Your controller will not be able to find your access points out of the box if they are on a different subnet. A simple way to tell your access points the controllers IP is via DHCP Option 43. In the following I will show you how to set this DHCP Option on a WatchGuard firewall and describe all necessary ports.
Configure DHCP Option 43
In my case I will configure the specified option on a WatchGuard firewall. Your steps may differ depending on used device/vendor, but the configuration values stay the same. Make sure that you have configured a DHCP range beforehand.
On your WatchGuard Firewall the DHCP Options can be found under your interface/VLAN configuration:
Select Network -> DHCP Options -> Add
Code need to be set to 43.
DHCP Option Type needs to be set to Hexadecimal.
Value needs a specific prefix of 01:04. Followed by another : and your controllers ip address in hexadecimal notation.
192.168.100.10 would translate to c0a8640a. In this case you need to enter 01:04:c0:a8:64:0a as your Value.
Name is not a required value and can be set to your liking.
For the controller to function correctly the following ports are required:
|AP||Controller||5514||UDP||Remote Syslog Capture|
|AP||Controller||8080||TCP||Device and Application Communication|
Optional ports depending on your configuration can be found here: help.ui.com
Use DHCP option 43 as a reliable solution to adopt your access points. If everything is configured correctly new access points will be shown as Pending Adoption on your Unifi controller’s web interface.