Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    question about VLANS and rebooting Pfsense

    Scheduled Pinned Locked Moved General pfSense Questions
    19 Posts 4 Posters 712 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      I've never used those Omada controlled APs myself but I would check what their behaviour is when they lose their upstream gateway. Quite a few managed APs like that will helpfully stop being an AP (broadcasting an SSID) if they think they have lost upstream connectivity.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @stephenw10
        last edited by

        @stephenw10 while that is possible sure - that would be moronic.. An AP ip is just management it has nothing to do with providing services to clients using the AP for a wireless connection. Why should it stop providing wifi if the gateway goes away for its management IP, or for that matter even the wireless networks its providing - but it has no way to even know the gateway is done since it would even have an IP on some vlan to be able to check from.

        The omadas are pretty much a copy of the unifi stuff - I mean like duplication copy.. They have some differences in their controller - but last time I looked it was pretty much a duplicate of the unifi controller - other than the branding on it.. The unifi controllers can be offline forever and the AP still function.

        So why would it shut down its wifi if its management network can not talk to its gateway or the controller even? That would be horrible design.. But yeah guess its possible. But his drawing doesn't even have any APs listed.. And is that tplink on his sisters network omada or just your typical tplink AP, is it really an AP or a wifi router being used as an AP? For all we know its doing nat and routing, and maybe if it looses access to its gateway (pfsense) it shuts down routing? from its lan to its wan? Since it can not get to its wan.. It could be maybe even have 192.168.1 on both sides? Which shouldn't even work - but I have seen some wifi routers pass traffic even when their wan and lans are the same network.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by stephenw10

          Mmm, indeed. My Unifi AP did that though. Until I put OpenWRT on it. 😉

          I didn't even have anything complex enabled on it that might have required access to the controller. Like the captive portal.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @stephenw10
            last edited by

            @stephenw10 Well when I get a chance I will pull the cable for for my wifi networks from pfsense.. I have native network and then some vlans where my iot stuff, is another one where my rokus/tvs are on, etc..

            There is no way AP should shut down their wifi because they can not talk to the management gateway. And I will shut down my controller vm.. But that goes down all the time and all my wifi still works.

            But I would bet a large sum of money it has no effect. Wife is leaving in like 15 minutes - I will do it then and report back.

            My main trusted wifi network (management as well for the AP and controller are on my native 192.168.2.0/24 network.. Then I have a guest wifi, trusted and eap wifi (this should fail) because it uses radius for eap-tls auth. And it won't be able to talk to pfsense where freeradius runs to do the auth. But my trust, roku and iot networks which I have both wired and wireless devices on 192.168.2.0/24, 192.168.4.0/24, 192.168.7.0/24 should all continue to function.

            oh my roku network is on its own uplink - will pull that cable to.

            wifi.jpg

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              It's been a while. But I remember being really confused by it the first time I saw it. Looks like it was the Uplink Connectivity Monitor though. It ping the management gateway and if it fails it stops broadcasting the SSID. Fun*.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @stephenw10
                last edited by johnpoz

                @stephenw10 ok back - I shutdown my interfaces on pfsense..

                I had to set manual IPs on the network I wasn't already on.. So the 192.168.2 I was already on when I shut down the controller and interfaces on pfsense.. Pings just fine - that IP is one of my APs

                The 7 address my my roku ultra, and the 4 is one of my smart lightbulbs.

                Other than phone not wanting to connect to the different networks when dhcp wasn't there - I was able to get it to connect if changed the profile to manual IP..

                access.jpg

                You can see my phone says there is no internet on my roku network - 192.168.7 netweork.. And still pinging devices on that network just fine.

                Oh I don't run that monitor - your limited to number of ssids you can run when that is on.. So its off.. I had to switch back to legacy interface to find it - I don't even see it listed in new ui.

                uplink.jpg

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 1
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Mmm, as I say it's been a while and the unifi docs didn't show anything current. So maybe they removed it or at least disabled it by default.

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @stephenw10
                    last edited by

                    @stephenw10 take a look at my edit - took a while to find it, had to switch back to legacy ui to find it.. But you can see if you run more than 4 ssids you can't run it. I had turned it off long time ago.. Since I run 5 ssids.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Nice. Yeah I'm pretty sure it was on by default back when I was using it. I spent a while trying to diagnose power failure in the AP because it didn't occur to me that it would stop being an AP for any other reason.

                      Anyway be aware that such a thing exists and maybe Omada copied it.

                      C 1 Reply Last reply Reply Quote 0
                      • C
                        comet424 @stephenw10
                        last edited by comet424

                        @stephenw10 @johnpoz
                        as for the vlan names on my sisters i guess i could just left out saying i made the same on her network since its not in use.. guess i make more confusion adding in stuff

                        i going to get my sister to test her network tommorow with the extra TP link antenna and remove the round disc version to see if its just a faulty AP maybe

                        as for my cable.. ya ive re terminated both ends still get 100mbp at half speed but since i been around a while i remember and still have my BNC coaxal network cable and cards for 10mbp when i used to host BBS Lan partys 80s 90s and 1200 baud and 33k modem even the modem for the Texas Instrument I99 i still have kicking around take ur phone and jam it on the suction cups.. 40+ years of networking of just standard LAN i only started using Vlans last couple years as my LAN was getting too cluttered...

                        so ya about the VLANs i was curious ya so VLAN 10 even though its embedded on 2 networks a few switchs apart will still be able to access even with pfsense down.. as i figured might go down too as i was going to move then the shinobi recording computer to the same switch as the cameras but then wouldnt solve for the 2nd switch of cameras at 2nd location..

                        i still playing around with pfsense high availability and had those questions about it above.. but i going to play around with it more.. pfsense pretty stable as long as hardware is good had it running on my sisters computer a dell from 15-20 years ago but it just started glitch now so i built a newer version as i thought also maybe the glitching computer for the AP issues .. but didnt solve it.. but i do love the verstile use of any computer pfsense will install on..

                        i appreciate the help so far
                        oh and i still have my 1 server thats still plugged in my network from 26 27 years ago running windows 98 and i ran Microsoft Wingate thats how we supplied dhcp internet for a lan party on 28.8k modem for 10 guys in a basement for a week at a time.. memories lol and that comp still works to this date but i dont miss dip switch networking

                        im just hoping i can test out what 1gb internet speed is before i dead.. as 3mbps speed is like dial up for the 80s 90s all over again now a days lol

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.