I’m writing this down so I can find it later.
The management IP address on my Unifi US-16-XG is wrong. I’m going to change it via a combination of the controller and the CLI. Let’s hope this works.
Hope? Why hope?
Unifi switches are designed to be managed via the webgui (i.e. their controller).
I’m sure this will also work on my US-48 switch too.
Get connected and get in
I’ve done this both via ssh and via the serial port.
You can ssh to your device, using the same credentials you use on your Unifi controller. You’ll see something like this:
[dan@pro02:~] $ ssh dan@10.0.0.249
dan@10.0.0.249's password:
BusyBox v1.19.4 (2017-12-08 16:58:50 MST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
___ ___ .__________.__
| | |____ |__\_ ____/__|
| | / \| || __) | | (c) 2010-2017
| | | | \ || \ | | Ubiquiti Networks, Inc.
|______|___| /__||__/ |__|
|_/ http://www.ubnt.com
Welcome to UniFi USW-XG!
If you connect via the serial port, you may have to play around with the baud rate. I suggest you keep increasing it until it works. From my MacBook, this works for me:
screen /dev/tty.usbserial-FTE1VN5U 115200
You’re in!
OK, I’m in. Now, what do I telnet to?
US.v3.9.15# netstat -na | grep LISTEN tcp 0 0 127.0.0.1:2222 0.0.0.0:* LISTEN tcp 0 0 10.0.0.249:22 0.0.0.0:* LISTEN tcp 0 0 ::ffff:127.0.0.1:23 :::* LISTEN unix 2 [ ] DGRAM 2988 @IPC_WEBRTC_LISTENER US.v3.9.15#
In the above, you can see two items of interest:
- 10.0.0.249:22 – the original ssh connection
- 127.0.0.1:2222 – my next connection
Here we go:
US.v3.9.15# telnet 127.0.0.1 2222 Warning! The changes may break controller settings and only be effective until reboot. (UBNT) >
NOTE: you have to hit ENTER a second time for that Warning and prompt to appear.
Configuration mode
Let’s enable the configuration mode.
(UBNT) >enable enable (UBNT) #
Help!
What to do next?
(UBNT) #?
?
application Start or stop an application.
cablestatus Isolate the problem in the cable attached to an
interface.
capture Enable CPU packets capturing.
clear Reset configuration to factory defaults.
configure Enter into Global Config Mode.
copy Uploads or Downloads file.
debug Configure debug flags.
delete Deletes the given image or the language pack file.
dir Display directory information.
disconnect Close remote console session(s).
dot1x Configure dot1x privileged exec parameters.
enable Set the password for the enable privilege level.
erase Erase configuration file.
exit To exit from the mode.
filedescr Sets text description for a given image.
help Display help for various special keys.
hostname Change the system hostname.
ip Configure IP parameters.
logout Exit this session. Any unsaved changes are lost.
network Configuration for inband connectivity.
quit Exit this session. Any unsaved changes are lost.
reload Reset the switch.
renew To renew IP Address.
script Apply/Delete/List/Show/Validate Configuration Scripts.
set Set Router Parameters.
show Display Switch Options and Settings.
snmp-server Configure SNMP server parameters.
telnetcon Configure telnet connection parameters.
terminal Set terminal line parameters.
update Updates the bootloader on the node from the
active/backup image.
vlan Type 'vlan database' to enter into VLAN mode.
write Configures save options.
(UBNT) #
(UBNT) #
Ahh! I’ll try network.
Network
(UBNT) #network ?
network ?
ipv6 Configure IPv6 parameters for system network.
mac-address Configure MAC Address.
mac-type Select the locally administered or burnedin MAC
address.
mgmt_vlan Configure the Management VLAN ID of the switch.
parms Configure Network Parameters of the device.
protocol Select DHCP, BootP, or None as the network config
protocol.
I changed the IP address (10.125.0.220) and set the gateway (10.125.0.1) like this:
(UBNT) #network parms 10.125.0.220 255.255.255.0 10.125.0.1 network parms 10.125.0.220 255.255.255.0 n10.125.0.1
Then I altered the management VLAN:
(UBNT) #network mgmt_vlan 73 network mgmt_vlan 73
show
Let’s see what we have now:
(UBNT) #show network show network Interface Status............................... Up IP Address..................................... 10.125.0.220 Subnet Mask.................................... 255.255.255.0 Default Gateway................................ 10.125.0.1 IPv6 Administrative Mode....................... Enabled IPv6 Prefix is ................................ fe80::822a:a8ff:fef1:bcb1/64 IPv6 Default Router............................ fe80::20d:b9ff:fe33:8716 Burned In MAC Address.......................... 80:2A:A8:38:81:28 Locally Administered MAC address............... 00:00:00:00:00:00 MAC Address Type............................... Burned In Configured IPv4 Protocol....................... None Configured IPv6 Protocol....................... None IPv6 AutoConfig Mode........................... Disabled Management VLAN ID............................. 73 (UBNT) #
The US-48
The US-48 had lost contact with the controller. I connected via the serial console and entered this command:
US.v3.9.15# set-inform http://10.55.0.131:8080/inform Adoption request sent to 'http://10.55.0.131:8080/inform'. 1. please adopt it on the controller 2. issue the set-inform command again 3.will be saved after device is successfully managed US.v3.9.15#
Then I checked to see what it had:
US.v3.9.15# info Model: USW-48 Version: 3.9.15.8011 MAC Address: 80:2a:a8:f1:bc:b1 IP Address: 10.55.0.220 Hostname: US-48-01 Uptime: 1633 seconds Status: Connected (http://10.55.0.131:8080/inform) US.v3.9.15#
Good. Checking the controller, the device was connected. There was a ‘STUN Communication Failed’ message. From my reading, that will do way when I reprovision the switch, which I am about to do in order to change the management IP address.
After provisioning completed (which about a minute), info showed:
US.v3.9.15# info Model: USW-48 Version: 3.9.15.8011 MAC Address: 80:2a:a8:f1:bc:b1 IP Address: 10.52.0.36 Hostname: US-48-01 Uptime: 2119 seconds Status: Connected (http://10.55.0.131:8080/inform)
Now I need to change the management VLAN so it can communicate properly.
US.v3.9.15# ` Warning! The changes may break controller settings and only be effective until reboot. (UBNT) >enable enable (UBNT) #network mgmt_vlan 2 network mgmt_vlan 2 (UBNT) #write memory write memory This operation may take a few minutes. Management interfaces will not be available during this time. Are you sure you want to save? (y/n) y y Config file 'startup-config' created successfully . Configuration Saved! (UBNT) # (UBNT) #exit exit (UBNT) >exit exitConnection closed by foreign host US.v3.9.15# exit Please press Enter to activate this console.
Hope this helps.
if you do
sudo shit will let you do tab completion in both the regular shell and during your telnet session.or apparently just `sh` works as well. it just needs to run the built-in shell ash
That’s interesting. Thank you.
I wonder if anyone has been able to make custom changes on the interfaces through CLI and make them permanent after reboot.
I want to enter at least the following commands in general config and a few other interfaces with the following setup, and also looking for tougher port security.
general config:
auto-voip vlan 10
auto-voip oui 00:08:5D oui-desc “Aastra”
auto-voip oui 00:04:F2 oui-desc “Polycom”
as well as interfaces:
interface 0/1-0/X
voice vlan dot1p 0
auto-voip oui-based
switchport mode trunk
switchport trunk native vlan Y
switchport trunk allowed vlan 2-4093
vlan ingressfilter
vlan participation exclude 1
vlan participation include X-XX,X
vlan tagging X-XX,X
vlan priority 3
port-security max-dynamic 3
I know that it can be done by modifying config.properties on the controller and adding config in the same syntax as it is in /tmp/system.cfg however I can’t find right syntax for these commands.
Does anyone know?
Thank you,
Sorry, I don’t know. Have the UNIFI forums been of any help?
not yet. I’m also working with Ubiquiti tech support at the same time and receive single email every day. I’m getting closer to expected solution but not there yet. I have a couple of projects to complete.
Have you tried: write memory
See above for where I did that.