UniFi - Layer 3 methods for UAP adoption and management

Overview


Readers will learn the different layer-3 methods for deploying UAPs.

In many deployments where it's not possible/desired to have controller running at the premise, you can run the controller in the cloud or your NOC. Say we have a large-scale project with many UAPs, we could:

  • On Amazon, create a virtual controller instance on EC2.
  • Configure/stage a few APs in our lab and customize the guest portals.
  • When we're at the customer's site, open a browser to the cloud-based controller.
  • Either configure DHCP server, DNS server, or simply use the UniFi Discovery Utility to make all local APs inform back to the controller.
  • On-going management/monitoring can be done anywhere and Amazon would provide us with great firewall configurations.

Contents

  1. Initial setup
  2. Discovery utility
  3. DNS
  4. DHCP option 43
  5. SSH

 

Initial setup


Please make sure you're familiar with how UniFi works (e.g. where AP and Controller is in the same L2) before you attempting L3 Management. L3 management adds many moving parts in the mix (i.e. added complexity).

UniFi AP has a default inform URL http://unifi:8080/inform. Thus, the purpose of using DHCP option 43 or DNS is to allow the AP to know the IP of the controller.

Discovery utility


Not many environments can have a DHCP server that's configurable, even less likely with a DNS server. That's where UniFi Discovery Utility comes in. It listens to the multicast/broadcast packets from UniFi APs and allow you to tell the AP to inform any URL you'd like. (only APs in default state or not in contact with any controller will be displayed)

UniFi Discovery utility is installed along with your UniFi controller.

  • On Windows, it's in Start Menu->Ubiquiti UniFi->UniFi-Discover
  • On Mac, /Applications/UniFi-Discover.app (or use Spotlight to find it)
  • Run "java -jar <unifi_base>/lib/ace.jar discover"

To perform L3 adoption with the discovery utility:

  1. Wait until the AP shows up
  2. If the AP is not in default state. click "reset", specify the SSH username/password and click "Apply"
  3. Click on "manage", modify the inform URL and leave the SSH username/password as ubnt/ubnt and click "Apply"
  4. Open a browser to your remote UniFi controller and you should see it being "Pending Approval"
  5. Click on "approve". You'll see it going to "Adopting" state, ignore it as it'll eventually become "Adoption Failed" or "Disconnected"
  6. perform [step 3] again (no need to wait for [step 5] to finish)
  7. AP is now managed by the controller

Once adopted, the Controller will upgrade these units automatically.

The option of the Ubiquiti Discovery Tool Chrome Extension is also available, downloadable directly from Google Chrome here, or from our UBNT download page.

DNS


  • You'll need to configure your DNS server to resolve 'unifi' to your controller's IP address. Make sure that AP can resolve controller's domain name. For example, if you are setting http://XYZ:8080/inform, then ping from AP to determine if XYZ is resolvable/reachable.
  • Or, using FQDN for the controller inform URL, http://FQDN:8080/inform
  • Troubleshooting - AP (with static IP) fails to connect to the L3 controller
    • when configured an AP from DHCP to static in the controller UI, make sure you have put the IP of DNS. If not, then the AP cannot contact DNS to resolve controller domain name.
    • if the AP has been reset (by pushing reset button), make sure that you have informed AP twice (using discovery utility) about the controller's location (this will be improved in the coming release 2.3.0)

DHCP option 43


If using Ubiquiti's EdgeMax routers, then DHCP option 43 can be done by just entering the IP address of the UniFi controller in the "unifi" field on the dhcp-server.

To use DHCP option 43 You'll need to configure your DHCP Server. For example:

Linux's ISC DHCP server: dhcpd.conf

# ...
option space ubnt;
option ubnt.unifi-address code 1 = ip-address;

class "ubnt" {
        match if substring (option vendor-class-identifier, 0, 4) = "ubnt";
        option vendor-class-identifier "ubnt";
        vendor-option-space ubnt;
}

subnet 10.10.10.0 netmask 255.255.255.0 {
        range 10.10.10.100 10.10.10.160;
        option ubnt.unifi-address 201.10.7.31;  ### UniFi Controller IP ###
        option routers 10.10.10.2;
        option broadcast-address 10.10.10.255;
        option domain-name-servers 168.95.1.1, 8.8.8.8;
        # ...
}

Cisco CLI

# assuming your UniFi is at 192.168.3.10
ip dhcp pool <pool name>
network <ip network> <netmask>
default-router <default-router IP address>
dns-server <dns server IP address>
option 43 hex 0104C0A8030A # 192.168.3.10 -> CO A8 03 0A

# Why 0104C0A8030A ?
#
# 01: suboption
# 04: length of the payload (must be 4)
# C0A8030A: 192.168.3.10

Mikrotik CLI

/ip dhcp-server option add code=43 name=unifi value=0x0104C0A8030A
/ip dhcp-server network set 0 dhcp-option=unifi

# Why 0104C0A8030A ?
#
# 01: suboption
# 04: length of the payload (must be 4)
# C0A8030A: 192.168.3.10

Cisco has a good write-up for DHCP option 43 setup.

To use IP of controller
  • You can also use the IP of the controller in the inform URL instead of the domain name.

SSH


If you can SSH into the AP, it's possible to do L3-adoption via CLI command:

# 1. make sure the AP is running the same firmware as the controller. If it is not, see this guide: Upgrading UniFi firmware via SSH.
# 2. make sure the AP is in factory default state
#    if it's not, do
#    syswrapper.sh restore-default
# 3. ssh into the device and type
mca-cli
# the CLI interface:
set-inform http://ip-of-controller:8080/inform
# 4. after issuing the set-inform, the UniFi device will show up for adoption. Once you click adopt the device will appear to go offline.
# 5. once the device goes offline, issue the set-inform command again. This will permanently save the inform address, and you'll see the device will start provisioning.
Powered by Zendesk