Tom Davison
UniFi Switches

Configuring PFSense for UniFi DHCP Discovery

Posted on by Tom Davison

There are several ways for adopting your UniFi devices by your UniFi Controller when the software is running in a different subnet.

This is especially true if you are running the UniFi Controller software as a docker container in bridge mode; it’ll be using a virtual network which counts as a second subnet even though it appears to be native on the server’s host IP. (This is how I have it setup).

Thought Process

The following methods are supported to get your devices adopted:

  • SSH to each device and use the “set-inform” command.
    • This seems a little inefficient to me – especially if you’ve got more than 1 device to onboard
    • You need to know the IP address of the device (for example finding it in a list of DHCP leases)
    • Sample command:

set-inform http://ip.of.the.controller:8080/inform

  • Next option would be the creation of a DNS entry
    • The entry would be an A record set as “unifi” and the “routable” (eg; non-docker internal) IP address of the controller
    • This would be my second favourite option, but it’s not quite as elegant as the DHCP method as I don’t want to have this entry set across my whole network, rather than just the specific VLAN that I have my management interfaces for my UniFi hardware.
      • I know I you can set VLAN specific DNS responses, but this is really overkill for my home lab.
  • Final option and my preferred setup is adding the option to DHCP as it is neatly only configured in my management VLAN, and provides a small amount of security (by obscurity) for the controller (alongside appropriate firewall rules implemented on PFSense).

Instructions

  1. Log into your PFSense management interface, and head to “Services” on the top menu, then select “DHCP Server”. (No, I’m not using IPv6, let’s save that discussion for another time)
Image showing Services drop down in pfsense, highlighting the DHCP server option.
  1. Within the DHCP Server screen, select your management VLAN that your UniFi devices are connected to (this is the untagged/native VLAN on connection to the access points).
Screenshot showing the PFSence Interface and the different DHCP VLANs
  1. Head down to bottom of the page and you’ll need to add a new option.
  2. Set the following configurations
    • Option Number: 43
    • Type: String
    • Value needs to be the IP address of your controller in HEX with “01:04:” preceeding it.

Let’s work through an example; If the IP address for your controller was 192.168.1.150, you’d get the HEX result of C0A80196. Split that up into 2 digit blocks; C0:A8:01:96.
Here are two sample sites to do the convertion: miniwebtool.com or onlinehextools.com
Then finally add the “01:04:” preface, you get 01:04:C0:A8:01:96.

Screenshot showing the PFSence Interface and the aditional DHCP Options.
  1. Save those settings and you should be good to go!

Final top tip; is to ensure that you have appropriate IP rules to allow your management subnet to talk to your UniFi controller. If it’s not working, remember they could be both in PFSense and in your docker host or controller instance.

DISCLAIMER

Leave a Reply