHCP, BootP, or None as the network config
                         protocol.
I changed the IP address (10.125.0.220) and set the gateway (10.125.0.1) like this:
(UBNT) #network parms 10.125.0.220 255.255.255.0 10.125.0.1 network parms 10.125.0.220 255.255.255.0 n10.125.0.1
Then I altered the management VLAN:
(UBNT) #network mgmt_vlan 73 network mgmt_vlan 73
show
Let’s see what we have now:
(UBNT) #show network show network Interface Status............................... Up IP Address..................................... 10.125.0.220 Subnet Mask.................................... 255.255.255.0 Default Gateway................................ 10.125.0.1 IPv6 Administrative Mode....................... Enabled IPv6 Prefix is ................................ fe80::822a:a8ff:fef1:bcb1/64 IPv6 Default Router............................ fe80::20d:b9ff:fe33:8716 Burned In MAC Address.......................... 80:2A:A8:38:81:28 Locally Administered MAC address............... 00:00:00:00:00:00 MAC Address Type............................... Burned In Configured IPv4 Protocol....................... None Configured IPv6 Protocol....................... None IPv6 AutoConfig Mode........................... Disabled Management VLAN ID............................. 73 (UBNT) #
The US-48
The US-48 had lost contact with the controller. I connected via the serial console and entered this command:
US.v3.9.15# set-inform http://10.55.0.131:8080/inform Adoption request sent to 'http://10.55.0.131:8080/inform'. 1. please adopt it on the controller 2. issue the set-inform command again 3.will be saved after device is successfully managed US.v3.9.15# 
Then I checked to see what it had:
US.v3.9.15# info Model: USW-48 Version: 3.9.15.8011 MAC Address: 80:2a:a8:f1:bc:b1 IP Address: 10.55.0.220 Hostname: US-48-01 Uptime: 1633 seconds Status: Connected (http://10.55.0.131:8080/inform) US.v3.9.15#
Good. Checking the controller, the device was connected. There was a ‘STUN Communication Failed’ message. From my reading, that will do way when I reprovision the switch, which I am about to do in order to change the management IP address.
After provisioning completed (which about a minute), info showed:
US.v3.9.15# info Model: USW-48 Version: 3.9.15.8011 MAC Address: 80:2a:a8:f1:bc:b1 IP Address: 10.52.0.36 Hostname: US-48-01 Uptime: 2119 seconds Status: Connected (http://10.55.0.131:8080/inform)
Now I need to change the management VLAN so it can communicate properly.
US.v3.9.15# ` Warning! The changes may break controller settings and only be effective until reboot. (UBNT) >enable enable (UBNT) #network mgmt_vlan 2 network mgmt_vlan 2 (UBNT) #write memory write memory This operation may take a few minutes. Management interfaces will not be available during this time. Are you sure you want to save? (y/n) y y Config file 'startup-config' created successfully . Configuration Saved! (UBNT) # (UBNT) #exit exit (UBNT) >exit exitConnection closed by foreign host US.v3.9.15# exit Please press Enter to activate this console.
Hope this helps.













if you do
sudo shit will let you do tab completion in both the regular shell and during your telnet session.or apparently just `sh` works as well. it just needs to run the built-in shell ash
That’s interesting. Thank you.
I wonder if anyone has been able to make custom changes on the interfaces through CLI and make them permanent after reboot.
I want to enter at least the following commands in general config and a few other interfaces with the following setup, and also looking for tougher port security.
general config:
auto-voip vlan 10
auto-voip oui 00:08:5D oui-desc “Aastra”
auto-voip oui 00:04:F2 oui-desc “Polycom”
as well as interfaces:
interface 0/1-0/X
voice vlan dot1p 0
auto-voip oui-based
switchport mode trunk
switchport trunk native vlan Y
switchport trunk allowed vlan 2-4093
vlan ingressfilter
vlan participation exclude 1
vlan participation include X-XX,X
vlan tagging X-XX,X
vlan priority 3
port-security max-dynamic 3
I know that it can be done by modifying config.properties on the controller and adding config in the same syntax as it is in /tmp/system.cfg however I can’t find right syntax for these commands.
Does anyone know?
Thank you,
Sorry, I don’t know. Have the UNIFI forums been of any help?
not yet. I’m also working with Ubiquiti tech support at the same time and receive single email every day. I’m getting closer to expected solution but not there yet. I have a couple of projects to complete.
Have you tried: write memory
See above for where I did that.