Reply
Emerging Member
Posts: 49
Registered: ‎01-05-2015
Kudos: 3

Can Not Set LAN IP for UAP Pro

Using the Controller in Win10, and no matter what I do or how I wave my arms I can not set the correct IP in this AP.  In the right config panel it is correct at .42, but in the main display it stubbornly shows alternately .49 and 192.168.1.20.

 

Also it never Adopts.  I guess that means adopting to the Controller software.  It tries twice and then gives up.  No idea what this is about.

snap1.jpg
Regular Member
Posts: 561
Registered: ‎07-25-2015
Kudos: 81
Solutions: 26

Re: Can Not Set LAN IP for UAP Pro

[ Edited ]

Your own network is also having an issue?
Can you dissable " Wireless uplink" under controller settings?
Try, disabling antivirus./Firewall setting during configuration....


Is your Gateway also doing DNS, try that as setting
Maybe an external DNS like 8.8.8.8
Cheers,

Mike

If the feedback solved your problem or question. Please mark it as solved. If it is worth some Kudo’s don’t forget to give some :-)
Highlighted
Established Member
Posts: 1,213
Registered: ‎03-31-2017
Kudos: 387
Solutions: 130

Re: Can Not Set LAN IP for UAP Pro

make sure your firewall on windows is allowing the controller ports;

 

https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used

 

Emerging Member
Posts: 49
Registered: ‎01-05-2015
Kudos: 3

Re: Can Not Set LAN IP for UAP Pro

The rest of the LAN is fine.  The Unifi was working fine and I had my laptop connected to it.  But the Unifi was at 192.168.111.49 when it should be .42, so like a smartass I tried to fix that.

 

Started Controller in Windows which is in a VirtualBox VM, then Devices and clicked on the AP.  The right panel flew out, I went to Config|Network and set the IP, Queue, and Apply.  Then I lost my wifi.

 

Connected the laptop to a hardwire and tried and tried jimmying with it.  it pretends to set the IP but it's never correct in the status.

 

It may be that Windows Firewall is blocking ports, but I've run CentOS for 22 years and don't really know how to fix that.

Regular Member
Posts: 561
Registered: ‎07-25-2015
Kudos: 81
Solutions: 26

Re: Can Not Set LAN IP for UAP Pro

Why not reset AP to Default and retry config?

Cheers,

Mike
If the feedback solved your problem or question. Please mark it as solved. If it is worth some Kudo’s don’t forget to give some :-)
Emerging Member
Posts: 49
Registered: ‎01-05-2015
Kudos: 3

Re: Can Not Set LAN IP for UAP Pro

[ Edited ]

Ok this explains alot.  I deleted the existing AP, and now the Controller can not discover the existing AP.

 

I then upgraded the Controller to today's current one, and there is still no AP.  I also did a hard reset on the AP so it's back to factory defaults.

 

I can't find in the docs how to make it search for the AP nor how to specify settings.  Maybe it's supposed to come up with the AP by kismet.

 

I checked Windows Defender firewall and it seems to have Unifi DB Server set to Public, so hopefully it's allowing it out.

Established Member
Posts: 1,741
Registered: ‎10-26-2013
Kudos: 396
Solutions: 84

Re: Can Not Set LAN IP for UAP Pro

I always use DHCP reservations on my whatevere device is my DHCP server (a Windows server or a firewall/router) to give out the desired IP to any APs. That way, even a factory-reset AP comes up and gets the desired IP address.

 

Do you have a local DNS server on your LAN? If so, create an entry called "unifi" and give it the IP address of your controller. A defaulted or new AP will look for "unifi" first, get that IP, and then phone home to the controller and show awaiting adoption.

Gregg

Established Member
Posts: 1,741
Registered: ‎10-26-2013
Kudos: 396
Solutions: 84

Re: Can Not Set LAN IP for UAP Pro

If the Windows firewall thinks your network connection is Public, it will block all inbound packets by default. If that controller is on your LAN, it should have its network connect set as Private, and then make sure that ports 3478 UDP and 8080 TCP are allowed into the controller.

 

Gregg

Emerging Member
Posts: 49
Registered: ‎01-05-2015
Kudos: 3

Re: Can Not Set LAN IP for UAP Pro

[ Edited ]

I've always avoided DHCP because a rogue system could join and be merrily given an IP.  Turn on MAC filtering;  MACs can be spoofed.  DHCP with assigned addresses is tempting but I am very security-conscious.

 

I'm presuming that the AP has fallen back to 192.168.1.20, but for some reason Controller can't find it.

 

So Public blocks all incoming.  Does Private block all both ways?  I'll try to figure out how to open those ports incoming;  sounds like the AP is sending out multicasts trying to find a Controller?

 

Edit: Well I've checked the "Unifi DB Server", and it's just the Mongo daemon.  There is no other daemon in Defender that seems to have anything to do with the Unifi.  I've enabled 3478/udp and 8080/tcp incoming, and rebooted, but no change.

Established Member
Posts: 1,741
Registered: ‎10-26-2013
Kudos: 396
Solutions: 84

Re: Can Not Set LAN IP for UAP Pro

If the AP has fallen back to 192.168.1.20, it would have to know where to look if it were to show up in the controller on its own. That's what "unifi" in a local DNS server provides...it tells the AP where to try to connect.

 

If you can ping "unifi" on your network and get the IP of the controller, then the AP knows where to look, BUT the controller needs to have the Windows firewall off (and any AV firewall, etc., off) and the 3478 and 8080 ports open inbound. A Windows network that is Private will have SOME ports inbound open, but not the ones needed.

 

Alternately, one can use the Discovery utility to find the AP, or connect a laptop to the same switch, set it to an unused IP on that same 192.168.1.0 subnet as the AP, SSH into the AP, and use a set-inform statement to tell it where to find the controller.

 

Gregg

Emerging Member
Posts: 49
Registered: ‎01-05-2015
Kudos: 3

Re: Can Not Set LAN IP for UAP Pro

[ Edited ]

Indeed I can ping 192.168.1.20 from machines in the LAN, so that's where the Unifi landed.  There doesn't seem to be any way to direct the Controller to where the Unifi actually is when the Controller can't find it.  Why doesn't it know about 192.168.1.20?  What were they thinking?

 

The Discovery tool has been searching diligently for 40 minutes now --  for some reason it is oblivious to where the default might be...  {der}

 

Port 8080/tcp is open in and out, and 3478/udp is open, in.

 

Windows doesn't seem to have any logging of firewall DROPs or BOUNCEs.  Even the Security log is silent about the firewall.  pff

 

Looks like I've really screwed myself.  I could be doing this alot more directly (ie not in a virtual machine, and in an OS I know), but there's only a Debian version of Controller, which is not amenible to conversion to RHEL.

 

Edit: I've turned on a DHCP server and immediately something snagged an address.  192.168.1.20 is now gone and I can ping 192.168.111.102, so I presume that's now the Unifi.  But I can't SSH in to it anymore since the reset.  There is no evidence in the docs of a default password.

New Member
Posts: 11
Registered: ‎01-04-2018
Kudos: 1
Solutions: 1

Re: Can Not Set LAN IP for UAP Pro

Your controller and AP are in the same subnet? 1.20 is a self assigned address because of no response from DHCP.

 

What way is your AP and computer running the controller connected to the network?

Emerging Member
Posts: 49
Registered: ‎01-05-2015
Kudos: 3

Re: Can Not Set LAN IP for UAP Pro

The AP is doing its own factory-default thing.

 

The Controller is running in a Win10 VM which network interface is bridged over the host directly to the LAN.  The Win NIC has its own LAN IP (192.168.111.13) and a second IP added for the benefit of the Unifi. (192.168.1.5) 

 

So one or the other would work, in a rational world.

Established Member
Posts: 1,741
Registered: ‎10-26-2013
Kudos: 396
Solutions: 84

Re: Can Not Set LAN IP for UAP Pro

[ Edited ]

"Why doesn't it know about 192.168.1.20? What were they thinking?"

 

They likely were thinking correctly that it wouldn't do much good because millions of people don't use 192.168.1.0 subnets. It would be useless on all networks I run.

You need to understand that the controller does not go looking for APs to adopt...it's the other way around. The APs look at their default set-inform URL which points to "unifi" on port 8080, then the APs go looking for a controller, notifying the controller of their existence and showing up as pending adoption. They also broadcast so that the Discovery utility can find them.

If you have "unifi" in local DNS or in your DHCP server's DHCP Option 43 and it points to your controller's IP, then a new or factory-reset AP will know how to find the controller due to the deafult set-inform URL. If you have the controller reachable, e.g., no firewals interfere and it's on the same LAN or "Make controller discoverable on L2 network" is checked, the AP will show up in the controller, even when the controller is on a different VLAN, provided you have inter-VLAN routing for it.

 

If you can see the AP on a new IP address, you can SSH into it and use a set-inform URL with your controller's IP address or FQDN in it, and the AP will show up in the controller. For me, it's far easier just to use DNS to have "unifi" point to my controller. I do it with a public FQDN so that APs can be set up locally and then taken offsite and still phone home.

 

If you want to use the discovery tool, make sure any firewalls are off while you do.

 

Discovery app for Chrome

https://chrome.google.com/webstore/detail/ubiquiti-discovery-tool/hmpigflbjeapnknladcfphgkemopofig?h...

 

Discovery tool for Java:

https://www.ubnt.com/downloads/discovery/ubnt-discovery-v2.4.1.zip

 

I believe the docs or online says ubnt and ubnt for default SSH name and password.

 

I will say this until I am blue in the face: If at all possible, use DNS or DHCP Option 43 to point the "unifi" name to the controller. I prefer DNS for multiple reasons.

 

Gregg

Established Member
Posts: 1,741
Registered: ‎10-26-2013
Kudos: 396
Solutions: 84

Re: Can Not Set LAN IP for UAP Pro

[ Edited ]

If it still does not show up in the Discovery tool after you reset it, install Wireshark on whatever computer is running the Discovery tool (it does not have to be the controller). Look for the broadcast traffic from the AP on UDP port 10001. If you don't see the packets, then the Discovery tool won't see the AP.

 

Also, make sure you use the correct Discovery tool.

Gregg

Established Member
Posts: 1,741
Registered: ‎10-26-2013
Kudos: 396
Solutions: 84

Re: Can Not Set LAN IP for UAP Pro

This is why I like using DNS in my set-inform URLs:

 

I use local DNS to add a "unifi" CNAME and point it to the controller's public FQDN, and a local DNS entry of that public FQDN that points the "A" record to the controller's LAN IP address. That way, even a new or factory-reset AP will look for "unifi" and get the FQDN, which then points to the IP of the controller, making it show up in the controller awaiting adoption (this may require checking "Make controller discoverable on L2 network"). In the controller, I set the "Controller Hostname/IP" to the public FQDN.

 

I can plug in a new AP on my LAN and it will show up pending adoption in my controller without me doing anything.

 

To be able to have my clients' remote APs phone home to my controller in my office, I have internal DNS pointing that publicly-reachable FQDN to the controller's LAN IP address, plus public DNS pointing that same publicly-reachable FQDN to the perimeter firewall's WAN IP address, and port forwarding for the desired ports from WAN to LAN IP of the controller (3478 UDP and 8080 TCP). After that, https://FQDN-of-controller (such as https://unifi.mypublicdomain.com) will resolve to myWAN IP from outside of my network, or to the controller's LAN IP if inside the network.

 

Now, take that same AP off of the LAN, and it will have the public FQDN in its inform URL and be able to phone home from anywhere.

 

Gregg

Emerging Member
Posts: 49
Registered: ‎01-05-2015
Kudos: 3

Re: Can Not Set LAN IP for UAP Pro

[ Edited ]

And this is unbelievable.  Even with all this I can't make it work.

 

I've installed the most current Controller (which apparently includes Discovery), and let the Discovery utility run all night but it found nothing.

 

I run dnsmasq intermittently to do DHCP when I need it, as with now.  It runs on 192.168.111.10, as do the DNS and time servers for the LAN.  In the DNS server I pointed unifi to the VM running the controller (192.168.111.13) and can ping it by that name.

 

I unplugged the Unifi, replugged, and it briefly was on 192.168.1.20 (based on pings), then the pings stopped and the DHCP server got the multicast and assigned 192.168.111.102 to the Unifi,where I could then ping and SSH into it.

 

The Discovery tool is still blind, and Controller is too, even with 'Make controller discoverable on L2 network' checked.

 

I can't believe that Windows doesn't have a firewall log and I can't believe that the Discovery and Controller don't bother to check 192.168.1.20.  I've double-checked the Windows firewall and confirmed that ports 3478/udp and 8080/tcp in are open, and 8080/tcp out is open.  Finally I can't believe that this is nonfunctional and so difficult.

 

Edit: I may have found it.  The Windows Controller VM is bridged to the wifi interface, but the wifi is obviously down due to the Unifi.  So I need to change the bridge.

Emerging Member
Posts: 40
Registered: ‎11-06-2017
Kudos: 2
Solutions: 2

Re: Can Not Set LAN IP for UAP Pro

I think this is being made harder than it really should be. OP, on your pc change your network (temporarily) to the 192.168.1.0 network say 192.168.1.21. Plug your pc directly into the ap and ssh to it. Change the network settings how you want on the ap and set the inform address. Now switch your network settings back on your pc, plug the ap back in and you should be good to go. Remember to use set-inform command twice so the setting sticks. Hope this helps

Established Member
Posts: 1,741
Registered: ‎10-26-2013
Kudos: 396
Solutions: 84

Re: Can Not Set LAN IP for UAP Pro

The reason I said to drop all firewalls and run Wireshark if it still fails is to make life easier and see if the packets even make it to the controller. If Wireshark sees UDP 10001, then the Discovery tool should see them. If you have a local "unifi" DNS entry or you have used SSH to set the inform URL to the controller, all that is needed is 3478 UDP and 8080 TCP open on the controller. Wireshark would confirm if the 3478 and 8080 packets are reaching the controller.

Yes, your bridge may be the problem.

 

Normally, the discovery tool takes less than a minute to see an APs broadcasts if UDP 10001 is open to the computer running the discovery tool.

 

------------------

 

 

"I pointed unifi to the VM running the controller (192.168.111.13) and can ping it by that name."

 

Ping does not confirm that the controller can be reached on the needed ports. To confirm that, you'd need to connect to the ports in question, which for TCP 8080 can be done with Telnet. For UDP ports, you can use Port Query (https://www.microsoft.com/en-us/download/details.aspx?id=24009). If you want an AP to talk to the controller, it needs those two ports. If you want the Discovery tool to see an AP's broadcasts, you need UDP 10001 open on the computer running the discovery tool, which does not have to be the actual controller computer.

 

------------------

 

"I can't believe that the Discovery and Controller don't bother to check 192.168.1.20."

 

To avoid assumptions about subnets in use, they programmed things so that the APs phone home vs. having to make controllers go looking for them.

 

The discovery tool listens for UDP 10001 broadcasts no matter what subnet it's on. It does not ASSUME that one has a 192.168.1.0 subnet, and it does not actively look for APs...it just listens for their broadcasts. Similiarly, the controller listens on TCP 8080.

 

Think of yourself in a room with 100 people, shouting to see if Johnathan Aloicious Smith IV is in the room. You'd disturb EVERYONE in the room (subnet) for no reason looking for one specific name. Now, if you knew that he was told to call you directly on your phone on 8080 as soon as he arrived (the phone is your controller), you'd interrupt no one. He would call you directly on 8080 if he knows your number (if you have "unifi" set in DNS or DHCP Option 43), and he would broadcast on UDP 10001 for you to discover him if he didn't have your number. A new or reset AP broadcasts on UDP 10001 and also looks for "unifi" via its set-inform. If you have your "phone" turned on, it is listening for that "call" to it on UDP 10001 (discovery tool) or 8080 (controller). The controller waits for an AP to talk to it on 8080 vs. actively seeking out 192.168.1.20 because it would be foolish to assume that a controller will always be on a 192.168.1.0 subnet. I never use 192.168.1.0 and 192.168.0.0 subnets on work networks. Someone who has a 192.168.1.0 subnet may already have a device on 192.168.1.20 IP anyway. So, the controller is waiting for a call on 8080.

 

The whole discovery tool step is not needed if one has "unifi" set up in DNS or in DHCP Option 43. With "unifi" set up, just connect a new or reset AP, and the AP shows up in the controller.

 

Gregg

Emerging Member
Posts: 49
Registered: ‎01-05-2015
Kudos: 3

Re: Can Not Set LAN IP for UAP Pro

[ Edited ]

Indeed the virtual machine bridge setting was the ridiculous problem.  Windows was trying to use wifi, when that was down due to the AP.  Not the first thing I would have thought of since I never have to change that.

 

Now I've been able to set up and upgrade the AP.  Thanks to all who helped.  It is a very good AP, once you get used to the ideosyncracies.

Reply