pfSense keeps disconnecting/reconnecting in UniFi Controller
-
Because its prob seeing arps in both of its networks.. Since the vlan mac and the physical mac are the same..
When you actually physically isolate the traffic that can not happen... But since you have vlans being carried over a dumb switch that doesn't understand them.. Your not actually isolating anything.
This is why you do not run vlan tags over a dumb switch, even if doesn't strip them - it doesn't handle them or isolate traffic..
Notice my igb2 and the 2 vlans that run on it
igb2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: WLAN options=e120bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6> ether 00:08:a2:0c:e6:20 igb2.4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: W_PSK options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> ether 00:08:a2:0c:e6:20 igb2.6: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: W_Guest options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> ether 00:08:a2:0c:e6:20The mac is the same.
-
@johnpoz OK that makes sense. I'm gonna stick a US-8-60W smart switch off the pfsense box and run the APs off that and then chain the dumb switch to a separate port of that switch.
Thanks.
-
@slbailey617 Exactly!!! Since all the devices on your 48 port switch are going to be in the same vlan doesn't matter - it would only ever see traffic in 1 vlan..
Can you not just move your current poe switch to be in front of your 48 port switch? Or you going to have to buy another one.. What you going to do with current one..
pfsense - smart - dumb -- smart.
Where you try and run vlans on that 2nd smart can also lead to issues. If you just going to have in same vlan as you dumb is in, then doesn't matter.
Me and jknott have been going back and forth about this forever - doesn't matter if the dumb switch doesn't strip the tags, it doesn't understand them - so its going to be problematic at best.. You can use dumb switches in your vlan network when they hang off a smart switch and only ever see 1 vlan for traffic... But when you try and run multiple vlans over them - they don't know any better and just send any broadcast, multicast, arp etc over all its ports - which can lead to odd stuff happening, and is not secure to be sure..
-
I'm seeing the same thing on my Unifi Controller. I have all managed switches though. Netgate > 48 port managed switch.
Did you find out if this is an Unifi or Netgate problem?
Thanks.
-
@dragonfire1119 My issue was due to using VLAN tags in pfSense but routing that data to an unmanaged switch first... Once I plugged pfSense into a managed switch, my problem cleared up.
Wasn't a UniFi or a Netgate problem... Was me not using vlan tagging properly.
-
@slbailey617 Thank you for the update! Not sure why this is happening then since every one of my switches are managed? It's disconnecting the Vlan's randomly every so many minutes.
-
What are you actually seeing?
How are the APs and controller actually attached in your network?
-
@stephenw10 I'm seeing in the events on Unifi it's saying my "Netgate disconnected from LAN or Guest Network" (34m connected, 71.5 KB, last) AP.
Not sure if this is normal or not though?
I talked with UI Support and they kept wanting to troubleshoot the wifi, I don't think this has anything to do with wifi?
My Unifi Controller is a Raspberry PI hooked up to my Unifi Switch 48 port and all AP's are hooked up to the same 48 port switch.
Netgate XG-1541 > Unifi 48 Port
AP's 4 of them > Unifi 48 Port
Unifi Controller > Unifi 48 Port
Thanks for the reply.
-
@dragonfire1119 are you using any sort of lagg or lacp to connect 1541 to the switch?
Are you using any sort of tags, guest network is another vlan? Your saying the netgate is being seen on 2 different vlans?
Netgate disconnected from LAN or Guest Network"
So more details on your actual physical connections/tags/interfaces and setup could be helpful
-
Netgate LAN Port > CAT 6 > 48 Port Switch - SFP+ 1G
VLAN's
- LAN - Default VLAN 1
- C Network - VLAN 5
- IOT Network - VLAN 10
- Guest Network - VLAN 30
Almost all these VLANs are a separate network on Unifi as VLAN Only networks.
Unifi Networks
- LAN - Default VLAN 1 - Main LAN - Corporate
- C Network - VLAN 5 - VLAN Only
- IOT Network - VLAN 10 - VLAN Only
- Guest Network - VLAN 30 - VLAN Only
Thanks for the help!
-
@dragonfire1119 did you mean LAN port there - not wan?
You might need to get with unifi forums or support or docs on how unifi determines some device is connected or disconnected..
Your problem sounds related to the OP where all of those vlans will be sharing the same mac.. Not sure how unifi handles seeing the same mac on multiple networks when you have 1 of their switches in the network..
I don't have a unifi switch on my network. So the unifi controller doesn't show me any wired devices only wireless. Hmmm wonder if I could pick up 1 of their cheap $30 switches to play with - have to see if those can be added to the controller to show me wired devices - then I could try and duplicate this sort of problem.
edit: Or maybe their cheap poe one - then I could get rid of my injectors atleast ;)
edit2: Hmmm have to rethink the poe idea.. 1 of the AP I would want to power is OLD lite model before they added 802.3af support. Mine is one of the passive only models.. hmmmm Plus the 100$ poe switches seem to be back ordered anyway.. -
@johnpoz Ya my bad LAN. Programming and responding don't always work out. LOL It's only doing it on certain networks. The really active IoT Network never shows disconnected for some reason. Not sure about the Mac Address idea.
Ya UI Products are always out of stock.
-
@dragonfire1119 So just ordered the USW-Flex-Mini, figured I could swap out the for the old smart netgear I have behind my tv.. Give me a way to play with switch in my controller.. Should be here monday.
It was a bit more on amazon.. But comes out a few dollars cheaper than paying for shipping on ui store.. Let you know if I find anything once I play with it for a bit.
edit:
The really active IoT Network never shows disconnected for some reason
Yeah I wonder if doesn't see mac in X amount of time if marks it disconnected. Can play with that for sure by bringing up device in specific vlan that unifi switch will see, and then turning off client in that network that would be talking to pfsense.. And see if it then say pfsense disconnected after X amount of time.. Curious to play with the switch in the controller for a few different things.. Even if I end up hating it - can swap it out for the dumb switch have at my sons house, his usg and flexHD ap report to my controller. $38 well spent for play time.. hehehe
-
@johnpoz Cool thanks for trying to help and your time on this! Ya, I was thinking that might be it but my LAN network gets used a lot so not sure.
-
@dragonfire1119 how often does it happen? Do you have a rough number - does it happen once a day, does it cycle on and off all the time? Like its log spam? Does it happen just now and then?
-
@johnpoz happens every 4 to 10 mins sometimes like clock work sometimes skips a few.
-
And if you get say a constant ping going from something in that vlan to the pfsense IP in that guest or lan... Does it not do it? Do pings fail?
-
@johnpoz I've set up a ping test on my mac for a day and no packet loss.
-
@dragonfire1119 and while you were pinging - did it still say it disconnected?
-
@johnpoz Yes, it did.
