topic Re: dhcp server option 43 for unifi controller in Spark Firewall (SMB)

dhcp server option 43 for unifi controller

chaigeo — Thu, 31 Mar 2022 18:35:14 GMT

Hello All,

Tried to add option 43 for ubnt unifi controller via gaia to a quantum spark 1570 80.20.25 appliance with no luck.

According to sk107393 option 43 is reserved for thomson-voip.

Tried to add the ip (hex or decimal) to thomson-voip field no luck again.

Does anybody knows how to add correctly unifi controller ip to dhcp server options?

I know how it works to mikrotik (and it works) but to checkpoint... no luck.

Re: dhcp server option 43 for unifi controller

K_montalvo — Thu, 31 Mar 2022 19:44:38 GMT

Hello,

I have check in a newer spark model and its located from Device > Local Network > Selected LAN > DCHPv4 Settings Tab at the bottom > Custom Options. You will need to make the IP hexadecimal.

You can try with the following site

https://string-functions.com/hex-string.aspx

Re: dhcp server option 43 for unifi controller

chaigeo — Fri, 01 Apr 2022 08:23:47 GMT

Hello,

I already tried that. First problem is that according to sk107393 i cannot use a reserved tag. Unifi needs 43 and it is already reserved for thomson-voip. I tried with ip or hex-ip in thomson-voip field...no luck.

Let's say that i can make custom option. I don't know the exact syntax. Do i have to use hex-string or string? Do i have to use only ip in hex only or vendor specific attributes (for unifi is 0104) in front of the ip hex number?

eg. for ip let's say 192.168.1.50 and string or hex-string

0XC0A80132 or 01040XC0A80132

i tried every combination every time i get db error.

thanks!

Re: dhcp server option 43 for unifi controller

PhoneBoy — Fri, 01 Apr 2022 13:53:07 GMT

You definitely cannot use option 43 as a custom option, see: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk107393

When you say "no luck" what is the precise behavior you expect and what is the precise result you get?
More details are definitely required.

Re: dhcp server option 43 for unifi controller

chaigeo — Sun, 03 Apr 2022 22:24:47 GMT

No luck means does not work.I already check the url you sent it's the first think i write at the first post.

Let me explain.

O unifi ubiquiti access-point needs to know the ip address or the hostname of the unifi controller.

By default it looks for the hostname "unifi". If you have a dns A record for unifi mached to an ip then it can find it.

But if you have more controllers then you have to change that name with the ip address you want and you can offer this to access-point via the dhcp-server.You can do that by option 43 at the dhcp server. That way you can send the controllers ip to the access-point.

I have done that many times with mikrotik dhcp server:

option 43

ventor id (0x0104)

mac in hex. (eg 192.168.1.1 in hex is c0a80101)

the string is 0x0104c0a80101

and it works. either after factory default to an access-point. dhcp-server offers ip,gw,dns and unifi controller address to access-point.

My question is: which is the exact syntax to checkpoint to achieve that. Does anybody knows?

i tried with thomson-voip (sk107393) lets say the ip is 192.168.1.1

choices:

192.168.1.1

c0a80101

0104c0a80101

0x0104c0a80101

access-point never gets the controller's ip address.

manuals said NOTHING about the syntax of the options field. No error occurs to /var/log/messages (just db error which is a bug from older versions and it still exists)

thanks again for your time again.

Re: dhcp server option 43 for unifi controller

PhoneBoy — Mon, 04 Apr 2022 13:30:54 GMT

Maybe a tcpdump will show what the DHCP server on the device is actually sending.
Meanwhile, I recommend a TAC case so we can investigate.

Re: dhcp server option 43 for unifi controller

chaigeo — Thu, 22 Sep 2022 16:45:18 GMT

Hello,

Well the problem was so simple .... you must add the hex-string with letters IN CAPITAL not in lower case.

The correct form for a custom option (eg for ip 192.168.15.10 and vendor specific 0104 which is ubiquiti)

tag: 43

hex-string: 01:04:C0:A8:0F:0A

then you get in tcpdump :

Vendor-Option Option 43, length 6: 1.4.192.168.15.10

This works an now ubnt access-point can resolve the hostname "unifi" to the correct ip and find the controller.

At checkpoint must change the error message and define that you must add the mac address in capital letters (it shows an example in capital but i never thought that a mac address can be case sensitive..)

And someone to change the sk107393. You can add a new custom option with tag 43 although is predefined (probably they fixed sk is from 2015)