Sep 14 2022
Configure Ubiquiti Access point Across Branch Office Tunnel 

UniFi – Device Adoption Methods for Remote UniFi Controllers 

Overview 

This article describes several different layer-3 methods for deploying UAPs. Our recommended methods are found below under the Chrome Web Browser and Mobile App sections. 

Table of Contents 

  1. Introduction 
  2. Initial Setup 
  3. Chrome Web Browser (recommended) 
  4. Mobile App (recommended) 
  5. Discovery Utility 
  6. DNS 
  7. DHCP Option 43 
  8. SSH 
  9. User Notes & Tips 
  10. Related Articles 

Introduction 

Back to Top 

In many deployments where it’s not possible/desired to have the UniFi Network Controller running on-premise, you can run the controller in the Cloud or your NOC. For example, for a large-scale project with many devices there are a few possible methods for adoption of devices: 

  • Take a laptop to the device’s site to perform adoption via Chrome Browser (easiest method). 
  • When you’re at the site, open a browser and navigate to Cloud: either the UniFi Cloud Access Portal or the UniFi Network Controller (when launched using Cloud). 
  • Create a virtual controller instance on Amazon EC2. Read this article on the subject. 
  • Either configure the DHCP server, DNS server or simply use the UniFi Discovery Utility to make all local access points (APs) inform back to the controller. 

Initial Setup 

Back to Top 

Please make sure you’re familiar with how a regular L2 adoption on UniFi works (where the devices and Controller are on the same L2 network) before attempting L3 (remote) adoption. Also, remember that in order to adopt, the following conditions must be true in order to have internet access and also have access to the router from within the network (locally): 

1. WAN port connected to the Internet. 
2. LAN port connected locally to access management features on the router (USG or third party). 

UniFi APs have a default inform URL http://unifi:8080/inform. Thus, the purpose of using DHCP option 43 or DNS is to allow the AP to know the IP of the Controller. 

Chrome Web Browser  

Back to Top 

After installing the Discovery tool plugin (freely available in Chrome Web Store) on a computer running Chrome browser, any locally-available, unmanaged UniFi Devices (i.e., same L2 network as your computer) will appear as “Pending Adoption” in the UniFi Cloud Access Portal as well as your UniFi Network Controller itself (in the Devices section in both cases). To access the Controller remotely Remote Access will have to be enabled. 

Via the UniFi Cloud Access Portal 

1. Go to https://unifi.ui.com/ and log in with your Ubiquiti SSO credentials. 

2. Go to the Devices section and locate the model with the Pending Adoption status. Click ADOPT. 

3. In the Adopt window that will appear, select the controller and the site that will be adopting the device and click Adopt. 

Via the UniFi Network Controller 

1. Launch the UniFi Network Controller, go to the Devices section, find the device that is to be adopted with the status “Pending Adoption” and click Adopt under Actions. 

Mobile App  

Back to Top 

1. After installing the UniFi Mobile App (freely available in iOS App Store & Android Play Store), launch the app, and tap Direct Access (in iOS, in Android you will see the Direct Access section on the screen once you launch the app, see images below). 

Image download failed.NOTE: Your mobile device must be connected to the same network as your devices, and must be able to access the controller directly (using HTTP). A public IP and/or port forwarding may be necessary. The inform port of the controller must be 8080. 

2. Select your Controller from the list, or tap the “+” button to log in and add your controller. 

iOS 9:12 Controllers Prague Office 5.11.3 All Systems Operational Controllers Devices Add Controller See More Account Android i 18:46 UlfiFje Discovered devices No devices found. Only devices without controller are shown Direct Access Taipei office tw.corp.ubnt.com Prague Alpha 10.43.21.39 Cloud Access There are no saved controllers Log in

3. For iOS: Once logged in to the Controller, tap More. There will be a Layer 3 Adoption option under Utilities. 

For Android: Tap the three-line “hamburger” menu and scroll down until you see L3 Adoption under Utilities. 

iOS 9:12 More Q 0 Insights Maps Events Alerts Hotspot Manager Settings UTILITIES Ping Wi-Fi Throughput Test Remote Adoption INFO, SUPPORT & FEEDBACK Ubiquiti Blog Dashboard Devices i Clients Statistics More Android Others Utilities Insights Events Alerts Settings i 18:46 SITES Ipha Site WLAN e g 8 2 o 5 Wi-Fi Throughput Test sec L3 Adoption Hotspot Manager Application Settings Info, Support & Feedback

3. Devices will be displayed on this screen. Tap on the device that is to be adopted and select Adopt

iOS 9:13 Remote Adoption O About Remote Adoption Here you can adopt devices to a controller that can't see your devices (e.g. if it's hosted in the cloud). The controller needs to be reachable remotely. x See More AP AC EDU 192.168.1.236 192.168.1.177 Adopt Device's inform URL will be set to: http://10.43.21.53:8080/inform Please note that inform URL has to be reachable from the device's network. Adopt Cancel Android L3 Adoption UniFi AP-AC-Lite UniFi Switch 8 POE-150W i 18:47 1h 55m 58s 42d 5h 43m

4. After a few seconds (15-30 seconds, times will vary) the device will appear under the Devices section, which will be accessible by clicking on the Devices icon on the bottom menu bar. 

Discovery Utility 

Back to Top 

This utility listens to the multicast/broadcast packets from UniFi APs and allows you to configure the AP to inform any URL you’d like. It is important to note that only APs in a default state or not in contact with any other controller will be displayed. 

UniFi Discovery utility is installed along with the UniFi Network Controller. 

  • On Windows, it’s in Start Menu > Ubiquiti UniFi >UniFi-Discover 
  • On Mac, /Applications/UniFi-Discover.app (or use Spotlight to find it) 
  • Run “java -jar <unifi_base>/lib/ace.jar discover” 

To perform L3 adoption with the Discovery utility: 

  1. Launch the Discovery Utility and wait until the device appears. If the device is not in a default state (new out of the box, or reset to its factory default settings), click “reset”, specify the SSH username/password and click “Apply”. 
  2. Click “manage”, modify the inform URL and leave the SSH username/password as ubnt/ubnt and click “Apply” 
  3. Open a browser to your UniFi Network Controller and you should see it is “Pending Approval”. 
  4. Click on “Adopt”. You’ll see it going to “Adopting” state, ignore it as it’ll eventually become “Adoption Failed” or “Disconnected”, which is why you go to step 6. 
  5. Perform step 3 again, there is no need to wait for step 5 to finish. 
  6. After a few moments, the devices will now be managed by the Controller and will appear as Connected. You may need to leave the Devices page and return to see this reflected on the screen. 

The option of the Ubiquiti Discovery Tool Chrome extension is also available, downloadable directly from Google Chrome here, or from our Ubiquiti download page

Image download failed.NOTE: If your L3 Controller is available over the WAN then you need to make sure the necessary ports are open at the Controller side (minimum port 8080 for inform). If you do not have a static IP then you may want to consider using a dynamic DNS service, and use the domain name instead of the IP for the inform address. If you’re using a USG then you can use the DDNS client that is available on that device itself. 

DNS 

Back to Top 

  • You’ll need to configure your DNS server to resolve ‘unifi’ to your Controller’s IP address. Make sure that the device can resolve Controller’s domain name. For example, if you are setting http://XYZ:8080/inform, then ping from the device to determine if XYZ is resolvable/reachable. 
  • Or, using FQDN for the Controller inform URL, http://FQDN:8080/inform 
  • Troubleshooting – device (with static IP) fails to connect to the L3 Controller 
    • When configuring a device from DHCP to static in the Controller UI, make sure you have put the IP of DNS. If not, then the device cannot contact DNS to resolve Controller domain name. 
    • If the device has been reset, make sure that you have informed the device twice (using the Discovery Utility) about the Controller’s location. 

DHCP Option 43 

Back to Top 

If using Ubiquiti’s EdgeMAX routers, then DHCP option 43 can be done by just entering the IP address of the UniFi Network Controller in the “unifi” field on the DHCP-server. 

Image download failed.NOTE: The UniFi Security Gateway (USG) will not use DHCP option 43 to add the UniFi Network Controller location when obtaining a DHCP lease on the WAN interface. 

To use DHCP option 43 you’ll need to configure your DHCP Server. We provide some third party examples below, but please refer to the manufacturer’s support documentation for up to date instructions. For example: 

Linux’s ISC DHCP server: dhcpd.conf 

# … 
option space ubnt; 
option ubnt.unifi-address code 1 = ip-address; 
 
class “ubnt” { 
        match if substring (option vendor-class-identifier, 0, 4) = “ubnt”; 
        option vendor-class-identifier “ubnt”; 
        vendor-option-space ubnt; 

 
subnet 10.10.10.0 netmask 255.255.255.0 { 
        range 10.10.10.100 10.10.10.160; 
        option ubnt.unifi-address 201.10.7.31;  ### UniFi Controller IP ### 
        option routers 10.10.10.2; 
        option broadcast-address 10.10.10.255; 
        option domain-name-servers 168.95.1.1, 8.8.8.8; 
        # … 

 

Cisco CLI 

# assuming your UniFi is at 192.168.3.10 
ip dhcp pool <pool name> 
network <ip network> <netmask> 
default-router <default-router IP address> 
dns-server <dns server IP address> 
option 43 hex 0104C0A8030A # 192.168.3.10 -> CO A8 03 0A 
 
# Why 0104C0A8030A ? 

# 01: suboption 
# 04: length of the payload (must be 4) 
# C0A8030A: 192.168.3.10 
 

Mikrotik CLI 

/ip dhcp-server option add code=43 name=unifi value=0x0104C0A8030A 
/ip dhcp-server network set 0 dhcp-option=unifi 
 
# Why 0104C0A8030A ? 

# 01: suboption 
# 04: length of the payload (must be 4) 
# C0A8030A: 192.168.3.10 
 

Image download failed.User Tip: Find more DHCP Option 43 instructions in the User Notes & Tips section.  

SSH 

Back to Top 

If you can SSH into the device, it’s possible to do L3 adoption via CLI command: 

1. Make sure the device is running updated firmware. See this guide: UniFi – Changing the Firmware of a UniFi Device. 

2. Make sure the device is in the factory default state. If it’s not, do: 

sudo syswrapper.sh restore-default 

3. SSH into the device and type the following and hit enter: 

set-inform http://ip-of-controller:8080/inform 

4. After issuing the set-inform, the UniFi device will show up for adoption in the Devices section of the controller. Once you click Adopt, the device will appear to go offline or have the status of “Adopting”. 

5. Once the device says it is Adopting or goes offline, whatever happens first, issue the command set-inform described in step 3 again. This will permanently save the inform address, and the device will start provisioning. 

Image download failed.IMPORTANT: The set-inform command must be issued twice as described in step 3 and step 5 above. Otherwise, the device will disconnect after appearing to adopt. 

User Notes & Tips 

Back to Top 

These notes have been added thanks to user collaboration. Have anything to contribute? Click on the Give Feedback button below! 

Windows Server DHCP Option 43 

Image download failed.User Tip: For Windows Server please see this external blog post. 

Using PFSense with DHCP Option 43 

Image download failed.NOTE: As in all our examples, we are using a sample IP address, you would input your own. 

1. Input your IP in https://www.browserling.com/tools/ip-to-hex 

2. Click Convert to Hex! 

3. Add 01:04 to the beginning of the converted IP, so it would look something like this: 

01:04:ac:10:21:04  

4. Insert this in the Value field. 

Using Palo Alto Networks with DHCP Option 43 (Pan OS 7.1) 

admin 0 Comments