unable to access ips on vlan after changing Gateway/dns
-
@jarhead ^ exactly all that is needed is at least 1 interface on pfsense and vlan capable switch and you can create as many vlans as you want.
If you want to do multiple vlans on wifi networks - best to get a AP that is capable off that, some wifi routers you can run 3rd party firmware on and do it. dd-wrt or openwrt supports vlans as long as the hardware of the wifi router does. Or just buy AP that support - unifi APs are pretty popular around here. I have 3 of them - they work great.
-
@johnpoz ah ok so a unifi router can support like multiple vlans
like the mitok switch i have does support vlans... and now i wanna have a wifi for lan devices like cell phones or my laptops that arent hard wired... and another wifi for the IoT devices the way i been doing it is where i use the 192.168.0.1-254 range ad segmented a section to do iot and lan and dmz say..
so would you then then Trunk from the smart switch to the AP Unifi router ap and then it knows which devices... like do you setup a seperate Wifi login password for each vlan?
and which unifi ap is good one.. i have heard of them i dunnohow to use them as i did watch a video years ago they hard to use etc...
-
and whats better then unifi or the ddwrt and if you look on amazon .ca can u tell me which router or AP ud recommend that would work as i havent kept up in routers for years if it last me 10 yrs i ok with them so i dont upgrade often anymore
-
@comet424 said in unable to access ips on vlan after changing Gateway/dns:
ike do you setup a seperate Wifi login password for each vlan?
Yeah you normally setup different ssids for the different vlans - but you could get fancy and do dynamic vlans after an auth to say radius..
-
@johnpoz ah ok cool so your not limied to just 1 like on the asus or dlink or tplink ones i have
i did try looking up the unif but didnt see where you can do multiple vlans
do all the unif allow this? and whats better dwrt or unif? -
@comet424 said in unable to access ips on vlan after changing Gateway/dns:
i did try looking up the unif but didnt see where you can do multiple vlans
Did you look at the summary page for say the U6-lite, one of their popular models currently
https://store.ui.com/collections/unifi-network-wireless/products/u6-lite-us
BSSID 8 per radio
VLAN 802.1QI am not aware of any of their models that don't support vlans.. I have 3 different models of their older wifi 5 models, the pro, the lite and the LR.. And before that I had one of their first models that all supported multiple vlans. I currently have 4 different SSIDs running on mine, all on different vlans.
As to what is better dd-wrt, I would say the unifi are true APs.. the dd-wrt is 3rd party firmware to run on soho wifi routers. While it can vastly improve the feature set over native firmware. Your still at the mercy of the hardware, not saying some soho hardware is not fine. But unifi AP are designed to be actual AP.. they are all powered by poe, so you can proper mount them where a AP belongs, etc.. I would never ever go back to running soho wifi routers as my wifi APs..
-
@johnpoz
hi john i finally got a AP i picked up a tplink ep650 model i got it from a re-store habitat for humanity store for like 40 bucks... so i didnt go the unifi route yet.. only cuz i found it there.. i got it to work in pfsense i set up 3 wifis but i having a trouble i dunno if its a firewall rule or not .. i can not get my home assistant to detect things like my cameras or wifiso how i have it set up is
in my attic
i have pfsense routher ----> managed switch ----> poe switch (Vlan10) for 5 Poe Cameras
and that worksnow from the
managed switched (mikotek)----> my linksys/cisco managed switch in another room...cisco/switch i set up 2 Vlans
Vlan 10 - For Cameras
Vlan 20 - For IoT devices
i set up the tagged, trunk port from managed switch to linksys/cisco managed
and then i ran 2 cables into my unraid box where it hosts Home Assistantand i set that all up
so Home assitant gets 3 ips
192.168.0.x for regular setup
192.168.10.x for the Cameras
192.168.20.x for the IoTnow i figured when all that was setup Home Assistant would see it all but it doesnt.. is there a fire wall rule or something or it cant be done... and you need to run a wire to like the camera switch and some how to the IoT
and for testing purposes i added fire wall rules on Camera Lan and Iot at the top that by passes the vpn on lan that they all **** stars so it opens up fully and home assistant still cant see the Iots Automaticllty or Cameras.. but it can if i manually add things by Ip address
what i doing wrong?
-
forgot to add
managed switch(in attic) to to the Tplink For Wifi Vlan20 that part works
-
@comet424 Why are you giving HA 3 IP's?
You have vlans setup, use them. Put HA on the IoT vlan only. Then set rules to access anything it needs to on the other vlans. -
well orginally i had 1
192.168.0.x as Home Assistant runs as a VM under unraid....... and access my network
and i had swapped out this 4 port card from my pfsense as i ehard from others instead of vlans they used individual ports for HA
so then i set up Vlan Cameras and Vlan IoT
and i have rules set to be open but still nothing so if i change to 1 port for HA on IoT then Ha going to see all the ips on Iot Cameras and lan then automaticlly?
cuz i figured it should have detected so far but doesnt
so for now i by pass my rules and just opened it up
-
@comet424 You're only allowing TCP, change it to any,
and i have rules set to be open but still nothing
What does that mean? What have you been trying to do? If just pinging, then that wouldn't work since you've been blocking ping.
-
@jarhead open it up as means
Source *
Port *
Destination *
Port *
Gateway *means it has no restrictions above any of my other rules like port 123
is what i meant to say.. sorry my disylexia gets best of me...so you can see Lan Camera Iot Devices have 0 restrictions now.. and still HA cant detect anything on the IoT or Cameras
also forgot i have a 3rd Location as the Attic is my Shop on my property..
but ya still unable to get HA to see the IoT Devices and Cameras just anything on LAN is the only thing it can detect
-
like is there other rules i need to get the HA to see it.. how come it can see things on LAN but not Camera or IoT Devices.. do i need to add something under NAT?
oh i tried PING in terminal of HA
i can ping 192.168.0.1
but i cant ping
192.168.10.1
192.168.20.1so i must still need something else right?
-
@comet424 Again, you're only allowing TCP, pings are, and are supposed to be, blocked by your rules.
Change the protocol to IPv4* -
@jarhead oh ok my bad as with my dislexia i read it as just ip4 i had set..
ill try that and see if it detects.. thanks for help so far i appreciate it
-
so i can ping now
192.168.10.1 and 192.168.20.1but i cant ping hostnames under the arp table..
so i have a camera called "cam1" like 192.168.10.21 i can ping the ip not the name
and HA still cant detect iot devices or cameras.. just whats on LAN network.. i made sure to change the TCP to *
-
Where are you testing from? What DNS server is that using to resolve those hosts?
-
@stephenw10 im testing from home assistant terminal, Home assistant Devices where it should pop up things
i also cant ping them from my desktop pc
the dns hosts are
192.168.0.1 for Lan
192.168.10.1 for cameras
192.168.20.1 for iot devices
nordvpn uses whatever dns .. from setting up per there setup..all i know
-
Ok and those IPs are the pfSense interface addresses in those subnet? So both the HA host and your desktop are using pfSense for DNS?
Are the hosts you're trying resolve all configured as static dhcp leases? Is the DNS resolved configured to resolve those?
Steve
-
so not sure 100% what you mean since i dont really change pfsense much and i recently just setup these virtual lans prior i broke up my 192.168.0.1-254 into segments to simulate vlans
so like 1-50 lan 51-100 cameras 101-200 iot devices.. so everything fit under 192.168.0.1 dnsright now i have
192.168.0.1 as a static ip and 192.168.0.3 as my unraid static ip address and HA ip address is 192.168.0.12192.168.10.2 static ip for the unraid card for HA to pass through and 192.168.10.12 for static ip of HA for the Camera side
192.168.20.2 satic ip for the unraid card for the HA pass through and 192.168.20.12 for static ip for the HA for the IoT Devices side
if you mean the dns resolver for dns resolved.. i have it set network interfaces to All and Outgoing network is setup to NordVPN to there instructions
if there is something else i need to configure.. i have no idea.. thats all i know
and at moment the Vlans Cameras and IoTs its setup for DHCP starting range at 20 and only static ips i have are what i mentioned above..
other then that i dont know... hopefully it helps.. sorry if it doesnt and i try to find more info you ask of me
and sorry if i dont make sense my disylexia it sounds ok in my head but may not explain it right
