By default there's no option to add a VLAN tag to the initial WAN configuration screen. This means that its difficult to adopt a USG without having a switch or router insert the VLAN tags or terminate the Internet connectivity for you while adopting the USG remotely.

We can work around in a couple of ways:

  1. Use an Ethernet switch to insert & strip VLAN tag & have the USG set up the PPPoE connection via the HTTP interface (
  2. Use another router & have the USG pick up DHCP client address
  3. Run CLI commands to set a temporary WAN interface

If option 3 is your only option then the below should help. You will need an SSH client such as PuTTY and about 30 mins spare time.

Code sample to copy/paste into notepad

NOTE: make sure to also copy/paste the carriage returns at the end

Change the IP addresses from at the top to your controllers IP address 

Change the credentials from to your real ISP supplied ones

# Copy into notepad, change the IP addresses ( & credentials ( below to suit
# NOTE - Dont forget to select all, then copy / paste to get the carriage returns at the end
# Tested on UniFi Security Gateway 3P (June 2017)

set interfaces ethernet eth0 vif 10 pppoe 11 user-id
set interfaces ethernet eth0 vif 10 pppoe 11 password your_password_here
set system static-host-mapping host-name unifi inet
run unifi set-inform

set interfaces ethernet eth0 vif 10 pppoe 11 default-route auto
set interfaces ethernet eth0 vif 10 pppoe 11 firewall in name WAN_IN
set interfaces ethernet eth0 vif 10 pppoe 11 firewall local name WAN_LOCAL
set interfaces ethernet eth0 vif 10 pppoe 11 mtu 1492
set interfaces ethernet eth0 vif 10 pppoe 11 name-server auto

sleep 10
show interfaces pppoe
sleep 5
watch -n 10 "vbash -ic 'unifi info'"

Stage 1:

  1. Cable into the LAN port of a factory default device
  2. Connect using an SSH client to the router ( as the user ubnt, password ubnt
  3. Edit the values for PPPoE credentials & controller inform address in the script from above
  4. Copy paste the entire script from notepad into the SSH session

This should get you to the point of first contact with the remote controller and a refresh of the controller should show the device ready for adoption

Don't change any settings at this stage, just adopt the gateway

The display will change from adopting to provisioning then nothing will seem to happen, the controller will say 'adopting' and the SSH session will show the same. 

Wait for around 10 mins, eventually the SSH session will disconnect

Stage 2:

  1. Re-login but this time use the administrator credentials for the UniFi site e.g. admin / password rather than ubnt/ubnt
  2. Run the script again and wait for it to show up in the controller again. 
  3. Within the controller you can now set WAN interface in the controller with PPPoE/VLAN ID etc... queue and apply the WAN changes and wait

Wait for around another 10 mins and a couple of re-provisions later you'll have a cloud/remote controlled UNiFi gateway. If you get a message in the controller that the WAN settings dont match just wait a bit longer then refresh the view for everything to settle. 

Once everything has settled into place your router should consistently reconnect across reboots. 

Once this is confirmed update firmware etc & continue normal configuration.

TL;DR? Run the supplied script twice to access controller on UFB.