My customer has a UniFi controller running on their Windows server. They’re ready to add a USG router, which I want to configure in my office before going on site. This qualifies as a “remote adoption” or “L3 adoption.” I’ve spent several frustrating hours over a period of many days trying to get this to work. UniFi documents remote adoption for access points here, but there is apparently no documentation on adopting USG devices or switches. Here is what finally worked for me.
The USG must be able to reach the remote controller on the “inform port,” TCP 8080 by default. On the remote router, forward that port to the computer running the controller. Theoretically you shouldn’t need to open port 8080 in that computer’s Windows firewall. but I’ve seen one instance where I had to open firewall ports explicitly.
If you are using https://unifi.ubnt.com to access the remote controller, you do not need to open TCP port 8443; in fact, this article recommends that, for security reasons, you don’t open that management port.
When I was struggling to get this to work, I updated the controller to version 5.8.24. Not sure if that’s necessary.
In your local office, you’ll need two computers, four network cables, a switch and a router connected to the Internet.
Plug both the WAN and LAN ports of the USG into your local switch, behind your local router:
- The WAN port must be able to pull (via DHCP) an IP address that lets the USG connect to the Internet.
- The LAN port is used for configuring the USG.
On the first computer, open a connection to the management interface of the remote controller.
Change the IP address of the second computer to 192.168.1.10. This puts it on the same LAN as the USG. Use Putty to open an SSH connection to the USG at 192.168.1.1 with the default username password “ubnt”/”ubnt”. (Alternatively, you can connect to the USG’s Console port with a console cable like this, then use Putty to establish a Serial connection to the cable’s COM port—check your computer’s Device Manager—at 115000 baud, 8 data bits, 1 stop bit. no parity, XON/XOFF flow control.)
show interfaces. You should see eth0 with an IP on your local network and eth1 with the IP address 192.168.1.1.
ping 18.104.22.168 to confirm that you have Internet connectivity. Press Ctrl-C to stop the ping.
If you are unsure whether the USG is at its factory default state, run this command to reset it:
sudo syswrapper.sh restore-default
info to see the current firmware version. You should probably upgrade the USG to the latest firmware version. Instructions are here. I did this as an offline upgrade, but as long as the USG is connected to the Internet, an Internet upgrade should work. For firmware version 4.4.22, the commands would be:
Forget Chrome Adoption
The article on remote adoption lists several methods for doing a remote adoption and recommends the Chrome Web Browser approach. Maybe that works for access points, but I could not find any combination of settings that would get it to work for a USG. Part of the confusion is that the UI has no fewer than three places to set the inform URL, plus four places for username and password, with no explanation of which credentials are required where. Is one the current credentials and another the credentials after adoption? Who knows. No matter what I did, I kept getting the message “There was an error setting inform for <MAC address>”:
Forget Chrome adoption.
Update August 28, 2018 I tried the Chrome adoption technique later with an AP-AC-LR access point and it worked.
Use SSH Adoption
What worked for me was SSH adoption, as described here.
1. SSH into the USG and run this command, substituting the controller’s public URL or IP address (note that it is HTTP, not HTTPS):
2. Back on the other computer, on the one connected to the controller’s UI, you should see the USG appear with the state “Pending Adoption”. Click on the Adopt link:
The state of the USG should change from “Pending Adoption” to “Adopting”:
3. Now go back to the SSH session connected to the USG and run the same
set-inform command again (yes, you must run
4. Back in the controller UI, you should see the state change to “Provisioning”, then “Connected”:
Your SSH session will disconnect. If you want to log in via SSH again, you’ll need to use the username and password configured in the controller under Settings > Site > Device Authentication.
5. If you see the little yellow triangle as shown above, the USG is probably unable to reach the controller server as a STUN server. (See this article.) If you forward STUN port 3478 (UDP) to the controller and open it in the computer’s firewall, the triangle should go away:
You should now be able to continue configuring the USG through the controller.
Bonus: Set-Inform on a Switch
If you SSH into a UniFi switch and try to run the set-inform command, you’ll get the error “sh: set-inform: not found”. Very confusing that switches do not work the same way as routers and access points. Thanks to this post, I learned that, “You must run
mca-cli first, then
Update 19 January 2019 According to this post, you have to use
mca-cli first on an access point as well. Not sure if this is (still) true, since the AP does respond to the
set-inform even from the “main” command prompt.