I have checked help.ui.com site in an attempt to understand a bit of the architecture Ubiquity usees when it comes to network communication between the Controller and APs.
For example, i see that port 8080 is used for adoption but how do the controller and AP communicate when it comes to passing configuration? Are CAPWAP/LWAPP protocols in play if the controller is in a different VLAN or Datacenter than the APs? Is this done over TLS?
The protocol in use over port 8080 is proprietary, but I believe it does employ TLS. Plenty of security researchers look at Unifi products, and they usually find issues with other parts of the ecosystem (especially the port for the GUI) not the adoption/configuration protocol.
Unifi APs don’t have an option to tunnel traffic to/through the controller, so the only traffic communicated with it is downloading configuration and uploading metrics.
When you adopt a device there is a unique key pair setup between the controller and that adopted device so as the changes are pushed they are all encrypted. They also currently have good people working their security team and have a bug bounty program. HackerOne
1 Like
So if i understand, the configuration of APs and the pulling of device metrics to feed the controller are all done over port 8080 but the protocol in use is proprietary?
Proprietary, and secured by per-device public/private key pairs.
1 Like
Fair so my last question is about device adoption. I got an AP that will have multiple SSIDs , Multiple VLANs trunked to it. From those VLANs how does the AP pick which one to use to find the controller? In order words if i set DHCP Option 43 on vlan 10 and not on vlan 20, how does the AP know to pick VLAN 10 to use or does it grab an IP on whichever offer it receives first?
The default is on the native (VLAN1) network where it get’s it management IP assigned.