Netgate SG-3100 LAN Address Changes To A VLAN Address
-
Hmm, as Chris said above the actual IP addresses on the SG-3100 interfaces does not change. It seems that Unifi is chnaging the way it either detects it or how it displays it. As though Unifi, perhaps via the switch, can access both interfaces in the SG-3100.
Steve
-
@stephenw10 Ok so is my particular case something that's unique or a known issue for the UniFi controller? My Tinfoil Hat does like it when I open up UniFi and notice that it's showing my pfsense IP address and network as being in a VLAN.;)
-
@stephenw10 Seeing a 192.168.50 IP address that I know is such, showing up in UniFi as a VLAN 172.16.50 IP address isn't comforting, it makes me want to unplug everything because I'm thing of hacking or something else bad. Lol.
-
I'm not sure what those columns show in Unifi or how it determines what the IPs are but I would assume it's from the ARP table somewhere. I think there's a good chance it really is seeing that traffic on the other VLAN which means something is not configured correctly if that's not what you intended.
Steve
-
@stephenw10 I don't know what ARP table is or where to find them, ;) but, I have successfully built a complete UniFi network following the instruction of Tom Lawrence and Cross Talk on YouTube, and I have a perfectly running system VLAN's and all, though slow response and laggy. So, with pfsense as the head of my network, following the same two Youtubers direction, I get this strange UniFi controller dashboard anomaly. So, what is the configuration error I have or am making though I'm following good instruction off YouTube and Netgate's own hangouts?
-
Does the 3100 have interfaces in both those subnets? Are those IPs shown actually both on the firewall?
If so it could just be a display anomaly. Whichever IP is detected first is shown there.
Steve
-
@stephenw10 "Does the 3100 have interfaces in both those subnets?" Yes, 192.168. is my static LAN, 172.16. is my VLAN.
"Are those IPs shown actually both on the firewall?" Again Yes,
"If so it could just be a display anomaly." So, this anomaly is within the UniFi controller then, and nothing to do with the 3100, correct?
So, UniFi isn't so Unifying with other firewall at the head, correct or fare to say? -
If the Unifi controller also has direct access to both those subnets then it would not surprise me to see the 3100 in that list twice. It will have an ARP record for both interfaces.
Since I don't have a Unifi switch I can only guess at what that should be showing though.Steve
-
@stephenw10 I think you're mistaking the pics I have as being one in the same, they're not. The pics are of two separate times, your forum put them together like it's one picture. I uploaded two separate pics from two separate events of seeing the anomaly.
-
@stephenw10 I'm desperately trying to get a clear straight answer from Netgate here. Is the anomaly a UniFi controller issue alone, or is it a Netgate pfsense SG-3100 issue?
-
@hpspar05 said in Netgate SG-3100 LAN Address Changes To A VLAN Address:
@stephenw10 I'm desperately trying to get a clear straight answer from Netgate here. Is the anomaly a UniFi controller issue alone, or is it a Netgate pfsense SG-3100 issue?
@chrismacmahon said in Netgate SG-3100 LAN Address Changes To A VLAN Address:
Unifi cannot change the IP of the SG-3100. This would be a display issue on the unifi controller, most likely there is a configuration issue in unifi that is causing this issue.
Isn't that clear enough for you?
-
@Grimson I don't know who you are dude but you getting ready to help me return the SG-3100 to Netgate. I'm use to yes and no for simple questions. I'm slow to this stuff but learning, so remarks like yours isn't helpful to or for me. You have a nice day. Thanks.
-
It's not an issue with the SG-3100.
It's either just how Unifi displays that or you actually have a layer 2 issue on your network so that both interfaces are visible to the controller and should not be.
I realise that is two photos. What I'm saying is that if you came back to me and said that now it's showing up twice that would not really surprise me. It exists on both subnets connected to both VLANs and it looks like two different switches so both those switch ports would see it connected.
Steve
-
@stephenw10 OK thanks for the clarity, now what’s layer 2? Where should I look for this?
-
That would be two network segments that should be separated connected together. So perhaps a switch port that is untagging a VLAN but shouldn't be. You might see traffic leaking in one direction only and hence see IPs from one VLAN appearing where they should not.
https://en.wikipedia.org/wiki/OSI_model#Layer_2:_Data_Link_Layer
Steve
-
@stephenw10 192.168. isn’t a VLAN only the 172.16. Is. The specific instructions I followed is the Tom Lawrence YouTube titled: UniFi & pfsense Deployment, Setup and Planning with WIFI, VLAN & Guest Network. Do you think using the UniFi CloudKey controller instead of the Windows installed UniFi controller might be at issue, whereas 3100 is head verses the USG?
-
@stephenw10 Ok that’s clear for me;)
-
I think it's more likely to be just how Unifi displays that data.
The Unifi controller pulls data from the switches and they obviously see data on all the attached segments. I don't know how it decides what to display there or why it changes. It could just be whatever it 'sees' first. It would also seem completely reasonable to me if it showed both interfaces since the switches can see both.
However if it was a config issue that's exactly where I might expect it. Something in the network incorrectly stripping the VLAN tags off leaving traffic that should be in a VLAN in the untagged segment. I actually have a crappy switch that does exactly that with broadcast packets. I stopped using that for VLANs!
Steve
-
@stephenw10 I hear and understand you better now. Well I’m going to take out the USG and put back the 3100 as the head. I’m going to tear down the whole network again and start from scratch. I’m also going to throw this anomaly display issue to UniFi customer service, maybe they got two cents on this issue. Thanks Stephen for your time and patience with a real noob, did I spell that right? ;) Lol.
-
@chrismacmahon I got an update from UniFi just now, I know I'm slow to understanding this stuff but it seems that they are saying that there's a configuration issue/errors with the UniFi controller when using other firewalls with their stuff. But I see many people/companies using the same combination of netgate and uniFi, so what's going on with my situation/configuration? UniFi is seemingly saying use their products and you won't have the problem you're having.
"Nikita B (Ubiquiti Networks Help Center)
Apr 10, 12:55 PDT
Hi,Unifi Switch and the UAP's are Layer 2 devices. They cannot be used for assigning the ip address to the clients. It needs to have a DHCP server/router for transferring the IP.
The cloud key controller will only host the controller and is not capable of assigning DHCP IP.
You can only assign static IP to client devices if you have USG connected in your network.
More info on USG : https://www.ubnt.com/unifi-switching-routing/usg/Thanks!
Nikita B
Ubiquiti Networks