UniFi - Layer 3 Methods for UAP Adoption and Management

Overview


This article describes the different layer-3 methods for deploying UAPs: via the Discovery Utility, DNS, DHCP Option 43 or SSH.

Table of Contents


  1. Introduction
  2. Initial Setup
  3. Discovery Utility
  4. DNS
  5. DHCP Option 43
  6. SSH
  7. User Notes
  8. Related Articles

Introduction


Back to Top

In many deployments where it's not possible/desired to have the controller running at the premise, you can run the controller in the cloud or your NOC. Say we have a large-scale project with many UAPs, we could:

  • On Amazon, create a virtual controller instance on EC2. Read this article on the subject.
  • Configure/stage a few APs in our lab and customize the guest portals.
  • When we're at the customer's site, open a browser to the cloud-based controller.
  • Either configure DHCP server, DNS server, or simply use the UniFi Discovery Utility to make all local APs inform back to the controller.
  • On-going management/monitoring can be done anywhere and Amazon would provide us with great firewall configurations.

Initial Setup


Back to Top

Please make sure you're familiar with how UniFi works (e.g. where AP and Controller is in the same L2) before you attempting L3 Management. L3 management adds many moving parts to the mix, an added complexity you must be sure you can handle.

UniFi APs have a default inform URL http://unifi:8080/inform. Thus, the purpose of using DHCP option 43 or DNS is to allow the AP to know the IP of the controller.

Discovery Utility


Back to Top

Not many environments can have a DHCP server that's configurable, even less likely with a DNS server. That's where UniFi Discovery Utility comes in. It listens to the multicast/broadcast packets from UniFi APs and allow you to tell the AP to inform any URL you'd like. (only APs in default state or not in contact with any controller will be displayed)

UniFi Discovery utility is installed along with your UniFi controller.

  • On Windows, it's in Start Menu->Ubiquiti UniFi->UniFi-Discover
  • On Mac, /Applications/UniFi-Discover.app (or use Spotlight to find it)
  • Run "java -jar <unifi_base>/lib/ace.jar discover"

To perform L3 adoption with the discovery utility:

  1. Wait until the AP shows up
  2. If the AP is not in default state. click "reset", specify the SSH username/password and click "Apply"
  3. Click on "manage", modify the inform URL and leave the SSH username/password as ubnt/ubnt and click "Apply"
  4. Open a browser to your remote UniFi controller and you should see it being "Pending Approval"
  5. Click on "adopt". You'll see it going to "Adopting" state, ignore it as it'll eventually become "Adoption Failed" or "Disconnected"
  6. perform [step 3] again (no need to wait for [step 5] to finish)
  7. AP is now managed by the controller

Once adopted, the Controller will upgrade these units automatically.

The option of the Ubiquiti Discovery Tool Chrome Extension is also available, downloadable directly from Google Chrome here, or from our UBNT download page.

info_i_25x25.png Note:If your L3 controller is available over the WAN then you need to make sure the necessary ports are open at the controller side (minimum port 8080 for inform). If you do not have a static IP then you may want to consider using a dynamic DNS service, and use the domain name instead of the IP for the inform address. If you're using a USG then you can use the DDNS client that is available on that device itself.


DNS


Back to Top

  • You'll need to configure your DNS server to resolve 'unifi' to your controller's IP address. Make sure that AP can resolve controller's domain name. For example, if you are setting http://XYZ:8080/inform, then ping from AP to determine if XYZ is resolvable/reachable.
  • Or, using FQDN for the controller inform URL, http://FQDN:8080/inform
  • Troubleshooting - AP (with static IP) fails to connect to the L3 controller
    • when configured an AP from DHCP to static in the controller UI, make sure you have put the IP of DNS. If not, then the AP cannot contact DNS to resolve controller domain name.
    • if the AP has been reset (by pushing reset button), make sure that you have informed AP twice (using discovery utility) about the controller's location (this will be improved in the coming release 2.3.0)

DHCP Option 43


Back to Top

If using Ubiquiti's EdgeMax routers, then DHCP option 43 can be done by just entering the IP address of the UniFi controller in the "unifi" field on the dhcp-server. To use DHCP option 43 You'll need to configure your DHCP Server. For example:

Linux's ISC DHCP server: dhcpd.conf

# ...
option space ubnt;
option ubnt.unifi-address code 1 = ip-address;

class "ubnt" {
        match if substring (option vendor-class-identifier, 0, 4) = "ubnt";
        option vendor-class-identifier "ubnt";
        vendor-option-space ubnt;
}

subnet 10.10.10.0 netmask 255.255.255.0 {
        range 10.10.10.100 10.10.10.160;
        option ubnt.unifi-address 201.10.7.31;  ### UniFi Controller IP ###
        option routers 10.10.10.2;
        option broadcast-address 10.10.10.255;
        option domain-name-servers 168.95.1.1, 8.8.8.8;
        # ...
}

Cisco CLI

# assuming your UniFi is at 192.168.3.10
ip dhcp pool <pool name>
network <ip network> <netmask>
default-router <default-router IP address>
dns-server <dns server IP address>
option 43 hex 0104C0A8030A # 192.168.3.10 -> CO A8 03 0A

# Why 0104C0A8030A ?
#
# 01: suboption
# 04: length of the payload (must be 4)
# C0A8030A: 192.168.3.10

Mikrotik CLI

/ip dhcp-server option add code=43 name=unifi value=0x0104C0A8030A
/ip dhcp-server network set 0 dhcp-option=unifi

# Why 0104C0A8030A ?
#
# 01: suboption
# 04: length of the payload (must be 4)
# C0A8030A: 192.168.3.10

Cisco has a good write-up for DHCP option 43 setup.

To use IP of controller
  • You can also use the IP of the controller in the inform URL instead of the domain name.

SSH


Back to Top

If you can SSH into the AP, it's possible to do L3-adoption via CLI command:


User Notes & Tips

2. For configuring DHCP option 43 via Palo Alto Networks DHCP server. (Pan OS 7.1):