I searched the forums and wasn’t able to find any issues like the one I am having.
I have been running pfSense with just one interface with pfBlocker running and I have been really happy with it. So, I decided why not set up the wifi on a separate interface after watching Tom’s video. So, I set up the second interface, laptop connects to it just fine. However, as soon as I connect the unifi switch nothing happens. No network connection (wifi is still up but no says no internet connection). Am I missing a setting in the unifi widget? The other issue is the controller but I’ll have to do that after I get this figured out. I am not a network engineer, just some guy messing around with networking.
I knew I left out a bunch of details, sorry. I have the AP plugged into the switch. I then go from opt1 to the switch. At that point no internet connection. I can’t ping it either. I have set up the rules to allow access via ip4 and 6 and the rule that blocks access to LAN. I’ll look at the VLAN thread. Thanks!
@scm23 PM me. We seem to be in the same boat. I have a Unifi AP AC PRO working, directly plugged into the OPT1 port on PfSense. I have 3 VLANs set up on the AP matching three VLAN interfaces on the OPT1 port. I initially set up the AP on my old Netgear router. The only issue now is getting the Unifi network controller to see the AP when plugged into OPT1 with PfSense replacing the Netgear.
I have figured out a way of creating a small bridge between LAN and a fourth interface created on OPT1 just so that AP can be seen in the controller. I will test tonight to make sure the VLAN traffic passes on the other three interfaces.
I have confirmed that a Unifi switch does get recognized on the controller this way. I plugged a switch into OPT2 port, so I can plug a generic AP in and create a VLAN on the switch for it. That AP will just be for 2.4ghz camera traffic.
Like I am saying, I have discovered similar issues. I ALSO have Unifi…It only works and discovers Unifi switches when bridged, and only ultilizes the AP when VLANs are created.
Are you using a Protectli router box? I seriously think it has something to do with Unifi devices needing to be handed an actual IP address. When you connect to the OPT port you are not on LAN but a different subnet, so no IP for the Unifi and no recognition in the Unifi controller. You should be able to ssh into their devices to ‘inform’ them of where your controller is, but without an IP, I’m not sure how.
Setting the OPT1 port as static IPV4 should work, but it isn’t for me. That’s why I posted my workaround.
I’m not familiar enough to completely understand what you are proposing. I am going to try (in the morning when the family is gone) to put the unifi switch on the LAN port and the unmanaged switch on the OPT1 port and see how that goes. I’ll report back tomorrow.
UPDATE: Everything works. I can see any Unifi device plugged into the OPT ports. Keep in mind I created that bridge between a dummy interface on each OPT port and the LAN interface with DHCP, not static IPV4. I also DID NOT assign that bridge as an actual interface. It’s just a dumb bridge and I can now see and manage Unifi crap.
Also, the VLANs all work as well. Three VLAN interfaces on OPT1 and 1 on OPT2. All devices connected to them receive proper subnet IPs, and internet access. I turned on IGMP snooping inside the Unifi network controller on each network (ie., VLAN) just in case. I can now play around with rules and network discovery.
I would not be the person to answer that question. I’m like you, a home diy guy. I personally think it is a Unifi issue. I just can’t stand it when something stumbles me, and in my mind it should work.
Oh and the proof is in the pudding. I am typing these messages on my couch/MediaPC while connected to my brand new fancy-pants 5ghz VLAN. All with a proper subnet IP.
And apparently I can already see my printer over on the LAN subnet, so even better.
Well, bridge it is
Tried several different things. Then started looking up how to bridge. I’ll give that a go tomorrow. It doesn’t appear to be too bad. Any things to watch out for?
OK, that was easy. Now, the entire reason I wanted to do this was to keep my wireless and wired devices separate. Firewall rules are next I guess. Thanks for the help @nerlins
Not to throw a wrench in your setup but my idea of bridging might not be the best. I’m going back and forth, since I was having trouble pinging across a wireless VLAN to LAN.
I think the affect of bridging the interfaces puts traffic strain, because the VLANs are passing on the ‘dummy’ bridge, not past it, which was my thinking anyways…
Looking back at your posts, I wonder if the DHCP server setting was left on for the default LAN inside the Unifi controller? I personally hate the controller and it is easy to break for me.
If the bridge works for you, and you are able to ping PCs across VLAN and LAN then I am jealous.
I don’t have any VLANS, so I don’t know. But I am starting to wonder about the bridge idea as well. Like all new things you start, you have a vision in your head about how things “work” but in reality that isn’t how things work LOL. Anyway, I’ve got a connection that is going to put me in touch with some network techs and I’m going to ask them some questions. If you want, I’ll get back to you about what they said and why things should be done a certain way etc.
Most definitely. I appreciate any help. I am also looking into LAGG interfaces, which @neogrid mentioned in another thread. I didn’t know what that was, but seems likely as the route I’ll take.
Usually the LAGG is used for redundancy and/or increased bandwidth between switches. It can also be used between the router or other multi NIC devices.
From memory I don’t think you have many spare ports on your switches.
I’d say it’s only mandatory to have in place when you run ethernet cables in your house, there’s nothing stopping you however if you can just do it.
