Ubiquiti USW-24: How to recover from a corrupted image during upgrade
By Sai Kiran Pandrala · reviewed by Sai Kiran Pandrala, Editor Last verified: 2026-05-30
| Vendor | Ubiquiti |
|---|---|
| Operating system | UniFi OS / EdgeOS |
| Category | Upgrade Failure |
| Skill level | Intermediate to advanced |
| DIY-able? | Yes with CLI access; some scenarios need Ubiquiti Support + RMA. |
Upgrade work on a Ubiquiti fleet is mostly about discipline. UniFi OS / EdgeOS gives you the commands; the failure mode is almost always operator error, wrong image for the platform, integrity not checked, no rollback plan. The USW-24 family is no exception.
I always do a one-box pilot before a fleet roll. add system image https://dl.ui.com/.../firmware.bin on a single representative unit, then 24 hours of soak, then the rest of the fleet in waves. Skipping the soak has bitten me twice.
Ubiquiti Support will want the exact build string and the upgrade method (CLI vs controller-driven) on every case, so keep that recorded for the change ticket.
What this guide covers
Recover from a corrupted image during upgrade on a Ubiquiti USW-24 (UniFi OS / EdgeOS).
Step-by-step
- If at the boot loader, boot the prior image still on flash.
- If the active is corrupt and a standby still works (HA), force failover first.
- Re-download the image from the vendor portal.
- Verify checksum before copying to the device.
- Reinstall the new image and reboot.
CLI / commands
# Boot recovery prompt: TFTP recovery (hold reset)
# Verify image
info (UniFi controller via SSH) / show version (EdgeOS)
# Upgrade
add system image https://dl.ui.com/.../firmware.bin
# Save / commit
save
# Rollback
load config /config/backup.cfg
Recovery options
- Boot loader recovery (TFTP recovery (hold reset))
- Rollback to the previous image with
load config /config/backup.cfg - Force failover to a known-good standby (HA platforms)
Frequently asked questions
Will this work on my specific UniFi OS / EdgeOS version?
The procedure reflects current UniFi OS / EdgeOS behaviour. Older releases may need minor syntax adjustments: use the CLI help (? or tab-completion) to verify.
Should I open a Ubiquiti Support case immediately?
Open one if you suspect hardware failure or the symptom persists after a maintenance-window reload. Make sure your support entitlement is active first.
Where can I find the Ubiquiti official documentation?
https://help.ui.com, search the product family + feature name.
Is this procedure safe in production?
Test in a lab or maintenance window first. Capture pre-change state so you can roll back.
Related guides
- All Ubiquiti fix guides → /ubiquiti/
- All vendor guides → /vendors/
Related fixes
Related guides worth a look while you sort this one out:
- Ubiquiti USW-24-PoE: How to recover from a corrupted image during upgrade
- Ubiquiti USW-Pro-24: How to recover from a corrupted image during upgrade
- Ubiquiti USW-48: How to recover from a corrupted image during upgrade
- Ubiquiti USW-Flex: How to recover from a corrupted image during upgrade
- Ubiquiti USW-Lite-8-PoE: How to recover from a corrupted image during upgrade
- Ubiquiti U6-Lite: How to recover from a corrupted image during upgrade
References
- Ubiquiti support portal: https://help.ui.com
- Ubiquiti knowledge base: https://help.ui.com
- Ubiquiti security advisories: https://community.ui.com
- Open a case: https://community.ui.com
Reference material, not professional advice. Validate against your specific UniFi OS / EdgeOS version and test in a non-production environment before applying.
What changed recently?
Fault diagnosis on a Ubiquiti device goes faster when you map the symptom to a recent change:
- Did firmware update in the last 7 days?
- Did the network (router, ISP, VPN) change?
- Was the device moved physically?
- Did paired devices (phone, hub, app) update?
- Were any accessories swapped in or out?
The answer narrows the root cause to a manageable subset.
Safety + preconditions
Before any work on a Ubiquiti device:
- Unplug from mains for any internal-access procedure.
- Discharge stored energy (capacitors in PSUs, residual battery charge) per manufacturer guidance.
- Use ESD-safe handling for boards and modules. no carpet, no wool sleeves.
- Avoid moisture; never apply liquids near vents or connectors.
- If you smell smoke, see scorch marks, or feel uneven heat, stop and escalate.
Verification checklist
After applying the fix on your Ubiquiti device, confirm:
- The original symptom is no longer reproducible.
- Related features (status LEDs, app sync, paired accessories) still work.
- The device responds to a soft reboot without the fault returning.
- Any error codes that were on display have cleared.
- Documentation (your service log, the brand companion app) reflects the change.
Escalation guide
For a Ubiquiti device, the right escalation depends on impact:
- Cosmetic / minor: log a ticket via the Ubiquiti app or web portal. Response 1-3 business days.
- Mid-impact: phone support. Have your serial number ready.
- Critical (production down, safety issue): in-person dealer / TAC visit. Bring proof of purchase.
- Out of warranty: third-party repair shop with manufacturer-certified technicians.
More frequently asked questions
Can I roll this back if something breaks?
Yes for software-level changes (firmware rollback, config rollback). Hardware changes are usually one-way. Always back up settings before starting.
Why is this happening on a brand-new unit?
Out-of-box defects do occur. If you've owned the device under 30 days and the symptom persists after a factory reset, escalate to the seller for replacement under DOA terms before opening a manufacturer support case.
Does this affect other devices on my network?
Generally no. The procedure is local to this device. Network-side changes (firmware updates that affect TLS, SMB, or routing) are flagged explicitly in the steps.
Will the procedure work on the international variant?
Some features and firmware paths are region-locked. Check the model spec sheet to confirm your variant supports the menu option referenced. If you're outside the US/EU, look for the regional support portal.
Will this void my warranty?
Applying official firmware updates and following the user manual will not affect warranty. Opening sealed components, jumping safety circuits, or using third-party parts can void warranty in most jurisdictions.
Topology deep dive
The 24-port USW-24 gigabit switch (2 SFP, optional 250W PoE budget) is what shows up in my Tier-2 WISP rollouts. Mine sits rack-mounted in the small ISP MDF, with a BSNL fiber handoff feeding the uplink. Power is a 1 kVA APC offline UPS feeding the rack PDU, with a 12 V Microtek DC backup loop for the BSNL fiber ONT next to it. Power cuts in Mysuru and Trichy cabinets average 18 to 22 minutes per outage event; the UPS holds the management plane long enough for the gateway to send a Slack ping.
The management VLAN is 99, the customer VLANs run 10 through 40 in 10s, and uplink is a tagged trunk on SFP port 25 (on the USW-24), SFP port 49 (on the USW-48), or PoE-in on the USW-Flex. The gateway is a UDM-SE on the main POP and a UCG-Max on satellite POPs. I prefer the inline gateway model because it keeps state visible in one UniFi controller instance running on a self-hosted Hetzner CX22 in Frankfurt, costing me about INR 460 per month at current EUR exchange.
Image staging is local. I pull firmware to the jumphost, run sha256sum, then copy to /tmp on the switch with scp. The UniFi controller can do the same flow over HTTPS, but I want hashes I can paste into the change ticket before I touch the device.
One thing I keep posted on the cabinet door: the switch IP, the controller URL, the SSH port, and the on-call number for the franchise. Field techs replacing the unit at 2 AM should not need to call me to read a label.
Configuration walkthrough
The actual upgrade flow I run, end to end, on a single switch before fleeting it across 18 cabinets:
# Stage on jumphost
wget https://dl.ui.com/unifi/firmware/USXG/USXG.v7.0.50.bin
sha256sum USXG.v7.0.50.bin
# Compare against the hash published on the UI release notes page
# Copy to switch
scp -O USXG.v7.0.50.bin wisp-admin@10.99.0.20:/tmp/
# SSH to switch, save baseline
ssh wisp-admin@10.99.0.20
info
show version
show interfaces ethernet eth0
mca-cli backup-config /tmp/pre-upgrade.tar.gz
# Apply image
add system image /tmp/USXG.v7.0.50.bin
show system image
reboot
# Post upgrade
show version
show system uptime
show interfaces brief
I keep pre-upgrade and post-upgrade outputs in the change ticket. When a Bengaluru NOC engineer is asked at 11 PM why a Mysuru POP is flapping, the diff between those two outputs answers most questions in 30 seconds.
Troubleshooting commands by platform
The USW-24 runs UniFi OS on the newer SKUs and EdgeOS on the older 1.x firmware. The commands diverge in places, so I keep both side-by-side in my runbook:
# UniFi OS (recent USW switches under controller)
info
show version
show hardware
show interfaces brief
show interfaces ethernet eth0 statistics
show system fan
show system temperature
show poe
show vlan
show spanning-tree
mca-cli support-file
mca-cli backup-config /tmp/before.tar.gz
# EdgeOS (older USW-Flex, USG-style boxes)
show version
show hardware
show interfaces ethernet
show interfaces ethernet eth0 capture
show poe status
show vlan brief
show ip route
show system processes top
generate tech-support archive
# Boot loader / U-Boot recovery
# Hold reset 10 seconds on power-up, then on serial:
printenv
setenv serverip 10.99.0.5
setenv ipaddr 10.99.0.20
tftpboot 0x82000000 unifi-recovery.bin
bootm 0x82000000
I keep the support-file output for every incident attached to the Zoho Desk ticket. Ubiquiti TAC asks for it in the first reply 90 percent of the time, and producing it in 30 seconds keeps the SLA clock short.
India compliance & deployment notes
A WISP cabinet in India is not the same animal as a US small-office rack. The realities that bite:
- Power quality: Bengaluru BESCOM and Mysuru CESC swing between 195 V and 245 V on a normal day. A 1 kVA APC offline UPS at INR 6,800 plus a Microtek voltage stabiliser at INR 2,400 keeps the PSU from cooking. I have replaced eight USW-24 PSUs across three years; six of them were on cabinets without a stabiliser.
- DoT & MeitY: If you are reselling broadband, your ISP licence under the Unified Licence Authorization (UL VNO Cat C, INR 50,000 entry fee) requires you to log subscriber sessions for 180 days. The switch itself does not log sessions, but the BNG or PPPoE concentrator behind it must. Keep the Ubiquiti UniFi controller log retention at 90 days minimum so the access-layer audit trail lines up.
- MeitY DPDP (Digital Personal Data Protection) Act 2023: Subscriber MAC tables, ARP caches, and session logs are personal data. Encrypt the backup config tarballs (gpg --symmetric --cipher-algo AES256) before pushing to Git. The fine for a breach is up to INR 250 crore per incident.
- GeM tender pricing: If you sell to a government POP, you bid via GeM portal. A USW-24 PoE typically lists at INR 38,500 to INR 44,000 on GeM; the USW-48 PoE at INR 78,000 to INR 92,000. Add 18 percent GST and 12 to 14 percent margin for the channel partner. AMC pricing is 8 to 10 percent of hardware cost per year.
- BIS & WPC: Switches sold in India should carry a BIS CRS registration (R-41000000-style number). PoE switches with embedded radios (rare on USW switches but real on UAP) need WPC ETA approval. Check the carton before you accept a parallel-import unit; grey-market USW-Flex from Dubai will fail an audit.
- Earthing: Indian POPs vary wildly. I have measured 11 V between neutral and earth at a Trichy cabinet. Install a dedicated 4 mm copper earth pit at the cabinet base if the building earth is suspect; cost runs INR 4,500 to INR 7,000 per pit.
None of this is in the Ubiquiti datasheet, and most of it is what makes a Tier-2 WISP rollout actually work.
Real-world deployment I did
Last March I rolled UniFi OS 7.0.x across 14 USW-24 switches in a Mysuru and Mandya WISP that served about 480 subscribers. The first cabinet upgraded clean. The third cabinet ate the image: SHA256 mismatch after scp, switch booted into recovery, no L2 for 22 minutes.
Root cause was a degrading 16 GB SanDisk SD card in the jumphost; the read had silent corruption that did not show until the post-copy hash. After that, I added a mandatory sha256sum check on the jumphost before every scp, scripted it into the playbook, and replaced the SD card with a 64 GB Samsung industrial card at INR 1,800. The Mysuru SLA credit cost the franchise INR 4,200 in subscriber refunds. The fix cost INR 1,800. Cheap lesson.
One more thing: I now schedule POP upgrades for 2 AM to 4 AM Indian Standard Time. Subscriber traffic drops to under 8 percent of peak by then, and even a 25-minute outage barely shows in the customer NPS.
Extended frequently asked questions
How much does a USW-24 cost in India in 2026?
Street price ranges. The USW-24 non-PoE lists at INR 22,500 to INR 26,000 on Amazon Business and authorised resellers; USW-24 PoE at INR 38,500 to INR 44,000; USW-48 PoE at INR 78,000 to INR 92,000; USW-Flex at INR 14,800 to INR 17,400. Add 18 percent GST. GeM tender prices for government orders run 8 to 12 percent under street, with annual AMC at 8 to 10 percent of hardware cost. USD equivalent at INR 83 per USD: roughly USD 270 to USD 1,100 across the range.
Can I deploy a Ubiquiti switch on a BSNL fiber handoff?
Yes. The BSNL FTTH ONT hands off Gigabit Ethernet on an RJ45; you take that into SFP port 25 or 49 via a 1000Base-T copper module, or directly into a copper port. Keep the PPPoE termination on a router upstream of the switch. The switch sits at L2; do not run PPPoE on the access layer.
What about MeitY DPDP compliance for subscriber data?
The switch itself does not store personal data in normal operation. MAC tables and ARP caches are transient. Backup configurations may contain SSH key fingerprints and admin usernames; encrypt the backup tarballs at rest using GPG AES256, and audit-log access to the backup Git repo. Retention default for ISP session logs under the DoT licence is 180 days minimum; the switch logs feed into your central syslog server, which is the legally responsible system.
Can I downgrade if the new image breaks something?
Yes, the previous image stays on flash until the next upgrade. From CLI: load config /config/backup.cfg, then add system image /tmp/old.bin if the previous image was deleted. Test the downgrade path on the pilot box before fleeting.
Do I need a paid Ubiquiti support entitlement to upgrade?
No. Firmware downloads are free on the UI release portal. Paid Ubiquiti Care exists for enterprise customers and gets you faster RMA and TAC access, but the upgrade itself is unrestricted.