Ubiquiti Unifi - Enterprise Wifi Solutions

Ubiquiti Unifi - L2 and L3 adoption explained

Overview

This article is written by Server Management Inc. IT systems administrator Timo Puistaja - 16.03.12.2017, Tartu, Estonia.

Need help configuring your device? Contact us info@serman.ee

We are going to explain how Unifi AP/switch adoption on Layer2 and Layer3 works, but first let´s make clear what the those Layers mean.

Terminology:

Layer2 (L2) adoption: We adopt Unifi AP/switch to a Controller in the same subnet for example your "mask:/24" LAN.

Layer3 (L3) adoption: We adopt Unifi AP/switch etc. to a Controller that is situated somewhere far away - for eg. AP is in Germany but the Controller for that AP is in Poland.

The Layers come from OSI (Open System Interconnection) model. This is used to visualize computer networks. We will focus on the "Network Layers" and especially on Layer2 and Layer3 for Unifi adoption methods.

Unifi Controller: a webpage/software to centralize and manage all your wifi devices no matter where they are located. You can install Controller software to your own PC, but when it comes to larger networks its recommended to install it on any Windows/Linux server in your enviroment or buy a Unifi CloudKey (CK) that has Controller already installed on it. You can think of Unifi CloudKey as a little PC/server just for serving the Controller function for your AP´s. I wrote an article about setting up the crentralized CK Controller with my own certificates - it´s HERE.


As you can see Layer1 is Physical - it is the Layer where different physical devices (ethernet/wireless card and switches or routers) are connected.

First layer of usable data flows is Layer2 - this Layer can be explained as the Layer of your LAN network in our case.

Layer3 is the layer where different subnets and networks are connected together and thats why its called L3 adoption for Unifis - AP and Controller are in the different subnet.

Layer 2 (L2) adoption

L2 adoption is very staightforward. Lets assume you are in your home/office that has LAN subnet 192.168.0.0/24.

Your PC IP is: 192.168.0.10 and you have downloaded and istalled Unifi Controller software from unifi Download page.

Now you connect your new AP to local network and DHCP server gives out an IP to your AP - for example 192.168.0.20.

All you have to do now is to log into the Controller panel from your web browser and you can see your AP in the Devices menu and Adopt it - that it - L2 Adoption done.

I strongly recommend installing Controller software to any servers you already have - so you wont be messing around later with the reinstalls/resets with all the Unifi products OR buy CloudKey its only about ~100USD.

Here a little picture showing your how it works:


Layer 3 (L3) adoption

L3 adoption means that you have Controller and AP in the different subnet OR in the different county/city/building.

For L3 adoption you need access to your router/firewall and should have public static IP from your ISP.

Most of the configurations need to be done at the office where Controller is located.

Install the Controller to any server or buy CloudKey and set it up. Give it a static local ip - in my example it´s 192.168.0.10

Now we need to make our controller webpage and set-inform features accessible from all over the world.

In this example we have static public IP 88.90.150.120, so you need to log in to your router and make port forwards as follows:

  • 88.90.150.120:8080 forward to 192.168.0.10:8080
  • 88.90.150.120:8443 forward to 192.168.0.10:8443

In addition if you have access to the Domain registar panel you can set up A record to your public IP, for eg.:

unifi.mydomain.com POINTS TO 88.90.150.120

So later you dont need to type in the IP - you can just use the name instead.

By default, the UniFi Controller will operate on the following ports:

  • unifi.http.port=8080 (port for UAP to inform controller)
  • unifi.https.port=8443 (port for controller GUI / API, as seen in web browser)

Note: You might neet to open up ports 8080 and 8443 in your firewall to make incoming request to access next (forward) rules.

When you have done that your Controller is accessible from anywhere in the world - also the webpage.

You are ready to do some L3 adoption, these are the steps to inform your AP´s where the Controller is:

You need LAN access to your AP and SSH (Putty is a Windows tool to do that) into the AP - default username and password are ubnt / ubnt.

Type in the following commands in the commandline of AP:

  1. #mca-cli - access the set-inform panel on AP
  2. #set-inform http://88.90.150.120:8080/inform (or #set-inform http://unifi.mydomain.com:8080/inform)
  3. Open the Controller and go to Devices panel - click Adopt on the new device
  4. Head back to AP command line and gice the command: #set-inform http://88.90.150.120:8080/inform (or #set-inform http://unifi.mydomain.com:8080/inform)
  5. Check from Controller is the device is Adopted

Thats it - your L3 adoption is done, you can add as many devices as you like no matter where they are located.

Here is a simple picture to overview everything explained above:

For the next step is to make sure port forwards are done correctly; DNS works; add your verified certificates to controller - its all here.


Was this article helpful?
0 0 (Login to rate)
Download PDF

Password Reset

Enter your email address below, and we'll send you a new password.

×