Netgate SG-3100 LAN Address Changes To A VLAN Address
-
Mmm, those are different VLANs it shows it connected on right?
That looks like you might have something connected incorrectly to both maybe.Steve
-
@chrismacmahon That is what I suspected, and for an update, I'm new to this whole enterprise firewall networking thing. When I got the Netgate SG-3100, I also got two other different firewalls from other companies. I tested the UniFi USG yesterday, I took my whole network down to do the test. And guess what, that strange issue with network changing IP switching in the UniFi controller went away with the complete UniFi setup-(UniFi USG - UniFi Switch 8 60W - UniFi Switch 8 - UniFi SHD). The issue seems to be only with other different firewall brands (Protectli and Netgate SG-3100 in my case) at the front end in my case, that I get the strange UniFi controller IP and network switching issues. I've already returned the Proectli, and now I have to make a decision on keeping the much more preferred and powerful and configurable Netgate SG-3100 or just settling with the lest powerful and hard to configure firewall settings and limited IDS/IPS. I like the USG and the UniFi setup but with the USG at the head it's not ready for prime time so to speak, low and slow memory and storage on both USG/USG Pro makes me want to keep the Netgate SG-3100 and hope there's just a configuration I'm just missing or messing up. Help still needed.;) I want to keep the Netgate at the head of my network.;)
-
@stephenw10 Those pics are from two separate time that I notice the issue, the switching can happen after laptop shut down or just closing the UniFi controller and opening it up again only to see it has switched to a different VLAN IP address.
-
Hmm, as Chris said above the actual IP addresses on the SG-3100 interfaces does not change. It seems that Unifi is chnaging the way it either detects it or how it displays it. As though Unifi, perhaps via the switch, can access both interfaces in the SG-3100.
Steve
-
@stephenw10 Ok so is my particular case something that's unique or a known issue for the UniFi controller? My Tinfoil Hat does like it when I open up UniFi and notice that it's showing my pfsense IP address and network as being in a VLAN.;)
-
@stephenw10 Seeing a 192.168.50 IP address that I know is such, showing up in UniFi as a VLAN 172.16.50 IP address isn't comforting, it makes me want to unplug everything because I'm thing of hacking or something else bad. Lol.
-
I'm not sure what those columns show in Unifi or how it determines what the IPs are but I would assume it's from the ARP table somewhere. I think there's a good chance it really is seeing that traffic on the other VLAN which means something is not configured correctly if that's not what you intended.
Steve
-
@stephenw10 I don't know what ARP table is or where to find them, ;) but, I have successfully built a complete UniFi network following the instruction of Tom Lawrence and Cross Talk on YouTube, and I have a perfectly running system VLAN's and all, though slow response and laggy. So, with pfsense as the head of my network, following the same two Youtubers direction, I get this strange UniFi controller dashboard anomaly. So, what is the configuration error I have or am making though I'm following good instruction off YouTube and Netgate's own hangouts?
-
Does the 3100 have interfaces in both those subnets? Are those IPs shown actually both on the firewall?
If so it could just be a display anomaly. Whichever IP is detected first is shown there.
Steve
-
@stephenw10 "Does the 3100 have interfaces in both those subnets?" Yes, 192.168. is my static LAN, 172.16. is my VLAN.
"Are those IPs shown actually both on the firewall?" Again Yes,
"If so it could just be a display anomaly." So, this anomaly is within the UniFi controller then, and nothing to do with the 3100, correct?
So, UniFi isn't so Unifying with other firewall at the head, correct or fare to say? -
If the Unifi controller also has direct access to both those subnets then it would not surprise me to see the 3100 in that list twice. It will have an ARP record for both interfaces.
Since I don't have a Unifi switch I can only guess at what that should be showing though.Steve
-
@stephenw10 I think you're mistaking the pics I have as being one in the same, they're not. The pics are of two separate times, your forum put them together like it's one picture. I uploaded two separate pics from two separate events of seeing the anomaly.
-
@stephenw10 I'm desperately trying to get a clear straight answer from Netgate here. Is the anomaly a UniFi controller issue alone, or is it a Netgate pfsense SG-3100 issue?
-
@hpspar05 said in Netgate SG-3100 LAN Address Changes To A VLAN Address:
@stephenw10 I'm desperately trying to get a clear straight answer from Netgate here. Is the anomaly a UniFi controller issue alone, or is it a Netgate pfsense SG-3100 issue?
@chrismacmahon said in Netgate SG-3100 LAN Address Changes To A VLAN Address:
Unifi cannot change the IP of the SG-3100. This would be a display issue on the unifi controller, most likely there is a configuration issue in unifi that is causing this issue.
Isn't that clear enough for you?
-
@Grimson I don't know who you are dude but you getting ready to help me return the SG-3100 to Netgate. I'm use to yes and no for simple questions. I'm slow to this stuff but learning, so remarks like yours isn't helpful to or for me. You have a nice day. Thanks.
-
It's not an issue with the SG-3100.
It's either just how Unifi displays that or you actually have a layer 2 issue on your network so that both interfaces are visible to the controller and should not be.
I realise that is two photos. What I'm saying is that if you came back to me and said that now it's showing up twice that would not really surprise me. It exists on both subnets connected to both VLANs and it looks like two different switches so both those switch ports would see it connected.
Steve
-
@stephenw10 OK thanks for the clarity, now what’s layer 2? Where should I look for this?
-
That would be two network segments that should be separated connected together. So perhaps a switch port that is untagging a VLAN but shouldn't be. You might see traffic leaking in one direction only and hence see IPs from one VLAN appearing where they should not.
https://en.wikipedia.org/wiki/OSI_model#Layer_2:_Data_Link_Layer
Steve
-
@stephenw10 192.168. isn’t a VLAN only the 172.16. Is. The specific instructions I followed is the Tom Lawrence YouTube titled: UniFi & pfsense Deployment, Setup and Planning with WIFI, VLAN & Guest Network. Do you think using the UniFi CloudKey controller instead of the Windows installed UniFi controller might be at issue, whereas 3100 is head verses the USG?
-
@stephenw10 Ok that’s clear for me;)
