Hello!
I needed a fanless PoE+ capable switch for home, and ended up buying a USW 24 POE Gen2. I have a little trouble to set it up in my netwwork enviroment.
I have a pfSense firewall at home, configured as my main router connected to the USW 24 POE Gen2 switch. I followed nguvu’s steps to reach my goals on the pfSense (setting up multi vpn wans), and there was some article about how to connect a switch to the router (there are 3 different method for 3 different deveices: Netgear, Cisco & Mikrotik), but there was no instruction for the unifi switch. The Netgear settings was familier for me, becausa before the USW i had a TP Link smart switch.
Here’s what i did:
I’ve created 3 network interface on the pfSense:
IGB0 --> WAN (PPPOE)
IGB1 --> LAN (192.168.5.0/24)
IGB2 --> VLANs (10,20,30):
VLAN10 --> 192.168.10.0/24 (Managament VLAN)
VLAN20 --> 192.168.20.0/24 (VPN client VLAN)
VLAN30 --> 192.168.30.0/24 (Guest VLAN)
The unifi controller is on my laptop (using LMDE4 if it matters)
I want to make the switch’s port24 connect to the router on IGB2 and get the address defined in the router from VLAN10 in the 192.168.10.0/24 range. I’ve read that i have to change the management VLAN on the switch under the switch’s Settings --> Config --> Services --> Management VLAN and to do this i have to adopt the switch in the controller from an untagged VLAN. Now the switch is adopted in the controller from the LAN interface (IGB1), and get an IP address: 192.168.5.6 (static). Is it possible somehow to adopt the switch from the VLAN10 network? I had an idea to do this, but there was no luck (using the new BETA settings):
- I’ve added all VLAN under Networks --> Local Networks (because i don’t use any USG but pfSense i think i’m finished here,)
- Under Configuration Profiles --> Switch Ports: i’ve created a profile named “Trunk to pfSense” --> i’ve set all VLAN as Tagged Networks, no Native Netwwork,
- In the controller i’ve changed port21 profile to VLAN10, port20 profile to VLAN20 and port19 profile to VLAN30, and port24 as Trunk port defined as “Trunk to pfSense”,
- than i switched the cable from IGB1 to IGB2, switched the cable (connected with my laptop on the switch) to port21, renewed my IP address on the laptop.
This is my second time to try achieve this settings, at the first try i was able to make some progress: my laptop got an IP address from the 192.168.10.0/24 range, i could ping the router on 192.168.10.1, ping 1.1.1.1 and ping google, all was succesfull, but the switch stayed on its previously assigned 192.168.2.6 address and in the controller it was showed as disconnected, and never came back. After this i tried setting in “Trunk to pfSense” switch port profile: the VLAN10 as Native Network to be an untagged network, the rest was left as tagged (VLAN 20 & 30), but the switch still didn’t get any IP address from 192.168.10.0/24 (VLAN10) range. With the 2. try now the switch gets its default ip address (192.168.1.20), the controller shows the switch as disconnected, and i don’t have any Internet.
So what i’d like to achieve here:
- Let VLAN10 my management VLAN
- Set Port24 as a trunk port with all VLANs
- Port23 should be VLAN10
- Port22 should be VLAN20
- Port21 should be VLAN30
- Port1 should be a WiFi Trunk port with all VLANs where VLAN10 is untagged(?).
When i bought the USW my setup was different: there was a LAN network at IGB1, and 2 or 3 (don’t remember exactly) VLANs attached to IGB1. USW worked just fine if i set the trunk port with LAN as Native network, and the VLANs as Tagged Network. But then i changed my VPN service to AirVPN, and found [nguvu’s blog posts and i just wanted to try something completely different than it was before. I think i could achieve what i want if i set IGB2 as LAN2 with some range like 192.168.6.0/24, and attaching all VLANs to LAN2 than set LAN2 as Native Netwwork in unifi controller, and the VLANs as Tagged Network, but i’m looking for a way to achieve the same as written on nguvu’s site.
Thanks any help you can provide!
PS: please excuse my english (this is not my main language)! I hope you could understand what i’d like to achieve here!