UniFi - Communication Protocol Between Controller and UAP


Overview


This article describes the process behind the discovery and adoption of a UniFi Access Point by the UniFi Controller. This process happens seamlessly for the user when following the products' Quick Start Guide and UniFi User Guide (both found separated per product line and device model in the Downloads page).


Table of Contents


  1. Introduction
  2. Pre-Adoption Communication
  3. Post-Adoption Communication

Introduction


Back to Top

UniFi Access Point (UAP) discovery is done with L2 multicast/broadcast in order for the UniFi Controller to "see" it. The adoption is done by the Controller SSHing into the UAP, to tell the UAP where the it is. After that, interaction is limited to the UAP "calling home" to perform tasks the Controller is asking it to do. All the UAP-Controller management traffic goes untagged.

The Controller manages the AP using a proprietary TR-069-like management protocol. The main idea, for scalability, is for the AP to "call home" periodically via L3. And to support instant notifications from controller to AP, STUN is also used. The protocol is encrypted and does not rely on TLS for integrity.

In basic terms, the process is as follows:

  1. By default, AP discovery occurs via Layer-2 broadcast traffic in order for a local Controller to see it. 
  2. Once discovered, the adoption takes place via SSH, whereby the Controller tells the AP where it’s located on the network. (Layer-3 is possible too)
  3. After that, the AP will be “calling home” to perform tasks that the Controller asks it to do.
NOTE: All the AP-controller management traffic goes untagged. The design has L3-management in mind where you can set up a Controller in the cloud or off-premise.

Pre-Adoption Communication


Back to Top

There's an initial handshake that needs to occur between UAP beaconing and Controller.

  1. When an AP is in factory default state (see UniFi - LED Color Patterns in UniFi Devices for more), it will obtain an IP from the DHCP server and send out beacons: "I'm at factory default settings. Who can manage me?"
  2. Controller hears the beacon. As this device is in a default state, it will show the AP as "pending adoption".
  3. When the user decides to adopt the AP, the Controller will adopt the AP via SSH (using the IP information in the beacon and the default username/password).
  4. The UAP sends initial inform to http://controller_ip:8080/inform, and the binding of Controller and UAP will be complete.

Post-Adoption Communication


Back to Top

After the UniFi device is adopted, communication changes slightly.

  • When a UniFi device has been adopted, but the controller is not present, the UAP sends a slightly different beacon: "I'm here. When you (the controller) are up/ready, come pick me up."
  • When the original Controller comes up, it picks up on the device beacon and finds that the device is already adopted. It will readopt the AP automatically via SSH (using the IP information in the beacon and with the non-default credentials).

We're sorry to hear that!