I tried so many different combination and I think @LTS_Tom, you might be able to point me to right direction. I watched you this video and tried to figure out but not working out if I also tag vlan as well.
So here is what I am trying to do:
pfsense with 5 LAN port each is with its unique subnet
LAN1 - 10.0.10.1
LAN2 - 10.0.11.1 - vlan tag of 70 as well with subnet 10.0.70.1
LAN3 - 10.0.60.1
LAN4 - 10.0.30.1 - vlan tag of 40 as well with subnet 10.0.40.1
LAN5 - 10.0.90.1
Now I have unifi 48 port POE pro switch
those lan port are going in
port 1 - LAN1
port 2 - LAN2
port 3 - LAN3
port 4 - LAN4
port 5 - LAN5
in unifi I have made network with vlan tag like this:
In custom switch profiles, you have to use the native network along with the VLAN. It won’t work with the native network set to none and just a VLAN or multiple tagged networks. I started using custom switch profiles and realized I can’t leave out my native as that’s where my VLAN tag information is coming in from.
so if I set Wifi_ALL for port 3 on switch - which is native 10.0.30.1 with vlan tag of 40, then
my Black tiger (IOT90), white tiger (VLAN40) works but Green tiger (native 10.0.30.1) doesn’t work.
If I set to wifi30 - which is native 10.0.30.1 - then only black tiger works but not other two.
So the Wifi_ALL had native network 10.0.30.1 with native network 10.0.90.1 and VLAN 40 (10.0.40.1) in the tagged network, correct? So, your black and white tiger networks but not the green.
The Wifi_All should have worked but have you tried setting Native to 10.0.30.1 (Green Tiger) and in your Tagged network setting all your networks including 10.0.30.1?. Also remove your Default.
What do you mean by
If you set that where? Because your native is 10.0.30.1. But you say if you set that then only the 10.0.90.1 native network works. So, what do you mean if you set wifi30?
Also, are you using the Netgate 4100 or 6100? Or is this a custom build with pfSense installed on top? Not that it matters, I just want to have a clear picture of your HW setup for the firewall.
I am using protectli device with 6 NIC ports.
wifi 30 is native 10.0.30.1 but in unifi I have to do as vlan id. I watched Tom’s latest video on vlan and unifi. Here is link to video: https://www.youtube.com/watch?v=WMyz7SVlrgc
You don’t have a “VLAN 30” in pfSense because your WiFi30 is effectively your igb3 interface or 10.0.30.1 network which is not a VLAN. Your native network is igb3 and you’ve created a VLAN 40 on that interface. On that interface the only VLAN is 40. This is why it works when you create a switch profile with WiFi 30 as the native and add your VLAN 40 as tagged network to it. You need to create a VLAN 90 on your igb3 interface and add it to the WiFi_ALL profile. Use your igb4 interface for some other network. I believe it is possible to use the igb4 but then we’re talking about getting into the DOT1Q stuff, PVID, and tagging. But the easier route is just make a VLAN 90 on your igb3 interface.
You have six physical interfaces. Of which you could create 24,564 VLAN’s but remove your igb0 WAN and it’s 20,470 VLANs. Because you don’t create VLAN’s on your WAN. And unless you have 802.1q mode enabled on pfSense then it’s only 640 VLANs you could use. But no one ever uses that many VLANs.
I know but I want to utilize 1gig connection for outside of home and 1 gig network for internal using 10.0.30.1 (vlan tag of 40 in pfsense) and 10.0.90.1 as native as well.
As you recommended, I did this: Didn’t work 10.0.30.1 - other two did work 10.0.40.1 and 10.0.90.1.
It didn’t work because you didn’t do what I recommended and left out the native network. However, I was partly wrong. So I did some research and testing on my network. I’m not sure what you’re testing for your wifi networks. Because I don’t have an exact setup as you do but I can still simulate one. I only have one native network and multiple VLANs with 1Gb connections. But as I’ve read, from the UI community, a native network corresponds to a default “All” profile that’s for uplink to other UniFi equipment.
If you remember from Tom’s video, he mentions the All profile. So I was partially saying the wrong information. The native network needs to be Default. However, since you have six physical interfaces. I’m not sure exactly how UniFi sees a native network in your setup. Theoretically, you could plug say the ig5 interface into your switch which should effectively become your native network.
When setting a native network in the switch profile such as WIFI30. Your APs will be 10.0.30.1 and may lose connection to your Unifi Controller. So if I set my native network to something other than my default then my AP will get whatever I set the network to. And will either show offline in my controller or fail at adopting because it’s not the native network. Or in this case the “All Profile”. That means my native network needs to be set to default so it works with my Unifi Controller.
So if you are wanting your 10.0.30.1, 10.0.40.1, and 10.0.90.1 networks to be handed out by your APs you’ll need to make adjustments to that. But the native network can’t be set to NONE. Otherwise, your APs will show as offline in your Unifi Controller.
This means the IoT_All picture you posted in a previous post is correct. But I’m not sure why you think it defeats the purpose of separating VLANs. You separate out those networks in your Wifi Networks under settings in the Unif Controller. You can create new WiFi networks and set the network it should use. For example, I have multiple Wifi Networks, and they all use multiple separate VLANs. My pfSense controls which of those WiFi VLANs can talk to each other.
@formatall you sound like you’re having a tough time !
I don’t have the same kit as you, however, I do have a pfSense box with 6 ethernet ports. What I do is to keep one port on the LAN, I can directly access pfSense via this port, the remaining ports I put in LAGG and carry my vlans. I don’t really use my LAN as such.
You might want to do the same kinda thing.
The only caveat is if you have a lot of cross vlan traffic then having separate ports on the pfsense box might be a bit more efficient.
