Getting into the CLI for a Unifi switch

I’m writing this down so I can find it later.

The management IP address on my Unifi US-16-XG is wrong. I’m going to change it via a combination of the controller and the CLI. Let’s hope this works.

Hope? Why hope?

Unifi switches are designed to be managed via the webgui (i.e. their controller).

I’m sure this will also work on my US-48 switch too.

Get connected and get in

I’ve done this both via ssh and via the serial port.

You can ssh to your device, using the same credentials you use on your Unifi controller. You’ll see something like this:

[dan@pro02:~] $ ssh dan@10.0.0.249
dan@10.0.0.249's password: 


BusyBox v1.19.4 (2017-12-08 16:58:50 MST) built-in shell (ash)
Enter 'help' for a list of built-in commands.


  ___ ___      .__________.__
 |   |   |____ |__\_  ____/__|
 |   |   /    \|  ||  __) |  |   (c) 2010-2017
 |   |  |   |  \  ||  \   |  |   Ubiquiti Networks, Inc.
 |______|___|  /__||__/   |__|
            |_/                  http://www.ubnt.com

      Welcome to UniFi USW-XG!

If you connect via the serial port, you may have to play around with the baud rate. I suggest you keep increasing it until it works. From my MacBook, this works for me:

screen  /dev/tty.usbserial-FTE1VN5U 115200

You’re in!

OK, I’m in. Now, what do I telnet to?

US.v3.9.15# netstat -na | grep LISTEN
tcp        0      0 127.0.0.1:2222          0.0.0.0:*               LISTEN      
tcp        0      0 10.0.0.249:22           0.0.0.0:*               LISTEN      
tcp        0      0 ::ffff:127.0.0.1:23     :::*                    LISTEN      
unix  2      [ ]         DGRAM                      2988 @IPC_WEBRTC_LISTENER
US.v3.9.15# 

In the above, you can see two items of interest:

  • 10.0.0.249:22 – the original ssh connection
  • 127.0.0.1:2222 – my next connection

Here we go:

US.v3.9.15# telnet 127.0.0.1 2222

Warning!
The changes may break controller settings and only be effective until reboot.
(UBNT) >

NOTE: you have to hit ENTER a second time for that Warning and prompt to appear.

Configuration mode

Let’s enable the configuration mode.

(UBNT) >enable
enable

(UBNT) #

Help!

What to do next?

(UBNT) #?
?

application              Start or stop an application.
cablestatus              Isolate the problem in the cable attached to an
                         interface.
capture                  Enable CPU packets capturing.
clear                    Reset configuration to factory defaults.
configure                Enter into Global Config Mode.
copy                     Uploads or Downloads file.
debug                    Configure debug flags.
delete                   Deletes the given image or the language pack file.
dir                      Display directory information.
disconnect               Close remote console session(s).
dot1x                    Configure dot1x privileged exec parameters.
enable                   Set the password for the enable privilege level.
erase                    Erase configuration file.
exit                     To exit from the mode.
filedescr                Sets text description for a given image.
help                     Display help for various special keys.
hostname                 Change the system hostname.
ip                       Configure IP parameters.
logout                   Exit this session. Any unsaved changes are lost.
network                  Configuration for inband connectivity.
quit                     Exit this session. Any unsaved changes are lost.
reload                   Reset the switch.
renew                    To renew IP Address.
script                   Apply/Delete/List/Show/Validate Configuration Scripts.
set                      Set Router Parameters.
show                     Display Switch Options and Settings.
snmp-server              Configure SNMP server parameters.
telnetcon                Configure telnet connection parameters.
terminal                 Set terminal line parameters.
update                   Updates the bootloader on the node from the
                         active/backup image.
vlan                     Type 'vlan database' to enter into VLAN mode.
write                    Configures save options.

(UBNT) #
(UBNT) #

Ahh! I’ll try network.

Network

(UBNT) #network ?
network ?

ipv6                     Configure IPv6 parameters for system network.
mac-address              Configure MAC Address.
mac-type                 Select the locally administered or burnedin MAC
                         address.
mgmt_vlan                Configure the Management VLAN ID of the switch.
parms                    Configure Network Parameters of the device.
protocol                 Select DHCP, BootP, or None as the network config
                         protocol.

I changed the IP address (10.125.0.220) and set the gateway (10.125.0.1) like this:

(UBNT) #network parms 10.125.0.220 255.255.255.0 10.125.0.1
network parms 10.125.0.220 255.255.255.0 n10.125.0.1

Then I altered the management VLAN:

(UBNT) #network mgmt_vlan 73
network mgmt_vlan 73

show

Let’s see what we have now:

(UBNT) #show network
show network

Interface Status............................... Up
IP Address..................................... 10.125.0.220
Subnet Mask.................................... 255.255.255.0
Default Gateway................................ 10.125.0.1
IPv6 Administrative Mode....................... Enabled
IPv6 Prefix is ................................ fe80::822a:a8ff:fef1:bcb1/64
IPv6 Default Router............................ fe80::20d:b9ff:fe33:8716
Burned In MAC Address.......................... 80:2A:A8:38:81:28
Locally Administered MAC address............... 00:00:00:00:00:00
MAC Address Type............................... Burned In
Configured IPv4 Protocol....................... None
Configured IPv6 Protocol....................... None
IPv6 AutoConfig Mode........................... Disabled
Management VLAN ID............................. 73

(UBNT) #

The US-48

The US-48 had lost contact with the controller. I connected via the serial console and entered this command:

US.v3.9.15# set-inform http://10.55.0.131:8080/inform

Adoption request sent to 'http://10.55.0.131:8080/inform'.
 
1. please adopt it on the controller
2. issue the set-inform command again
3.  will be saved after device is successfully managed

US.v3.9.15#

Then I checked to see what it had:

US.v3.9.15# info

Model:       USW-48
Version:     3.9.15.8011
MAC Address: 80:2a:a8:f1:bc:b1
IP Address:  10.55.0.220
Hostname:    US-48-01
Uptime:      1633 seconds

Status:      Connected (http://10.55.0.131:8080/inform)
US.v3.9.15#

Good. Checking the controller, the device was connected. There was a ‘STUN Communication Failed’ message. From my reading, that will do way when I reprovision the switch, which I am about to do in order to change the management IP address.

After provisioning completed (which about a minute), info showed:

US.v3.9.15# info

Model:       USW-48
Version:     3.9.15.8011
MAC Address: 80:2a:a8:f1:bc:b1
IP Address:  10.52.0.36
Hostname:    US-48-01
Uptime:      2119 seconds

Status:      Connected (http://10.55.0.131:8080/inform)

Now I need to change the management VLAN so it can communicate properly.

US.v3.9.15# `

Warning!
The changes may break controller settings and only be effective until reboot.
(UBNT) >enable 
enable

(UBNT) #network mgmt_vlan 2  
network mgmt_vlan 2

(UBNT) #write memory
write memory

This operation may take a few minutes.
Management interfaces will not be available during this time.

Are you sure you want to save? (y/n) y
y

Config file 'startup-config' created successfully .


Configuration Saved!

(UBNT) #
(UBNT) #exit
exit

(UBNT) >exit
exitConnection closed by foreign host
US.v3.9.15# exit

Please press Enter to activate this console. 

Hope this helps.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

7 thoughts on “Getting into the CLI for a Unifi switch”

  1. I wonder if anyone has been able to make custom changes on the interfaces through CLI and make them permanent after reboot.
    I want to enter at least the following commands in general config and a few other interfaces with the following setup, and also looking for tougher port security.

    general config:
    auto-voip vlan 10
    auto-voip oui 00:08:5D oui-desc “Aastra”
    auto-voip oui 00:04:F2 oui-desc “Polycom”

    as well as interfaces:
    interface 0/1-0/X
    voice vlan dot1p 0
    auto-voip oui-based
    switchport mode trunk
    switchport trunk native vlan Y
    switchport trunk allowed vlan 2-4093
    vlan ingressfilter
    vlan participation exclude 1
    vlan participation include X-XX,X
    vlan tagging X-XX,X
    vlan priority 3
    port-security max-dynamic 3

    I know that it can be done by modifying config.properties on the controller and adding config in the same syntax as it is in /tmp/system.cfg however I can’t find right syntax for these commands.

    Does anyone know?

    Thank you,

Leave a Comment

Scroll to Top