Blog.gowifi

Blog.gowifi

logos (other)

Logos

Go Wireless NZ

Follow by Email

Monday, February 10, 2014

UniFi: Having UAP's on a different subnet to the controller

Scenario:
Your wireless network at your site is on a different subnet to what your UniFi controller is going to be sitting on. This guide assumes that you have already set up your UniFi Controller.



Why you may do this:
If your organisation has a lot of users/traffic, it is recommended to segment these into different networks to decrease broadcast domains and increase network efficiency.

Background: 
UniFi access points sends out broadcast messages to look for their controller, these operate at a layer 2 level (OSI Model) and are only sent within the broadcast domain. Because our controller is sitting on a different subnet, broadcasts get stopped at the router and are unable to make it to the controller software. Thus the same in return for the controller software looking for the access points.


Method 1: 
If your network looks after its own DNS server, or you have the ability to set a custom DNS record on your network, then this method is for you. This will be the quickest method is you have lots of AP’s to setup.

Mikrotik:
Login to your Mikrotik router, and via CLI enter the following line: /ip dns static add name=unifi address=192.168.10.2

Windows Server:
Login to your Windows Server, in your start menu, go to Administrative Tools > DNS

Expand your DNS server name and go to Forward Lookup Zones. Select your DNS Zone for which your device will be sitting in & right click on it and select New Host (A or AAAA).

For the name, enter in “unifi” without the quotes, and for the IP address, put the address of your UniFi server. As per the network diagram, we’ll be putting in 192.168.10.2  


Method 2:
In this method you need to SSH on to each access point and statically point the AP at the controller. You’ll need to find out from your DHCP table what address your AP has.

Mikrotik:
Go to IP > DHCP-Server > Leases and you’ll be able to see all the devices that have an IP Address. To find which IP address your UniFi is, on the back on your physical UniFi product, there is a “MAC ID”, compare the last 12 numbers to the MAC address’s listed in the DHCP Table.

Windows Server:
Login to your Windows Server, in your start menu, go to Administrative Tools > DHCP Expand your DHCP domain and go to the scope for which you’ve got your UniFi’s plugged into. To find which IP address your UniFi is, on the back on your physical UniFi product, there is a “MAC ID”, compare the last 12 numbers to the Unique ID listed in the DHCP Table.

Once you’ve got the IP Address on your unit, use an SSH program such as putty to establish a connection to the AP.

If you’ve got a new out of the box unit, the default credentials are:
Username: ubnt
Password: ubnt

Once logged in, enter the following commands, and remember to replace 192.168.10.2 with the address of your controller
mca-cli
set-inform http://192.168.10.2:8080/inform
Then if you go to your controllers homepage and go to Access Points and you should see your access point in the list (you can verify this with checking IP Address you where connecting too).
Click Adopt next to the AP, and refresh the page until the AP comes back with a status of ‘Connected’ (It may need to upgrade the firmware on the AP)

Once it’s connected, you will need to re-SSH to the AP, in which it will now have the username/password credentials that are set by your controller.

If you don’t know this, the device login username and password can be found in the controller software. Go to the "Settings" panel > "Site" > "Device Password" on your UniFi controller. From there, you can also change auto-generated password to something easier to memorise.
Once, re-connected via SSH, issue the same commands again
mca-cli
set-inform http://192.168.10.2:8080/inform


Congratulations! You can close the SSH window and your AP is ready to use on your network.

2 comments:

  1. Congratulations for simple explaination!

    ReplyDelete
  2. I have a small home network with mikrotik hex router and one UAP-AC-LR. Router, AP and all wired devices are located on 192.168.88.xxx subnet and all wireless devices are located on 172.16.10.xxx subnet, the one AP broadcasts itself.



    The problem is that I can't access AP from 172.16.10.xxx subnet, neither with controller (AP listed as disabled) nor with SSH (connection times out). The AP IP is set as static for 192.168.88.2.



    If I connect to wired subnet I can SSH into AP fine. Also accessing router on the same subnet as AP (192.168.88.1) works via SSH from both subnets. A computer with openSSH at 192.168.88.254 can se accessed fine as well from 172 subnet.


    Can anyone tell why I can't access AP from the network it broadcasts?

    ReplyDelete