Introduction
Your controller will not be able to find your access points out of the box if they are on a different subnet. A simple way to tell your access points the controllers IP is via DHCP Option 43. In the following I will show you how to set this DHCP Option on a WatchGuard firewall and describe all necessary ports.
Configure DHCP Option 43
General Info
In my case I will configure the specified option on a WatchGuard firewall. Your steps may differ depending on used device/vendor, but the configuration values stay the same. Make sure that you have configured a DHCP range beforehand.
Configuration
On your WatchGuard Firewall the DHCP Options can be found under your interface/VLAN configuration:
Select Network -> DHCP Options -> Add
Code need to be set to 43.
DHCP Option Type needs to be set to Hexadecimal.
Value needs a specific prefix of 01:04. Followed by another : and your controllers ip address in hexadecimal notation.
192.168.100.10 would translate to c0a8640a. In this case you need to enter 01:04:c0:a8:64:0a as your Value.
Example
Name is not a required value and can be set to your liking.
Required Ports
For the controller to function correctly the following ports are required:
| Source | Destination | Port | Protocol | Description |
|---|---|---|---|---|
| AP | Controller | 3478 | UDP | STUN |
| AP | Controller | 5514 | UDP | Remote Syslog Capture |
| AP | Controller | 8080 | TCP | Device and Application Communication |
Optional ports depending on your configuration can be found here: help.ui.com
Conclusion
Use DHCP option 43 as a reliable solution to adopt your access points. If everything is configured correctly new access points will be shown as Pending Adoption on your Unifi controller’s web interface.