Skip to main content

Some Unifi CLI Commands/First Impressions

This document outlines a bunch of items/forum posts that I have used in the past for assisting in getting additional functionality/usage out of my Unifi Switches.

The obvious is the Edge Switch CLI Command Reference
Or for those that like it all shown out EdgeSwitch CLI Tree
And a simple walk through straight from UBNT.

Unifi Switch can be SCP'd into if needed. Credentials are typically under Settings -> Site ->  Device Authentication.

Note: If you make any changes via the CLI using the Edge Switch subsection, it will be removed next time the switch gets provisioned from the Controller. (Reboot, or a physical change in the Controller).  You can keep the changes using json files within the USG, but Unifi has not stated that they will add support to allow this within the Unifi Switches. If you are planning on doing any huge configuration via the CLI, your better buying an Edge Switch instead.

Commands:
US.v3.7.55# telnet localhost //This allows access into CLI of the Unifi Switch (similar config as the Edge Switch)
US.v3.7.55# mca-dump //This allows exportation of the json file to the screen which can be used to be captured if needed.

My First impressions of the Unifi Switch infrastructure is pretty sweet, it does 99% of the items that you will need to do, but I then ran into a configuration issue trying to establish trunks (L2 MPLS VPN) over a local provider and determined that the GUI was just simply not cutting the configuration properly. After logging into the CLI and issuing some Edge Switch show commands, I realized that some of the MTU size values, allowed trunks, and native vlans was not set proper, even though in the GUI it is expected/shown as being right.
Labels:

Comments

Post a Comment

Popular posts from this blog

Fortigate to USG B2B

Building Site-to-Site B2B from Unifi USG to Fortigate (500D or other models) Fortigate Configuration 1. Build a New VPN Tunnel using Custom VPN Tunnel (No Template) 2. Under Network, point to the Public Side IP of the USG (Public IP, not WAN interface) 3. Leave everything else default (NAT-T Enabled, DPD Disabled..ect) 4. Authentication, use PSK and IKEv1 with Main 5. Phase 1 Purposal, set algorithms to AES128 and SHA1, with DH 14. 6. Phase 2 Purposal, set Local Address and Remote address to 0.0.0.0/0.0.0.0 and 0.0.0.0/0.0.0.0 respectively. 7. Set Encryption to AES128/Sha1, Replay Detection and PFS enabled, along with DH14. Enable Autokey Keep Alive, and Auto-Negotiate, and save changes. 8. Build a Static Route pointing to the Far-End Destination/Segment you want to reach. 9. Build a Policy Stating which Segments can hit the Far-End Destination/B2B USG Configuration 1. This is assuming that USG is already registered to the Unifi Controller. 2. Go t
Post a Comment
Read more

How to setup a Host-Check for Fortigate SSL VPN

This document outlines how to setup a host-check for a Fortigate SSL VPN (Web only): config vpn ssl web portal edit "portalname" set web-mode enable set host-check custom set host-check-policy "Microsoft-Windows-Firewall" set os-check-enable set ip-pools "PoolName" set split-tunneling disable set page-layout double-column set theme orange config os-check-list "windows-7" set action check-up-to-date set latest-patch-level 1 end  config vpn ssl web host-check-software edit "Microsoft-Windows-Firewall" config check-item-list edit 1 set target "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile:EnableFirewall==1" set type registry next edit 2 set target "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile:EnableFirewall==1" set type registry next edit 3 set target "HKLM\\SYSTEM\\CurrentControlSet\\S
3 comments
Read more

Implementing 802.1X - Windows 2012R2 + Cisco 4500 Switches

Implementing 802.1X Using Windows Server 2012R2 & Cisco 4500 Series Switches Overview: This document is to outline how the configuration between Windows Server 2012 R2’s NPS Services and Cisco 4500 Series switches has been implemented. High Level Diagram:   Requirements: Windows Server 2012 R2 with NPS Server installed Windows Server 2012 R2 with CA Services Windows AD Environment Cisco 4500 Series Switches Windows 7-10 Clients to connect NPS Configuration: 1. This assumes the above requirement that the NPS Service has already been installed on Windows Server 2012 R2 2. Disable all existing Policies under Connection Request Policies and Network Policies as you will be making your own, except one that states “Catch All” with the below parameters: 3. You will then need to add in a new Radius Client to have Policies built around. Friendly Name will be used going forward for the Policies for referencing the document. 4. Once completed, re
Post a Comment
Read more