Host OverRide for UnFi APs
-
@magikmark said in Host OverRide for UnFi APs:
Ssh uses port 21 right?
Thanks for reminding about the firewall rule
Will try this later
TCP port 22.
-
Oops! Thanks again
-
@magikmark why are you putting your AP on another vlan? You can run another vlan for your wireless once the AP Is up and running.
But for ease of setup and management of your AP should really be on the same network as your controller.
Or you have to do L3 adoption. That is NOT what I would suggest for the first time unifi user..
-
This is why the network gods created management LANs. Actually, your problem is the controller relies on discovery to find the APs and other Unifi devices. Discovery uses multicasts, which are not normally passed by routers. This means the AP must be in the same LAN as the controller.
-
@jknott said in Host OverRide for UnFi APs:
This means the AP must be in the same LAN as the controller.
Well yes and no.. They do have L3 adoption, and they do have support for tagged vlans now for managment, etc.
But I sure wouldn't suggest someone new to it all to do any of that. Put your AP on the same network as your controller. Then you can setup your wifi networks to be on different vlans..
Once your more familiar with the how this all works, then if you wanted sure you could put your controller and the AP on different networks
-
I'm putting the AP in another interface. I have a 4 port NIC.
192.168.1.1 - WAN
10.0.1.1 - LAN (Htpc)
10.0.2. 1 - AP multi SSID
192.168.1.2 - Failover WANAs much as I would like to put the controller and AP in one network, I don't have available switch at the moment.
I would appreciate if you have tweaks and tips to share to make pfsense and U6 work seemlessly
-
@magikmark well use the L3 Adoption method that was linked too above.
Order a switch.. the little 5 port unifi flex mini is $30..
-
Thanks. May I ask why it's called level 3 adoption?
-
@magikmark because your adopting the AP that resides on a different L3 than your controller.
-
@magikmark Nope as I mentioned I ditched Unifi a while back.
https://community.ui.com/questions/pfSense-DHCP-provision-option/b42003ce-7560-4680-8731-805e59459bfc
-
@magikmark said in Host OverRide for UnFi APs:
Do you have a step by step guide?
The step by step guide is given on the link to the L3 adoption - they even provide a pfsense example for setting the dhcp option 43
-
Either SSHing into the access point and setting the inform url or setting a host override in pfSense for 'unifi' should work there. I have done both, neither was especially difficult.
Steve
-
This post is deleted! -
Guys,
LAN: 10.0.1.1
HTPC: 10.0.1.2
Asus: 10.0.2.1
UniFi: 10.0.3.1SSH
- Can't even ssh to the device. I could see U6 in dhcp leases in has an ip of 10.0.3.5. Turned ssh in pfsense. on I can ssh my pfsense box
- Doesn't respond to ping
- Firewall Rule all ports open, any protocol, any source and any destination
DNS
- I have Adguard installed. Is there an effect?
DNS Resolver Entry
- Host: unifi
- Domain: HTPC.pfSense.mylocal
- IP add: 127.0.0.1 or 10.0.1.1 or 10.0.1.2
DHCP Option 43:
- Set this under Unfi Interface
Number: 43
DCHP Option: 43
Type; String
Value: 01:04:0a:00:01:01 (10.0.1.1)
01:04:7f:00:00:01 (127.0.0.1)
Light still steady white. Can't be discovered by the controller
Maybe I missed something? Perhaps rule? -
If you connect anything else to the same subnet does it pull a valid dhcp lease?
The AP could be unable to respond for some reason.
Steve
-
Yes I used to have Netgear / Asus and working fine. Trying to upgrade to Wif6 enterprise grade. Chose Unfi
I thought maybe some configuration since U6 is fairly new
I have echo reply blocked in floating rules. Dunno if it has some effect
The rest of my Floating rules are:
Blocked Ips from Firehol
I have QOS / limiter running as well
-
Can we see screenshots of those rules and firewall logs?
-
For the firewall log:
Its kinda long. It only shows blocking ipv6 on my wirelesslan (asus)
-
@magikmark so you run all your rules in floating.. So there is really no way to know even what direction they are in? Other than your description there saying outgoing or incoming
So in what possible scenario would wirelesslan be an outgoing interface towards whatever is in firehol level 1?
First thing I would suggest is get rid of ALL of those... You understand use of "this firewall" is every IP of the firewall right? But in what scenario would these interfaces be used in the out direction htpc and wirelesslan? Or how would these what I assume are external sources in your aliases be inbound into those interfaces?
What are the rules on your actual interfaces.. Please delete all those rules and show us the rules on your actual interfaces.. You can put your whatever those are suppose to be and do back after you actual have stuff working..
Most of those rules don't even have any hits.. they are all 0/0
Value: 01:04:0a:00:01:01 (10.0.1.1)
01:04:7f:00:00:01 (127.0.0.1)Those are not how you do option 43.. For option 43 you put in the IP of your controller..
-
Ok Will delete those
