Use DHCP Option 43 for Unifi Accesspoint Provisioning

Introduction

Your controller will not be able to find your access points out of the box if they are on a different subnet. A simple way to tell your access points the controllers IP is via DHCP Option 43. In the following I will show you how to set this DHCP Option on a WatchGuard firewall and describe all necessary ports.


Configure DHCP Option 43

General Info

In my case I will configure the specified option on a WatchGuard firewall. Your steps may differ depending on used device/vendor, but the configuration values stay the same. Make sure that you have configured a DHCP range beforehand.

Configuration

On your WatchGuard Firewall the DHCP Options can be found under your interface/VLAN configuration:
Select Network -> DHCP Options -> Add

Code need to be set to 43.
DHCP Option Type needs to be set to Hexadecimal.
Value needs a specific prefix of 01:04. Followed by another : and your controllers ip address in hexadecimal notation.
192.168.100.10 would translate to c0a8640a. In this case you need to enter 01:04:c0:a8:64:0a as your Value.

Example

WatchGuard DHCP Option

Name is not a required value and can be set to your liking.


Required Ports

For the controller to function correctly the following ports are required:

Source Destination Port Protocol Description
AP Controller 3478 UDP STUN
AP Controller 5514 UDP Remote Syslog Capture
AP Controller 8080 TCP Device and Application Communication

Optional ports depending on your configuration can be found here: help.ui.com


Conclusion

Use DHCP option 43 as a reliable solution to adopt your access points. If everything is configured correctly new access points will be shown as Pending Adoption on your Unifi controller’s web interface.