Unable to use SFP as a trunk from pfSense router to UniFi switch where I can tag VLANs from the switch ports.

caramel_juni · Nov 21, 2023, 3:50 AM

Hi all!

So, for some context, I'm experimenting with the following setup:

ISP Modem ---[ETHERNET]--> pfSense 7100U ---[SFP+ Trunk]---> UniFi USW-Pro 48-port Managed Switch

I then plan to assign & manage VLAN tagging from the UniFi switch based on which ports devices are plugged into: e.g. first 8 ports are for Management Network Devices, next 8 are for Guest Network Devices, and so on.

Now, I believe I've managed to get the SFP connection working as a trunk from the pfSense to the UniFi switch, with devices connected to the switch being assigned IPs & able to connect to the internet, but that's without adding specific VLANs per port range, so all of the connected devices are just on the single SFP0 network at present.

However, I have encountered two major limitations/roadblocks.

As soon as I set a UniFi switch port to assign specific VLAN tags to any passing traffic, the device connected to the port is stuck without an IP and internet access. I have restarted & reconfigured the DNS resolver & DHCP servers, and added firewall rules to ensure the SFP0 network can communicate with the desired VLAN, all to no avail. Does anyone have any experience using SFP as a trunk to a switch & tagging VLANs from the switch ports???
(less of an issue, but may indicate the SFP isn't passing/using VLANs properly) The SFP port I'm using (Network port ix0, mapped to Interface SFP0) does not work when I try and assign a native VLAN to ix0 (see the not working SETUP 2, "VLAN 110 on ix0 - opt4 (SFP Switch Management)", compared to the working SETUP 1).

Just a bit of a puzzling situation, and was wondering if anyone could lend a hand. To confirm, I have got this setup working when using an ETHERNET cable as a trunk, but not the SFP cable - see the guide I wrote here.

Below are snapshots from my config if needed. Thank you!! <33

SETUP 1: (Network port `ix0`, mapped to Interface `SFP0`) - working:

SETUP 2: (VLAN & Network port: `VLAN 110 on ix0`, mapped to Interface: `SFP0`) - NOT WORKING:

Interface settings, DHCP server, DNS resolver config & firewall rules below (all UNCHANGED throughout the above scenarios):

SFP Interface Settings

SFP DHCP Server Settings (everything further down on the page is default)

DNS Resolver Settings

Firewall - Switch SFP Network

Firewall - Destination VLAN

UniFi Port Tagging Settings (when set to the below settings, connected device is unable to connect/be assigned IP on the desired VLAN (ADLOFFICE, VLAN 70)

laser22 · Dec 8, 2023, 5:34 AM

in my setup I have my pfsense system connected via a SFP+ with 5 vlans---on my cloudkey plus 2 my xg-16 has port 1 set as the trunk port whereby the port configuration is set to ALL- my nanoHD is attached via rj45 to xg-16 port 15 port config is the parent LAN and associated vlans.
has worked great- have you checked out your port configuration profiles? are myou using a global config that might not be selected or selected and it shouldnt be?

caramel_juni · Dec 14, 2023, 1:25 AM

@laser22 Hiya, thanks so much for the response. Would you be able to send/DM me your pfsense config, and screenshots from unifi? Would be a massive help <33

laser22 · Dec 28, 2023, 4:27 PM

@caramel_juni
just got back on forum was sic k---did you get this working?

laser22 · Dec 28, 2023, 4:35 PM

@caramel_juni
also noticed that your using a LAGG network make sure your unifi supports it (sure it does) and I think aggregation is the unifi setting-

I also assign all my unifi devices a static IP address- otherwise I have seen my cloudkey list my trunk port gateway address as on of the vlans rather than the parent interface address-