Argh the nightmare of a remote UniFi installation understand POE power and broken Mac Unifi Controller
Ugh, I feel so silly right now, I spent the last week trying to make a remote installation of UniFi work without a UniFi Dream Machine (or UniFi Router) as they are both out of stock. This is going to be a mobile installation that uses UniFi WiFi 6 Enterprise access points to provide WiFi 6e at a remote location.
Not enough power from a single 24W POE Injector
But my trial installation just would not work. I installed the Mac Unifi Controller (which is hard in and of itself), then I hooked up a POE injector to an UniFi Flex which itself provides power on Ethernet to successively an UniFi AC HD, UniFi NanoHD, and then an UniFi 6 LR. I could not get it to work at all. The Mac would just not recognizes the adapters and then the APs would hang on power-up (blinking white).
It was only after a long hike that I finally realized what is wrong. It is all about power. The UniFi Flex takes POE+ as an input (technically POE is 15W and called 802.3af, then POE+ is 30W and is technically called 802.3at and finally there is POE++ which is 60W and is called 802.3bt, confused yet).
It turns out that the UniFi Flex takes in POE+ and then distributes that 30W of power out to up to four ports, but it needs power too. So if you look at the UniFi POE Injector, it is 48V output at 0.5A, so can produce at most 24W of power. But the UniFi Flex need 10W or so and if you look at the UniFi AC HD and the UniFi 6 LR, they need at least POE+ 802.3at so 10W or so and there is simply not enough power to get them to power up.
The solution is to go with the UniFi 16 Lite which has its own 60W wall wart and then this can produce the needed POE+ outputs on ports 1-8 (or 802.11at) but you can't exceed the overall power budget.
Not enough power from a single 12V to 120VAC invertor
Well, this whole setup seemed to work fine at home, but going out at a mobile site, I had more problems. Basically, the AP would come up and then crash even though the light was solid blue meaning it was working, the WiFi signal only lasted a while. In doing the power budgets, I'm pretty sure that the single invertor pulling 100W (12V x 10A or so) is not enough given losses. But the way to find out is to see how the devices are working.
I had originally set this up with a controller at home and then just expected it all to work as there is no need for a controller, you can just do setup and the devices work fine standalone. So off to trying to get a controller running
UniFi Mac Controller feels like an orphan
The other problem is that UniFi Mac Controller needs a version of Java running and Oracle in all their wisdom makes this really hard. You can do a manual install of the Oracle and in fact that is the only way to download it because you have to sign a license agreement. So while you can do a
brew install ubiquiti-unifi-controller and you can install java either natively with
brew install adoptjdk8 the Unifi software has no idea where the Java installation is.
cd /Applications/UniFi.app/Content/Resources java -jar lib/ace.jar ui
This is the way to bypass the loading since the UniFi.app graphical interface has hardcoded where the Java installation lives.
As an aside, the UniFi system works in a clever way, you configure the access point and switches with this controller software, and then when it is running, you don't need the controller. You don't get statistics, but it works, so just program them at the home office and then deploy the thing out in the real world.
If all goes as planned, the USW flex should have a solid blue light at the POE input and the UniFi APs should have a nice friendly solid blue.
Which Java to load?
Turns out there are many to choose from and you can use
brew install jenv to load the version you want. The UniFi Controller needs the old Java 8 long-term stability release, but the latest in Java 17. Turns out that it will actually run fine with this later Java, but you get to pick what you want.
The long term solution to this is to use
brew install asdf which installs a general version manager, then you can get the version of Java you want with:
brew install asdf asdf plugin add java # to get a list of all supported java version asdf list all java # to get the latest LTS asdf install java openjdk-17 # to get the older jdk 8 from Amazon asdf install java corretto-8.322.06 asdf global java corretto-8.322.06
And you can confirm with
java -version that you are getting the right version before starting UniFi
Mac Controller never adopts
Well, I finally got all this running with enough power finally and the net is that I could never get the controller to adopt devices. The Mac Unifi controller would just say "Server Reject" even when you have the right inform URL. The inform URL is the call back that the APs and Unifi devices use to find their configuration. This is by default set to
http://unifi:8080/inform so if you have a DNS address for unifi it will just work. And it would just hang on "Adopting"
However even though I had the correct address, it never appeared in the Mac. I tried turning off the NordVPN threat protection and the MacOS file wall and checking to make sure with
losf -i tcp:8080 that I was connected to the correct process, but none of that worked. Sigh.
Unifi Cloud Console
I would normally have gotten an UniFi Dream Machine or UniFi Router, but these are all out of stock and the CloudKey are last-generation devices. But then I saw that UniFi had just announced their Cloud Console, so if you can see the Internet, you can manage it that way.
The way this works is a little mysterious. You go to
https://unifi.ui.com and then in display options, you click on the + next to Cloud Console and this gives you a billing page. It costs $29/month for up to 500 APs (that is a lot!) so is perfect for these remote setups.
Then you go to the Network application in the Cloud Console and on the Dashboard screen in tiny, tiny type is a button (that is an invisible link) that says
Copy Inform URL.
Then the nerdy part is that you have to ssh into your unadopted devices. So use Lanscan or some other tool to find the addresses and run
ssh email@example.com to get there and the password is
ubnt and then run
set-inform _the_huge_url_ and copy in the huge URL you get from the copy inform.
Then automagically, your devices will appear and it will be adopted. Pretty slick.