Setup DHCP Options 43 for UniFi UAB AP's

[Adventech]

L3 (Layer 3) Management

Overview

In many deployments where it's not possible/desired to have controller running at the premise, you can run the controller in the cloud or your NOC.

Say we got an new project, we could
on amazon, create a Ubuntu controller instance on Amazon
configure/stage a few APs in our lab and customize the guest portals
when we're at the customer's site, open a browser to the cloud-based controller
either configure DHCP server, DNS server, or simply use the UniFi Discovery Utility to make all local APs inform back to the controller
on-going management/monitoring can be done anywhere and Amazon would provide us with great firewall configurations

Setup

Please make sure you're familiar with how UniFi works (e.g. where AP and Controller is in the same L2) before you attempting L3 Management. L3 management adds many moving parts in the mix (i.e. added complexity).

UniFi AP has a default inform URL http://unifi:8080/inform. Thus, the purpose of using DHCP option 43 or DNS is to allow the AP to know the IP of the controller.

To use DHCP Option 43

To use DHCP Option 43 You'll need to configure your DHCP Server. For example:

Linux's ISC DHCP server: dhcpd.conf
# ...
option space ubnt;
option ubnt.unifi-address code 1 = ip-address;

class "ubnt" {
        match if substring (option vendor-class-identifier, 0, 4) = "ubnt";
        option vendor-class-identifier "ubnt";
        vendor-option-space ubnt;
}

subnet 10.10.10.0 netmask 255.255.255.0 {
        range 10.10.10.100 10.10.10.160;
        option ubnt.unifi-address 201.10.7.31;  ### UniFi Controller IP ###
        option routers 10.10.10.2;
        option broadcast-address 10.10.10.255;
        option domain-name-servers 168.95.1.1, 8.8.8.8;
        # ...
}

Cisco CLI
# assuming your UniFi is at 192.168.3.10
ip dhcp pool <pool name>
network <ip network> <netmask>
default-router <default-router IP address>
dns-server <dns server IP address>
option 43 hex 0104C0A8030A # 192.168.3.10 -> CO A8 03 0A

# Why 0104C0A8030A ?
#
# 01: suboption
# 04: length of the payload (must be 4)
# C0A8030A: 192.168.3.10

NOTE: IP Must Be in HEX
http://www.silisoftware.com/tools/ipconverter.php

Mikrotik CLI (from rclewis)
/ip dhcp-server option add code=43 name=unifi value=0x0104C0A8030A
/ip dhcp-server network set 0 dhcp-option=unifi

# Why 0104C0A8030A ?
#
# 01: suboption
# 04: length of the payload (must be 4)
# C0A8030A: 192.168.3.10

Cisco has a good write-up for DHCP option 43 setup.
http://www.cisco.com/en/US/docs/wireless/access_point/1500/installation/guide/1500_axg.pdf
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtml

To use IP of controller
You can also use the IP of the controller in the inform URL instead of the domain name.

To use DNS
You'll need to configure your DNS server to resolve 'unifi' to your controller's IP address. Make sure that AP can resolve controller's domain name. For example, if you are setting http://XYZ:8080/inform, then ping from AP to determine if XYZ is resolvable/reachable.
Or, using FQDN for the controller inform URL, http://FQDN:8080/inform
Troubleshooting - AP (with static IP) fails to connect to the L3 controller when configured an AP from DHCP to static in the controller UI, make sure you have put the IP of DNS. If not, then the AP cannot contact DNS to resolve controller domain name.
if the AP has been reset (by pushing reset button), make sure that you have informed AP twice (using discovery utility) about the controller's location (this will be improved in the coming release 2.3.0)





To use UniFi Discovery Utility

Not many environments can have a DHCP server that's configurable, even less likely with a DNS server.

That's where UniFi Discovery Utility comes in. It listens to the multicast/broadcast packets from UniFi APs and allow you to tell the AP to inform any URL you'd like. (only APs in default state or not in contact with any controller will be displayed)

UniFi Discovery utility is installed along with your UniFi controller.
On Windows, it's in Start Menu->Ubiquiti UniFi->UniFi-Discover
On Mac, /Applications/UniFi-Discover.app (or use Spotlight to find it)
run "java -jar <unifi_base>/lib/ace.jar discover"

To perform L3 adoption with the discovery utility:
1. wait until the AP shows up
2. if the AP is not in default state. click "reset", specify the SSH username/password and click "Apply"
3. click on "manage", modify the inform URL and leave the SSH username/password as ubnt/ubnt and click "Apply"
4. open a browser to your remote UniFi controller and you should see it being "Pending Approval"
5. Click on "approve". You'll see it going to "Adopting" state, ignore it as it'll eventually become "Adoption Failed" or "Disconnected"
6. perform [3] again (no need to wait for [5] to finish)
7. AP is now managed by the controller

Discovery Utility works with APs with firmware 1.2.3 and 1.3.2 as well. Once adopted by the 2.0 Controller, it will upgrade these units automatically.




To use SSH

If you can SSH into the AP, it's possible to do L3-adoption via a under-construction CLI command:
# 1. make sure the AP is running the latest (or 2.1.0+)
#    if it's not, do
#    syswrapper.sh upgrade http://ip-of-controller:8080/dl/firmware/BZ2/version-of-ap-see-ref-table-below/firmware.bin
# 2. make sure the AP is in factory default state
#    if it's not, do
#    syswrapper.sh restore-default
# 3. ssh into the device and type
mca-cli
# the CLI interface:
set-inform http://ip-of-controller:8080/inform

Controller Version
AP Upgrade URL
2.3.8
http://ip-of-controller:8080/dl/firmware/BZ2/2.3.8.1597/firmware.bin
2.2.5
http://ip-of-controller:8080/dl/firmware/BZ2/2.2.5.1080/firmware.bin
2.2.4
http://ip-of-controller:8080/dl/firmware/BZ2/2.2.4.1072/firmware.bin
2.2.3
http://ip-of-controller:8080/dl/firmware/BZ2/2.2.3.1055/firmware.bin
2.2.2
http://ip-of-controller:8080/dl/firmware/BZ2/2.2.2.1049/firmware.bin
2.2.1
http://ip-of-controller:8080/dl/firmware/BZ2/2.2.1.1045/firmware.bin
2.2.0
http://ip-of-controller:8080/dl/firmware/BZ2/2.2.0.996/firmware.bin
2.1.0
http://ip-of-controller:8080/dl/firmware/BZ2/2.1.0.942/firmware.bin