Unifi commands.md

unifi.md

Unifi AP useful commands

using SSH:

• log in to AP: $ ssh ubnt@<IP>
• default username & password: ubnt & ubnt

---

Generic

Command	Example	Function
info	info	Displays device information
set-default	set-default	Factory reset device
set-inform	set-inform http://192.168.1.1:8080/inform	Set URL of the controller for adoption.
upgrade	upgrade https://<firmware-url>.bin	Upgrade firmware
fwupdate	fwupdate --url https://<firmware-url>.bin	Update firmware
reboot	reboot	Reboot the device
poweroff	poweroff	Shutdown device
uptime	uptime	shows device uptime

Network related

The following Unifi SSh Commands can really help you with finding network-related issues with your Unifi Device.

Command	Example	Function
ifconfig	ifconfig	Show network interface information
ip address add	ip address add 192.168.1.143/24 dev br0	Set static IP Address
	ip route	Display current gateway
	ip route add default via 192.168.1.1	Set default gateway
	ip neigh	Show IPv6 neighbors
	echo "nameserver 192.168.1.1" > /etc/resolv.conf	Set DNS Server
ping	ping 1.1.1.1	Check network connection to device
arp	apr -a	Show arp table

Unifi OS

When you connect to your UDM Pro (or another controller that is running Unifi OS), then you will have a couple of other options:

Command	Example	Function
ubnt-systool	ubnt-systool cputemp	Show CPU Temp
	ubnt-systool cpuload	Show CPU load
	ubnt-systool portstatus	Show port status
	ubnt-systool hostname <newname>	Set new hostname
	ubnt-systool reboot	Reboot device
	ubnt-systool reset2defaults	Factory reset device
ubnt-device-info	ubnt-device-info summary	Show system information
ubnt-tools	ubnt-tools ubnt-discover	Show Unifi devices in the network
	cat /mnt/data/udapi-config/dnsmasq.lease	Show DHCP Leases
	cat /mnt/data/udapi-config/unifi	Show configuration
	/etc/init.d/S95unifios restart	Restart Unifi OS Web interface

Unifi Log files

There are a lot of log files that you can access to help you debug any Unifi related problem:

Command	Example	Function
messages	cat /var/log/messages	Output the error log
	tail -f /var/log/messages	Monitor log file
various	cat /mnt/data/unifi-os/unifi-core/config/settings.yaml	Server settings
	cat /mnt/data/unifi-os/unifi-core/logs/discovery.log	Discovery log
	cat /mnt/data/unifi-os/unifi-core/logs/system.log	System log
	cat /mnt/data/unifi-os/unifi/logs/server.log	Server log
	cat /mnt/data/unifi-os/unifi-core/logs/errors.log	Http errors

LED

Command	Example	Function
Disable LED	sed -i 's/mgmt.led_enabled=true/mgmt.led_enabled=false/g' /var/etc/persistent/cfg/mgmt	it takes up to ~15 seconds
	echo '0' >/proc/gpio/led_pattern	immediately, but not persistent
Enable LED (blue or default color)	sed -i 's/mgmt.led_enabled=false/mgmt.led_enabled=true/g' /var/etc/persistent/cfg/mgmt	it takes up to ~15 seconds
	echo '1' >/proc/gpio/led_pattern	immediately, but not persistent
white color	echo '2' >/proc/gpio/led_pattern
set custom color	echo -n 255,0,0 > /proc/ubnt_ledbar/custom_color
blinking white	echo '02' >/proc/gpio/led_pattern

ℹ️ Note: official LED statuses:

• https://help.ui.com/hc/en-us/articles/204910134-UniFi-LED-Color-Patterns-for-UniFi-Devices

---

Getting info:

Device info, uptime:

• info

example output:

  	Model:       U6-Lite
  	Version:     5.60.23.13051
  	MAC Address: 78:45:xx:xx:xx:xx
  	IP Address:  192.168.88.2
  	Hostname:    U6-Lite
  	Uptime:      430867 seconds

  	Status:      unknown

• cat /var/sysinfo/model
• uname -a
  • example output: Linux U6-Lite 4.4.198 #0 SMP Thu Aug 30 12:10:54 2018 mips GNU/Linux
• uptime

CPU info:

• cat /proc/stat | grep '^cpu '
• cat /proc/cpuinfo
• cat /proc/ubnthal/system.info

example output:

  cpu=MT7621
  cpuid=1617657f
  flashSize=33554432
  ramsize=268435456
  vendorid=0777
  systemid=a612
  boardrevision=15
  serialno=7845xxx61xxx
  manufid=0002
  mfgweek=202129
  qrid=WErxxx
  eth0.macaddr=78:45:xx:xx:xx:xx
  radio0.name=MT7603
  radio1.name=MT7915
  device.hashid=10643aexxx2d8xxx
  device.anonid=5429fxxx-d4xx-4fxx-8064-3ae26f2dxxxx
  ra0.macaddr=78:45:xx:xx:xx:21
  rai0.macaddr=78:45:xx:xx:xx:22
  bt0.macaddr=78:45:xx:xx:xx:23
  regdmn[]=0000ffffffffffffffffffffffffffff
  cpu_rev_id=00030103

Memory (RAM) info:

• free | grep 'Mem:'
• free

Storage:

• df -h

  example output:

     Filesystem                Size      Used Available Use% Mounted on
     tmpfs                   123.9M    856.0K    123.1M   1% /tmp
     tmpfs                   512.0K         0    512.0K   0% /dev
  

Log:

• cat /var/log/messages

Get connected clients (MACs):

• CLIENTS=`mca-dump |grep \"mac\" | grep -v "<AP MAC>"` && echo "$CLIENTS"

Some configs:

• cat /var/running.cfg
• cat /var/system.cfg

Network: IP

• netstat -rt -n (cisco: show ip route)

Show interfaces:

• ifconfig (cisco: show interfaces)

Show config:

• cat /mnt/data/udapi-config/unifi
• cat /tmp/system.cfg

tcpdump:

• tcpdump

---

⚠️ Reset & potentially dangerous commands

Reset device to factory defaults:

• syswrapper.sh restore-default or
• set-default

Enter CLI:

• mca-cli

Adopt a UniFi device into a controller device:

• set-inform http://<IP.your.unifi.controller>:8080/inform

Set password:

• passwd

Reboot, shutdown AP:

• reboot
• poweroff
• /usr/etc/rc.d/rc.softrestart save (not tested)

Manually Upgrade AP:

• syswrapper.sh upgrade http://ip-of-controller:8080/dl/firmware/BZ2/xxxxx/firmware.bin

Upgrade AP (online):

• Search for firmware URL (download button) - https://www.ui.com/download/unifi/default/default/unifi-firmware-56019-u6-lite/
• upgrade https://dl.ui.com/unifi/firmware/UAL6/5.60.19.13044/BZ.mt7621_5.60.19+13044.211113.0640.bin

---

Show other commands:

• ubntbox

---

UniFi Network - Required Ports Reference

The following lists the UDP and TCP ports used by UniFi. This information mainly applies to users with a self-hosted UniFi Network Server, or users with third-party devices and firewalls. For this reason, we generally recommend a full UniFi deployment for seamless deployment and optimal native compatibility.

Local Ingress Ports (Incoming)

Protocol	Port Number	Usage
TCP/UDP	53	Used for DNS. This is required for Guest Portal redirection, downloading updates, and remote access.
UDP	3478	Used for STUN.
UDP	5514	Used for remote syslog capture.
TCP	8080	Used for device and application communication.
TCP	443	Used for application GUI/API as seen in a web browser. Applications running on a UniFi Console
TCP	8443	Used for application GUI/API as seen in a web browser. Applications running on a Windows/macOS/Linux machine
TCP	8880	Used for HTTP portal redirection.
TCP	8843	Used for HTTPS portal redirection.
TCP	6789	Used for UniFi mobile speed test.
TCP	27117	Used for local-bound database communication.
UDP	5656-5699	Used by AP-EDU broadcasting.
UDP	10001	Used for device discovery.
UDP	1900	Used to "Make application discoverable on L2 network" in the UniFi Network settings.
UDP	123	Used for NTP (date and time). Required for establishing secure communication with remote access servers.

Note: Although TCP 22 is not one of the ports UniFi Network operates on by default, it is worth mentioning that is the port used when UniFi devices or the Network application is accessed via SSH.

Ingress Ports Required for L3 Management Over the Internet (Incoming)

These ports need to be open at the gateway/firewall as well as on the machine running the UniFi Network application. This would be achieved by creating port forwards on the gateway/firewall where the application is running.

Protocol	Port Number	Usage
UDP	3478	Used for STUN.
TCP	8080	Used for device and application communication.
TCP	443	Used for application GUI/API as seen in a web browser. Applications running on an UniFi Console
TCP	8443	Used for application GUI/API as seen in a web browser. Applications running on Windows/macOS/Linux machines
TCP	6789	Used for UniFi mobile speed test.
TCP	8880	Used for HTTP portal redirection. (only needed if using Guest hotspot)
TCP	8843	Used for HTTPS portal redirection. (only needed if using Guest hotspot)

Egress Ports Required for UniFi Remote Access (Exiting)

In most cases, these ports will be open and unrestricted by default.

Protocol	Port Number	Usage
TCP/UPD	53	Used for DNS This is required for Guest Portal redirection, downloading updates, and remote access.
UDP	3478	Used for STUN.
TCP/UDP	443	Used for Remote Access service.
TCP	8883	Used for Remote Access service.
UDP	123	Used for NTP (date and time). Required for establishing secure communication with remote access servers.

Changing Default Ports

Changing default port assignments can only be done on self-hosted UniFi Network Servers (Windows/macOS/Linux). This can be accomplished as follows:

• Close any instances of the UniFi Network application.
• Modify the system.properties file, which can be found in the directory <unifi_base>/data/system.properties. For example, if port 8081 was in use and port 8089 was open, you could change it by modifying unifi.shutdown.port=8081 to unifi.shutdown.port=8089
• Restart the UniFi Network application.

Note: Make sure there are no leading or trailing spaces, comments, or other characters (i.e., #) on any custom lines. Otherwise, UniFi Network will ignore the customizations.

---

Sources:

• https://www.reddit.com/r/Ubiquiti/comments/k2g8sk/some_useful_udmudmp_ssh_commands/
• https://support.hostifi.com/en/articles/3561556-how-to-upgrade-unifi-device-firmware-via-ssh
• https://gregsowell.com/?p=3457
• official ubnt forum (community.ui.com)
• https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference (Aug 22 2023)
• https://help.ui.com/hc/en-us/articles/204909754-UniFi-Device-Adoption-Methods-for-Remote-UniFi-Controllers (Layer 3)
• https://jrjparks.github.io/unofficial-unifi-guide/intro.html