UniFi - Device Adoption Methods for Remote UniFi Controllers


Overview


This article describes several different layer-3 methods for deploying UAPs. Our recommended methods are found below under the Chrome Web Browser and Mobile App sections.


Table of Contents


  1. Introduction
  2. Initial Setup
  3. Chrome Web Browser (recommended)
  4. Mobile App (recommended)
  5. Discovery Utility
  6. DNS
  7. DHCP Option 43
  8. SSH
  9. User Notes & Tips
  10. Related Articles

Introduction


Back to Top

In many deployments where it's not possible/desired to have the UniFi Network Controller running on-premise, you can run the controller in the Cloud or your NOC. For example, for a large-scale project with many devices there are a few possible methods for adoption of devices:

  • Take a laptop to the device's site to perform adoption via Chrome Browser (easiest method).
  • When you're at the site, open a browser and navigate to Cloud: either the UniFi Cloud Access Portal or the UniFi Network Controller (when launched using Cloud).
  • Create a virtual controller instance on Amazon EC2. Read this article on the subject.
  • Either configure the DHCP server, DNS server or simply use the UniFi Discovery Utility to make all local access points (APs) inform back to the controller.

Initial Setup


Back to Top

Please make sure you're familiar with how a regular L2 adoption on UniFi works (where the devices and Controller are on the same L2 network) before attempting L3 (remote) adoption. Also, remember that in order to adopt, the following conditions must be true in order to have internet access and also have access to the router from within the network (locally):

1. WAN port connected to the Internet.
2. LAN port connected locally to access management features on the router (USG or third party).

UniFi APs have a default inform URL http://unifi:8080/inform. Thus, the purpose of using DHCP option 43 or DNS is to allow the AP to know the IP of the Controller.


Chrome Web Browser 


Back to Top

After installing the Discovery tool plugin (freely available in Chrome Web Store) on a computer running Chrome browser, any locally-available, unmanaged UniFi Devices (i.e., same L2 network as your computer) will appear as "Pending Adoption" in the UniFi Cloud Access Portal as well as your UniFi Network Controller itself (in the Devices section in both cases). To access the Controller remotely Cloud Access will have to be enabled.

Via the UniFi Cloud Access Portal

1. Go to https://unifi.ui.com/ and log in with your Ubiquiti SSO credentials.

2. Go to the Devices section and locate the model with the Pending Adoption status. Click ADOPT.

3. In the Adopt window that will appear, select the controller and the site that will be adopting the device and click Adopt.

Via the UniFi Network Controller

1. Launch the UniFi Network Controller, go to the Devices section, find the device that is to be adopted with the status "Pending Adoption" and click Adopt under Actions.


Mobile App 


Back to Top

1. After installing the UniFi Mobile App (freely available in iOS App Store & Android Play Store), launch the app, and tap Direct Access (in iOS, in Android you will see the Direct Access section on the screen once you launch the app, see images below).

NOTE: Your mobile device must be connected to the same network as your devices, and must be able to access the controller directly (using HTTP). A public IP and/or port forwarding may be necessary. The inform port of the controller must be 8080.

2. Select your Controller from the list, or tap the "+" button to log in and add your controller.

iOS

Android

3. For iOS: Once logged in to the Controller, tap More. There will be a Layer 3 Adoption option under Utilities.

For Android: Tap the three-line "hamburger" menu and scroll down until you see L3 Adoption under Utilities.

iOS

Android

3. Devices will be displayed on this screen. Tap on the device that is to be adopted and select Adopt.

iOS

Android

4. After a few seconds (15-30 seconds, times will vary) the device will appear under the Devices section, which will be accessible by clicking on the Devices icon on the bottom menu bar.


Discovery Utility


Back to Top

This utility listens to the multicast/broadcast packets from UniFi APs and allows you to configure the AP to inform any URL you'd like. It is important to note that only APs in a default state or not in contact with any other controller will be displayed.

UniFi Discovery utility is installed along with the UniFi Network Controller.

  • On Windows, it's in Start Menu > Ubiquiti UniFi >UniFi-Discover
  • On Mac, /Applications/UniFi-Discover.app (or use Spotlight to find it)
  • Run "java -jar <unifi_base>/lib/ace.jar discover"

To perform L3 adoption with the Discovery utility:

  1. Launch the Discovery Utility and wait until the device appears. If the device is not in a default state (new out of the box, or reset to its factory default settings), click "reset", specify the SSH username/password and click "Apply".
  2. Click "manage", modify the inform URL and leave the SSH username/password as ubnt/ubnt and click "Apply"
  3. Open a browser to your UniFi Network Controller and you should see it is "Pending Approval".
  4. Click on "Adopt". You'll see it going to "Adopting" state, ignore it as it'll eventually become "Adoption Failed" or "Disconnected", which is why you go to step 6.
  5. Perform step 3 again, there is no need to wait for step 5 to finish.
  6. After a few moments, the devices will now be managed by the Controller and will appear as Connected. You may need to leave the Devices page and return to see this reflected on the screen.

The option of the Ubiquiti Discovery Tool Chrome extension is also available, downloadable directly from Google Chrome here, or from our Ubiquiti download page.

NOTE: If your L3 Controller is available over the WAN then you need to make sure the necessary ports are open at the Controller side (minimum port 8080 for inform). If you do not have a static IP then you may want to consider using a dynamic DNS service, and use the domain name instead of the IP for the inform address. If you're using a USG then you can use the DDNS client that is available on that device itself.

DNS


Back to Top

  • You'll need to configure your DNS server to resolve 'unifi' to your Controller's IP address. Make sure that the device can resolve Controller's domain name. For example, if you are setting http://XYZ:8080/inform, then ping from the device to determine if XYZ is resolvable/reachable.
  • Or, using FQDN for the Controller inform URL, http://FQDN:8080/inform
  • Troubleshooting - device (with static IP) fails to connect to the L3 Controller
    • When configuring a device from DHCP to static in the Controller UI, make sure you have put the IP of DNS. If not, then the device cannot contact DNS to resolve Controller domain name.
    • If the device has been reset, make sure that you have informed the device twice (using the Discovery Utility) about the Controller's location.

DHCP Option 43


Back to Top

If using Ubiquiti's EdgeMAX routers, then DHCP option 43 can be done by just entering the IP address of the UniFi Network Controller in the "unifi" field on the DHCP-server.

NOTE: The UniFi Security Gateway (USG) will not use DHCP option 43 to add the UniFi Network Controller location when obtaining a DHCP lease on the WAN interface.

To use DHCP option 43 you'll need to configure your DHCP Server. We provide some third party examples below, but please refer to the manufacturer's support documentation for up to date instructions. For example:

Linux's ISC DHCP server: dhcpd.conf

# ...
option space ubnt;
option ubnt.unifi-address code 1 = ip-address;

class "ubnt" {
        match if substring (option vendor-class-identifier, 0, 4) = "ubnt";
        option vendor-class-identifier "ubnt";
        vendor-option-space ubnt;
}

subnet 10.10.10.0 netmask 255.255.255.0 {
        range 10.10.10.100 10.10.10.160;
        option ubnt.unifi-address 201.10.7.31;  ### UniFi Controller IP ###
        option routers 10.10.10.2;
        option broadcast-address 10.10.10.255;
        option domain-name-servers 168.95.1.1, 8.8.8.8;
        # ...
}

Cisco CLI

# assuming your UniFi is at 192.168.3.10
ip dhcp pool <pool name>
network <ip network> <netmask>
default-router <default-router IP address>
dns-server <dns server IP address>
option 43 hex 0104C0A8030A # 192.168.3.10 -> CO A8 03 0A

# Why 0104C0A8030A ?
#
# 01: suboption
# 04: length of the payload (must be 4)
# C0A8030A: 192.168.3.10

Mikrotik CLI

/ip dhcp-server option add code=43 name=unifi value=0x0104C0A8030A
/ip dhcp-server network set 0 dhcp-option=unifi

# Why 0104C0A8030A ?
#
# 01: suboption
# 04: length of the payload (must be 4)
# C0A8030A: 192.168.3.10
User Tip: Find more DHCP Option 43 instructions in the User Notes & Tips section. 

SSH


Back to Top

If you can SSH into the device, it's possible to do L3 adoption via CLI command:


Back to Top

These notes have been added thanks to user collaboration. Have anything to contribute? Click on the Give Feedback button below!

Windows Server DHCP Option 43

User Tip: For Windows Server please see this external blog post.
NOTE: As in all our examples, we are using a sample IP address, you would input your own.

1. Input your IP in https://www.browserling.com/tools/ip-to-hex

Screen_Shot_2018-02-21_at_2.05.39_PM.png

2. Click Convert to Hex!

Screen_Shot_2018-02-21_at_2.05.46_PM.png

3. Add 01:04 to the beginning of the converted IP, so it would look something like this:

01:04:ac:10:21:04 

4. Insert this in the Value field.

Screen_Shot_2018-02-21_at_2.07.32_PM.pngUsing Palo Alto Networks with DHCP Option 43 (Pan OS 7.1)


Related Articles


Back to Top

Intro to Networking - How to Establish a Connection Using SSH

UniFi - Changing the Firmware of a UniFi Device

UniFi - How to Enable Cloud Access for Remote Management


We're sorry to hear that!