Unifi and pfsense with multiple uplink

I followed @LTS_Tom video and show how it does vlan tagging to have multiple uplink. I have been using same method as you can see I have multiple vlan network in unifi. Each network on unifi vlan is separate PORT on pfsense as I have five LAN ports on pfsense (Wifi 30 and wifi40 is coming from same cable as real vlan).

TEST and LAN20 network both works similarly in unifi.

If I create TEST network with same subnet as it is in pfsense, it works as well. (Before I used LAN20 VLAN-Only network in unifi as per video).

PORT 2 on unifi switch coming is from pfsense PORT 2 (10.0.20.0/24).

so if I set either TEST or VLAN20 to that port in unifi and set similar network on another port (For instance port 18) and attach client, both works fine.

Here is scenario 1 (LOOK AT PORT NUMBER and PORT PROFILE):


Here is Scenario 2 (LOOK AT PORT NUMBER and PORT PROFILE):


so why create VLAN Only network? or I will break something if I do this? @LTS_Tom

VLAN only is used when you don’t have UniFi routing equipment such as a USG or UDM.

But I tested with creating regular network just like Default network and it worked.

It will work both ways.

Is there a way to achieve same thing in different switch and are steps different? Thinking to buy either netgear or TP-link due to POE budget and Money budget.

I would appreciate a video (other might benefit as well specially homelab people) but little advise would be good too.

Each switch company has their own way of doing things.

If you have a UDM-Pro is there still a need for a pfsense?

I don’t use UDM-pro. I use only pfsense for firewall and unifi only switch devices.

1 Like

No, if you have a UDM-Pro, there isn’t a need for pfsense. I just purchased a UDM-Pro to replace a Netgate appliance. I am replacing my Netgate device because I now work from home and need a simpler network. When I have time to sit down and learn all the quirks of Pfsense, I will reattach it to the grid in front of the UDM-Pro. I would consider implementing my Netgate device to have the ability of all the network protocols Ubiquiti products don’t offer. Also, I have heard that Ubiquiti products don’t handle OpenVPN or Wireguard very well.

Wireguard is coming with Teleport VPN. But, if working from home, probably don’t need VPN into the home since you’re already there?

Site to site VPN is no good with UniFi.

I know site-to-site VPN doesn’t work with Unifi, so I am keeping my Netgate appliance to create a site-to-site VPN connection to my Netgate gateway and then port forward that traffic to my UDM. If that doesn’t work, I have two separate networks connected to one ISP; one is for the family, and the other is my network lab.

I now realize my advice to @MattS-TechGuys was a little confusing what I should have said was as long as @MattS-TechGuys wasn’t running any protocols or any features Pfsense supports, but the Unifi product line doesn’t have or doesn’t support well, he can go ahead and replace Pfsense. On the other hand, @LTS_Tom’s advice is only to purchase Unifi switches and their AP from the Unifi product line; he has found Uquiquity level 3 switches and their routers lack features other manufacturers have very limiting.

I don’t have a problem with what you’re saying. Was just clarifying that point.

I would go further. I would say to @MattS-TechGuys, if you have to ask, then you don’t have the need and (in essence) would make no functional difference because your network flow/demands is not impacted. If it were impacted…you would know. If you need to go to SSH into your UDMPro and start running scripts and installing packages, then you are impacted, and you know. If you are fine with the GUI, and everything works, then you are not impacted, and have no need. Use what you want, especially if you own the UDM-Pro already. Also, if you want to dive into a rabbit hole and start digging for fun, sure.