Skip to main content

UNIFI - CÁCH SET ACCESS POINT VÀ CONTROLLER KẾT NỐI KHÁC SUBNET

Nguồn: https://digitalmccullough.com/posts/adopting-remote-unifi-devices-with-windows-server-dhcp.html


Introduction

UniFi Access Points (APs) and other devices are fantastic, but can be difficult to adopt from a UniFi Controller if they never show up. Many different DHCP servers can be configured to tell the devices where the Controller is. You can learn to configure several DHCP servers here but, to my knowledge, no one has yet written a tutorial on how to do this with Windows DHCP Server. This article aims to teach you just how to do that.
Cisco's document on setting up DHCP option 43 for their branded devices was invaluable to my understanding. Similarly, Ubiquiti's own document on the adoption of remote devices by a UniFi Controller provided the rest of the information I needed. Armed with these two articles I set about experimenting, and ended up successfully adopting devices on a separate network from the controller.

Prerequisites

This article assumes these to be true:
  • You have a working network with two separate subnets
  • A Windows Server handles all DHCP requests for the networks
  • You are not using the router's built in DHCP server
  • There is a UniFi AP (or other UniFi device) on a separate subnet from the UniFi Controller
If you have not met these prerequisites, this will not likely work for you. Setting up these requirements is beyond the scope of this article, but YouTube has a ton of videos on how to set these devices up in any fashion you wish.

The Weeds

Understanding Things

Let's get into the nitty and the gritty. The first thing to understand is some terminology. There is a fancy text string called a Vendor Class Identifier (VCI), which some network devices transmit as part of their DHCP request, in option 60. When the DHCP server receives a request that contains an option 60, it reads the VCI and checks against its defined Vendor Classes to see if that VCI exists in its database.
Assuming the Vendor Class exists, the DHCP server will add all vendor specific scope options for the specified VCI to the generic options it's already sending. These vendor specific suboptions will be combined into a single Option 43 when sent to the requestor.
Three common options a DHCP server generally sends along with an IP address are:
OptionNameVendor
003RouterStandard
006DNS ServerStandard
015DNS Domain NameStandard
When it detects a VCI for which it has a defined class, the DHCP server will also add any scope-assigned options from that class. For instance, when an option 60 VCI of ubnt was sent with a DHCP request, a Ubiquiti class might also send:
OptionNameVendor
001UniFi ControllerUbiquiti
This additional option would bring the entire set of options to this:
OptionNameVendor
003RouterStandard
006DNS ServerStandard
015DNS Domain NameStandard
001UniFi ControllerUbiquiti
All these options, in addtion to an IP address, would be sent to the device that originally include an option 60 value of ubnt in its DHCP request. In fact, this is exactly what we're going to make the Windows DHCP server do.

Windows DHCP Server Configuration

Open up the DHCP control panel. In Windows Server 2012 and higher, do this from Server Manager by clicking Tools, then DHCP.

Right click on the IPV4 node just below your server name, and choose Define Vendor Classes. You will be presented with this fancy screen.

Add a new vendor class by clicking the Add button. In the New Class window, enter a Display Name (I suggest Ubiquiti) and an optionally enter a description. In the ASCII portion of the lowest box type the letters ubnt. Make sure there's nothing else, to include white space, in that box. The whole line should read 0000 75 62 6E 74 ubnt as in the screenshot. Click OK, then Close to close both windows.

Right click the IPV4 node again and choose Set Predefined Options from the context menu. In the Predefined Options and Values window, choose your new Ubiquiti class from the top dropdown, and click the Add button to create a new option.

In the Option Type window, enter UniFi Controller, or some similar name, into the Name box, choose Binary in the Data type dropdown, and enter 1 in the Code box. I chose to write "IP as HEX in the BINARY section: 0a 0a 0a 02" in the Description box to remind myself how to enter the controller's IP address later. Click OK, then OK again to accept and close both windows.

We have now defined both the Ubiquiti vendor class and a predefined option in that class that we can use to point our devices at our UniFi Controller, no matter what subnet they're on.
For each subnet that contains UniFi devices, we must now add our newly created option to the Scope Options. Begin by right clicking the Scope Options node under one of your Scopes, and choosing Configure Options. Click the Advanced tab and choose Ubiquiti under Vendor Class dropdown.
There's only one option, so that's obviously the one we want. Make sure it's checked, and then erase the default value in the Binary section.

We now need to do a little math. The IP address of your UniFi Controller must be converted from decimal to hexadecimal. Windows 8.1 and later (at least) makes this extraordinarily easy with the built in calculator.
Open the windows calculator and go to Programmer mode. Ensure DEC mode is selected and type in the first octet of your UniFi Controller's IP, then see the HEX value displayed. Windows displays the value as a single digit when possible, but when entering it in hexadecimal, it must be 2 digits. Prepend a 0 to any single-digit hex values you get. For example, 10 converts to A, so you would prepend a 0 and get 0A for your hexadecimal octet.

Repeat this for each octet in your IP address, writing down each hex value.
Note: If you are using the older version of calculator (before the Windows Universal Apps version), you may need to click the HEX radio button to see it converted.
Once you have all the hexadecimal octets, you need to enter them into the Binary section of the Data Entry box. Just type the numbers in the order of the octets. An IP of 10.10.10.2, for instance, would be entered as 0A 0A 0A 02. Click OK to close the Scope Options window.

Reboot your APs and watch them magically appear in your UniFi Controller.

Conclusion

Getting your UniFi devices working with a controller on another network can be a bit of a challenge. All the tools needed already exist in one form or another, however, and with just a little research and guidance it shouldn't be too difficult to get yours set up. The bonus to using this method, from what I understand, is that the Ubiquiti Option 43 we created in this tutorial will not be offered unless it's requested via option 60.

Comments

Post a Comment

Popular posts from this blog

[RAID] SWITCH FROM AHCI TO RAID WITH INTEL C600 CONTROLLER

I personally have used other ways to do this. Manipulating some registry settings in combination with a safe boot before booting normally does the trick as well. This works with both SATA SSD and M.2 NVMe drives and it enables relatively fast switching between back and forth between AHCI and RAID. I have described this method below.  I have also tried the same process used to switch from RAD to AHCI and that works as well. Switch to safe boot Reboot into BIOS Change from AHCI to RAID in the BIOS Boot into safe mode Turn off safe mode and reboot normally again Nothing else and that also did the trick, just like with moving from RAID to AHCI.  So the link above and my step by step below is here for completeness. You have options in case one of them doesn’t work! Step by step AHCI to RAID registry method This procedure I describe below works on Windows 10 1803/1809 and has been tested on Dell Latitude E6220 an XPS 13 9360. Editing the registry is...
Post a Comment
Read more

[Hyper-V] - Lỗi không boot vào được sau khi convert máy vật lý sang máy ảo

XỬ LÝ LỖI KHÔNG BOOT ĐƯỢC VÀO MÁY ẢO SAU KHI CONVERT TỪ MÁY VẬT LÝ BẰNG DISK2VHD Sau khi convert server vật lý sang file VHD để import vào Hyper thì khi start máy ảo lên màn hình máy ảo chỉ nhấp nháy con trỏ chuột trên màn hình đen (blinking cursor) NGUYÊN NHÂN Do máy vật lý sử dụng ổ đĩa cài OS được format theo chuẩn GPT (thay vì MBR như truyền thống, tham khảo GPT và MBR ) XỬ LÝ Bước 1: chuyển ổ GPT thành MBR Copy file VHD của ổ đĩa chứa OS về 1 máy tính Windows 8 trở lên Trên máy Windows 8+ click phải chuột lên file VHD vừa copy, chọn lệnh Mount . Lúc này dùng 1 phần mềm miễn phí (vd: Mini Partition Wizard ) để convert ổ đĩa vừa mount từ GPT  -> MBR Sau đó Delete phần Partition dư ra ở phần đầu ổ đĩa được mount (khoảng vài trăm MB) Set " Active " cho ổ đĩa này để là ổ đĩa boot OS Nhấn Apply để phần mềm thực thi tác vụ Sau khi phần mềm làm xong, tắt phần mềm Mini Partition Wizard, vào My Computer chọn eject ổ đĩa đang mount . Copy file VHD vừa đư...
Post a Comment
Read more

LỖI "The provided partition "Migration...." is not a valid Migration mailbox"

  Solution for a valid Migration mailbox could not be found for this organization To address this issue, we will: Delete Migration mailbox in Active Directory Users and Computers Recreate Migration mailbox with /PrepareAD command Enable Migration mailbox with Exchange Management Shell 1. Delete Migration mailbox in Active Directory Users and Computers We do see the mailbox in ADUC, let’s remove it. If you don’t see it, search for it. It might be in a different container than the default container  Users . We can always verify in Exchange Management Shell if the Migration mailbox is present. If it shows up in the output, it means that it’s present and enabled. The output should be empty. [PS] C:\> Set - ADServerSettings - ViewEntireForest $true ; Get - Mailbox - Identity "Migration.8f3e7716-2011-43e4-96b1-aba62d229136" - Arbitration | Format-Table Name , ServerName , Database , AdminDisplayVersion , ProhibitSendQuota Copy 2. Recreate Migration mailbox with /Prepare...
Post a Comment
Read more