Solved! Has anyone recently (2024) set up a VLAN using pfSense and Unifi Network application and switches? (DHCP back-end has to be ISC)
-
@Gblenn So, the way I have Port 1 configured is like this:
and yeah just looking at this page it appears Port 1 isn't tagged. But! drilling into it shows this for Port 1 and Port 3:
Unless the Unifi UI is once again messing with my brain (quite possible), the way I understand this is that Port 1 and Port 3 are set for Default but also is tagged for the Automation VLAN.
If I just tag Port 1 by setting the Native VLAN/Network to Automation, this is when all network comm halts. I assume that's because nothing else on the switch can get to the router (but who knows, that's just my assumption). Nonetheless, that's what I have observed via testing.
I did the test you suggested. With a PC plugged into Port 2, set up like this:
it does not get an IP, just spins a bit then gives up.
-
Here are the screenshots from pfSense.
-
@NGUSER6947 Well I can't see anything out of the ordinary there. It looks like it's correctly set up in pfsense. Perhaps one more thing... there is a menu item under Interfaces called Switch / VLANs, correct? What does that look like?
Aaand, I assume you are connecting the switch to the port with the label LAN on the Netgate device? -
In addition to everything that has Been said here. I noticed that you are Using the KEA back end. As a last resort, you may want to try switching the back to ISC and see if that makes any difference. I know the first time you tried to do this you were probably using ISC. Even though that didn’t work out. KEA is still in the detail shop and not ready for the showroom floor.
-
@Gblenn This is the setup page you asked about:
And yes, the switch is plugged into the LAN port on pfSense.
-
@Uglybrian To change it to ISC where is that, also do I need to restart the router or just save and apply changes?
-
@Gblenn I did some research and apparently with the SG-1100 you have to set up tagging inside Interfaces/Switch/VLANs.
This is how I have it configured now, which exactly matches several of the tutorials I found:
Still, no happiness. Neither a wifi device or the PC I have plugged into Port 2 (which is tagged) will obtain an IP.
-
If you want to give it a try. Go to System> Advanced> Networking. Click on ISC DHCP then save at the bottom. There is no need to restart the router.
-
@Uglybrian Well sure enough, that did it! Man, this has been driving me nuts.
Phone connected right away.
Thanks to you and @Gblenn for your help and assistance.
-
@NGUSER6947 Great that it works now, but really strange that KEA would be the culprit. I think you had some issues with KEA all along, which you didn't notice until you were testing with something requiring a new IP. I would try changing back to KEA to see if it still works, which I'm guessing it will...
-
@Gblenn yeah I may try that at some point. Since ISC is marked "Deprecated" I would think that KEA would be pretty well sorted out by now.
-
@NGUSER6947 Yes but things seem to pop up, at least in discussions. I had it crash a few months back and it didn't want to restart due to a lock file lingering, so changed back. But I also have it running on another instance on CE where it's been working fine...