Back to catalog

Ubiquiti UniFi

Monitor and secure your UniFi network — devices, clients, firewalls, and traffic

Ubiquiti UniFi network monitoring and security — device health, client visibility, firewall policies, traffic routes, DPI restrictions, and port forwards

certified v0.1.0 network-v1 uv MIT
Authorgroupthink-dev
Setuptrivial
Authbasic
Repositorygroupthink-dev/ubiquiti-unifi-blade-mcp

Service Contract

network

Highlights

📡 Devices — APs, switches, gateways with state, clients, uptime, firmware
💻 Clients — connected devices with signal, experience score, blocked status
🔥 Firewall — policies, traffic routes, traffic rules, port forwards, DPI
🔒 Write-gated — client blocking, WLAN toggle, device restart (dual-gated)
🏠 Multi-controller — home and office networks in a single instance
🛡️ SecOps — credential scrubbing, bearer auth, 2FA support, session isolation

About

What it does

Gives your AI agent structured access to Ubiquiti UniFi network controllers. Monitor device health, track connected clients, inspect firewall policies, review traffic routes, and manage WLANs — all through 18 focused MCP tools with token-efficient output.

Built on aiounifi (MIT, powers the Home Assistant integration), which handles UniFi OS vs classic controller detection, cookie-based auth with CSRF tokens, and TOTP 2FA.

How it differs from other UniFi MCPs

This plugin sirkirby/unifi-mcp enuno/unifi-mcp-server
Focus Monitoring + security (18 tools) Full management (161 tools) Full management (74 tools)
Design for LLM agents (token-efficient) Claude Code (lazy loading) General MCP clients
Multi-controller Native (env var config) Single controller Multi-mode (local/cloud)
Write safety Dual-gated (env + confirm) Preview-then-confirm Permission model
2FA support TOTP via aiounifi TOTP support API key option
Output Pipe-delimited, compact Full JSON Full JSON

Use this plugin for agent-driven monitoring and security visibility. Use sirkirby/unifi-mcp (available as community listing) when you need full network configuration management.

Multi-instance support

Designed for multi-instance deployment. Each instance authenticates independently with its own controller credentials. Use cases:

  • Home + office — separate UniFi controllers at different sites
  • Property portfolio — different networks at different addresses
  • MSP — manage multiple customer networks

Within a single instance, UNIFI_CONTROLLERS=home,office supports multiple controllers with independent sessions.

Token efficiency

The UniFi API returns verbose JSON with deeply nested objects. This plugin reformats everything into compact, pipe-delimited output:

  • Device listing: ~50 tokens per device (vs ~800 raw)
  • Client listing: ~40 tokens per client with signal, experience, blocked status
  • Firewall policies: ~30 tokens per policy

Safety model

Read tools work immediately — devices, clients, firewall, traffic routes, DPI, port forwards.

Write operations require UNIFI_WRITE_ENABLED=true (environment variable, set in plugin config). Destructive operations additionally require confirm=true per-call:

Operation Gate
Block client write + confirm
Unblock client write
Reconnect client write
Toggle WLAN write
Toggle traffic route write
Restart device write + confirm

Authentication

Uses UniFi controller local admin credentials (username + password). Supports both UniFi OS (port 443) and classic controllers (port 8443). TOTP 2FA supported via base32-encoded secret. SSL verification configurable (disabled by default for self-signed certificates common on UDM hardware).

Tool reference

Tool Type What it does
unifi_info read Health check — controller version, hostname, device/client counts, write gate
unifi_sites read List sites on the controller
unifi_devices read APs, switches, gateways — model, state, clients, uptime, firmware
unifi_device read Full detail — port table with PoE, firmware, upgrade status
unifi_clients read Connected clients — name, IP, SSID, signal, experience, blocked
unifi_client read Full detail — TX/RX, vendor (OUI), AP association
unifi_wlans read WLANs — name, enabled/disabled, security, guest flag
unifi_firewall read Firewall policies — name, action, enabled/disabled
unifi_traffic_routes read Traffic routes — description, enabled/disabled, target
unifi_traffic_rules read Traffic rules — description, action, enabled/disabled
unifi_port_forwards read Port forwards — name, protocol, external → internal
unifi_dpi read DPI restriction groups and apps
unifi_block_client gated Block a client from the network (write + confirm)
unifi_unblock_client gated Unblock a previously blocked client
unifi_reconnect_client gated Force a wireless client to reconnect
unifi_toggle_wlan gated Enable or disable an SSID
unifi_toggle_traffic_route gated Enable or disable a traffic route
unifi_restart_device gated Restart an AP, switch, or gateway (write + confirm)

Conformance

Required0/0
Recommended0/0
Optional0/0
Last tested2026-04-11

Setup

Enter your UniFi controller credentials. These are the local admin username and password for your UDM, UDR, or Cloud Key. For 2FA-enabled accounts, provide the TOTP secret (base32).

UNIFI_HOST Controller Host required
UNIFI_USERNAME Username required
UNIFI_PASSWORD Password required secret
UNIFI_VERIFY_SSL Verify SSL
UNIFI_WRITE_ENABLED Enable write operations

Prerequisites

  • UniFi controller (UDM, UDR, Cloud Key, or self-hosted)
  • Local admin account on the controller
UniFi OS Console →Ubiquiti Community →

Scenarios

Network security audit

Run unifi_info for controller health, then unifi_devices to check all devices are connected and firmware is current. List unifi_clients and flag any unknown or blocked devices. Review unifi_firewall for policy gaps and unifi_port_forwards for exposed services.

network
Client investigation

Call unifi_clients to list all connected clients. For suspicious entries, use unifi_client with the MAC address for full detail (vendor, signal, TX/RX, AP). If rogue, use unifi_block_client with confirm=true to isolate the device.

network
Morning network health check

Run unifi_info to verify all controllers are connected. Check unifi_devices for any disconnected APs or switches and firmware upgrades available. Review unifi_clients for unexpected device count changes. Check unifi_traffic_routes and unifi_dpi for any disabled restrictions.

network
Pair with unifi-mcp

Both use network. Comprehensive UniFi network management — 161 tools covering devices, clients, networks, firewall, VPN, and system configuration.

network
Build a network workflow

Use the Forge to design an automation pack powered by ubiquiti-unifi-blade-mcp for network operations.

Links

Source Code aiounifi (upstream library) UniFi OS Console sirkirby/unifi-mcp (community — full management)

Install

sidereal install ubiquiti-unifi-blade-mcp