Tom Davison
UniFi Switch Racked

Configuring DHCP Option 43 on pfSense (KEA DHCP) for UniFi Device Discovery

Posted on by Tom Davison

When running UniFi access points without Layer-2 adoption, DHCP Option 43 allows your UniFi devices to automatically discover the UniFi Network Controller. With pfSense now using KEA DHCP by default, the configuration is slightly different from the legacy ISC DHCP approach.

This guide walks through enabling Option 43 on pfSense using KEA DHCP so UniFi devices can successfully locate your controller.

Prerequisites

  • pfSense with KEA DHCP enabled
  • UniFi Network Controller reachable on your network
  • UniFi devices receiving DHCP from pfSense
  • Access to the pfSense web interface

Step 1: Open the KEA DHCP Server Settings

  1. Log in to your pfSense management interface
  2. From the top menu, navigate to:
    Services → DHCP Server → General Settings

Step 2: Define DHCP Option 43 (Custom Configuration)

Under:

Custom KEA Configuration

Add the following JSON configuration to define Option 43 for UniFi:

{
  "option-def": [
    {
      "code": 43,
      "name": "unificontroller",
      "space": "dhcp4",
      "type": "binary"
    }
  ]
}

This creates a custom DHCP option named unificontroller using Option 43 with a binary payload, which is required by UniFi devices.

Image Of Custom Config KEA
Image Of Custom Config KEA

Step 3: Select the Correct VLAN / Interface

Back on the DHCP Server page:

  • Select the management VLAN where your UniFi devices are connected
  • This is typically the untagged/native VLAN used by your access points

Step 4: Configure the UniFi Option 43 Data

Scroll to the bottom of the DHCP Server page and add a new Custom Configuration with the following structure:

{
  "option-data": [
    {
      "data": "0104xxxxxxxx",
      "name": "unificontroller"
    }
  ]
}
KEA Configuring DHCP On The VLAN
KEA Configuring DHCP On The VLAN

Converting Your UniFi Controller IP Address to HEX

The data field requires your UniFi controller IP address encoded in hexadecimal format.

For example, if your UniFi controller IP is: 192.168.1.150

The hexadecimal conversion is: C0A80196

You can use online tools such as:

Once converted, prepend 0104 to the HEX value: 0104C0A80196

⚠️ Important Note for Migrating Users
This format is slightly different from older ISC DHCP configurations, which required the value to be split into two-digit blocks. KEA DHCP expects a continuous HEX string.

Step 5: Save and Apply

  • Save the DHCP configuration
  • Restart the DHCP service if prompted

Your UniFi devices should now automatically discover and connect to the UniFi Network Controller during DHCP assignment.

Final Thoughts

Using DHCP Option 43 with KEA DHCP on pfSense is straightforward once you understand the binary formatting requirements. This method is especially useful for environments where DNS or Layer-2 discovery isn’t feasible.

If your UniFi devices don’t immediately appear, try rebooting them or forcing a DHCP renew.

Happy networking!

Leave a Reply