Routing question
-
Four interfaces. WAN, LAN, WIFI, and WIFI_GUEST
Bone stock install so far.
Trying to set up a Unifi AP on the WIFI_GUEST interface's network. Can ping and ssh into said AP from the LAN, but can't manage the AP using the web-based manager. Another system on the LAN can't ping any interfaces on the pfsense machine except the default gateway. Not sure what is going on there….
Anyway, wondering if I need to allow certain protocols, if anything is blocked or denied by default.
My ultimate goal is to completely isolate the WIFI_GUEST network on its own pf interface and only allow it internet access, with bandwidth restrictions. And allow only certain hosts on the WIFI interface's network to access the LAN interface's network.
Thanks.
-
The unify gear i know doesnt have a web GUI.
You need to run the controller software to manage them
-
You're right, sorry, that's what I mean.
When both APs are on the same LAN, I can manage both.
When the guest AP is plugged into my firewall's guest interface, I can ping it, and ssh into it. The notifier is set up to the proper address (management PC) but it shows as 'disconnected' under the manager.
Wondering if pf is to blame, or if something else is afoot.
-
Where is your controller running? On your lan, and your AP are on 2 different networks wifi and wifiguest? Why do you not just put the AP on your lan and use vlans for wifi and wifi_guest? So then you controller can see your AP on layer 2.
If you want your AP on different layer 2 network than your controller then you need to use layer 3 adoption and management.
https://help.ubnt.com/hc/en-us/articles/204909754-UniFi-Layer-3-methods-for-UAP-adoption-and-management