I just picked up some new networking gear, so this will be the first of a multi-part blog post about my learnings configuring Unifi gear.
One issue I noticed right away was that it is not possible, via CLI nor GUI, to configure fixed IP address for a host that relies on more than 1 of the configured networks/VLANs. Since I have a home server (user VLAN) that is also hosting the controller softare (management VLAN) and also acts as a gateway for sending packets over its VPN interface (VPN VLAN), this was necessary for me.
It is possible but requires a bit of manual configuration using a config.gateway.json file. First, if you have configured a fixed IP for the host, unset it.
Then, merge in the DHCP mappings in your config.gateway.json file:
{
"service":{
"dhcp-server":{
"shared-network-name":{
"LAN_192.168.1.0-24":{
"subnet":{
"192.168.1.0/24":{
"static-mapping":{
"00-aa-22-bb-44-cc.mgmt":{
"ip-address":"192.168.1.5",
"mac-address":"00:aa:22:bb:44:cc"
}
}
}
}
},
"LAN_Users_192.168.10.0-24":{
"subnet":{
"192.168.10.0/24":{
"static-mapping":{
"00-aa-22-bb-44-cc.users":{
"ip-address":"192.168.10.5",
"mac-address":"00:aa:22:bb:44:cc"
}
}
}
}
},
"LAN_VPN_192.168.20.0-24":{
"subnet":{
"192.168.20.0/24":{
"static-mapping":{
"00-aa-22-bb-44-cc.vpn":{
"ip-address":"192.168.20.5",
"mac-address":"00:aa:22:bb:44:cc"
}
}
}
}
}
}
}
}
}
The key here is that the string child of the static-mapping node must be unique. Unifi will put in the MAC separated by dashes by default, so above I just tacked on the VLAN name to each name.
Re-provision your USG and you should be good to go. If you run into trouble an want to debug DHCP req/ack sequences, setup verbose logging:
configure
set service dhcp-server global-parameters 'log-facility local2;'
set system syslog file dhcpd facility local2 level debug
set system syslog file dhcpd archive files 5
set system syslog file dhcpd archive size 5000
commit
You'll find the DHCP log under /var/log/user/dhcpd. Simply reboot to go back to normal logging.