Netgate SG-3100 LAN Address Changes To A VLAN Address

stephenw10

Does the 3100 have interfaces in both those subnets? Are those IPs shown actually both on the firewall?

If so it could just be a display anomaly. Whichever IP is detected first is shown there.

Steve

hpspar05

@stephenw10 "Does the 3100 have interfaces in both those subnets?" Yes, 192.168. is my static LAN, 172.16. is my VLAN.
"Are those IPs shown actually both on the firewall?" Again Yes,
"If so it could just be a display anomaly." So, this anomaly is within the UniFi controller then, and nothing to do with the 3100, correct?
So, UniFi isn't so Unifying with other firewall at the head, correct or fare to say?

stephenw10

If the Unifi controller also has direct access to both those subnets then it would not surprise me to see the 3100 in that list twice. It will have an ARP record for both interfaces.
Since I don't have a Unifi switch I can only guess at what that should be showing though.

Steve

hpspar05

@stephenw10 I think you're mistaking the pics I have as being one in the same, they're not. The pics are of two separate times, your forum put them together like it's one picture. I uploaded two separate pics from two separate events of seeing the anomaly.

hpspar05

@stephenw10 I'm desperately trying to get a clear straight answer from Netgate here. Is the anomaly a UniFi controller issue alone, or is it a Netgate pfsense SG-3100 issue?

Grimson

@hpspar05 said in Netgate SG-3100 LAN Address Changes To A VLAN Address:

@stephenw10 I'm desperately trying to get a clear straight answer from Netgate here. Is the anomaly a UniFi controller issue alone, or is it a Netgate pfsense SG-3100 issue?

@chrismacmahon said in Netgate SG-3100 LAN Address Changes To A VLAN Address:

Unifi cannot change the IP of the SG-3100. This would be a display issue on the unifi controller, most likely there is a configuration issue in unifi that is causing this issue.

Isn't that clear enough for you?

hpspar05

@Grimson I don't know who you are dude but you getting ready to help me return the SG-3100 to Netgate. I'm use to yes and no for simple questions. I'm slow to this stuff but learning, so remarks like yours isn't helpful to or for me. You have a nice day. Thanks.

stephenw10

It's not an issue with the SG-3100.

It's either just how Unifi displays that or you actually have a layer 2 issue on your network so that both interfaces are visible to the controller and should not be.

I realise that is two photos. What I'm saying is that if you came back to me and said that now it's showing up twice that would not really surprise me. It exists on both subnets connected to both VLANs and it looks like two different switches so both those switch ports would see it connected.

Steve

hpspar05

@stephenw10 OK thanks for the clarity, now what’s layer 2? Where should I look for this?

stephenw10

That would be two network segments that should be separated connected together. So perhaps a switch port that is untagging a VLAN but shouldn't be. You might see traffic leaking in one direction only and hence see IPs from one VLAN appearing where they should not.

https://en.wikipedia.org/wiki/OSI_model#Layer_2:_Data_Link_Layer

Steve

hpspar05

@stephenw10 192.168. isn’t a VLAN only the 172.16. Is. The specific instructions I followed is the Tom Lawrence YouTube titled: UniFi & pfsense Deployment, Setup and Planning with WIFI, VLAN & Guest Network. Do you think using the UniFi CloudKey controller instead of the Windows installed UniFi controller might be at issue, whereas 3100 is head verses the USG?

hpspar05

@stephenw10 Ok that’s clear for me;)

stephenw10

I think it's more likely to be just how Unifi displays that data.

The Unifi controller pulls data from the switches and they obviously see data on all the attached segments. I don't know how it decides what to display there or why it changes. It could just be whatever it 'sees' first. It would also seem completely reasonable to me if it showed both interfaces since the switches can see both.

However if it was a config issue that's exactly where I might expect it. Something in the network incorrectly stripping the VLAN tags off leaving traffic that should be in a VLAN in the untagged segment. I actually have a crappy switch that does exactly that with broadcast packets. I stopped using that for VLANs!

Steve

hpspar05

@stephenw10 I hear and understand you better now. Well I’m going to take out the USG and put back the 3100 as the head. I’m going to tear down the whole network again and start from scratch. I’m also going to throw this anomaly display issue to UniFi customer service, maybe they got two cents on this issue. Thanks Stephen for your time and patience with a real noob, did I spell that right? ;) Lol.

hpspar05

@chrismacmahon I got an update from UniFi just now, I know I'm slow to understanding this stuff but it seems that they are saying that there's a configuration issue/errors with the UniFi controller when using other firewalls with their stuff. But I see many people/companies using the same combination of netgate and uniFi, so what's going on with my situation/configuration? UniFi is seemingly saying use their products and you won't have the problem you're having.

"Nikita B (Ubiquiti Networks Help Center)
Apr 10, 12:55 PDT
Hi,

Unifi Switch and the UAP's are Layer 2 devices. They cannot be used for assigning the ip address to the clients. It needs to have a DHCP server/router for transferring the IP.

The cloud key controller will only host the controller and is not capable of assigning DHCP IP.

You can only assign static IP to client devices if you have USG connected in your network.
More info on USG : https://www.ubnt.com/unifi-switching-routing/usg/

Thanks!
Nikita B
Ubiquiti Networks

stephenw10

That makes no sense at all, they are not addressing the issue you are seeing there.
What question did you send to them to generate that response?

Steve

hpspar05

@stephenw10 They asked me for this stuff from the switch first, then after a few day I got that reply I sent earlier.

Stanley S (Ubiquiti Networks Help Center)
Apr 7, 02:18 PDT
Hi Levidholman,

Please share the system config file and support file.

You can get them from below path,

Settings >> Maintenance >> Download support info

Settings >> Maintenance >> Show system config, take the screenshot of it and share it here.

Thanks!
Stanley S
Ubiquiti Networks

hpspar05

@stephenw10 And these,

Nikita B (Ubiquiti Networks Help Center)
Apr 10, 13:14 PDT
Hi,

The uniFi Devices that you have are not capable of assigning the IP address (USW 8 60W and UAP SHD).
You'll need to check Netgate firewall if that provides DHCP IP to the end users.

Thanks!
Nikita B
Ubiquiti Networks

Levidholman
Apr 10, 13:08 PDT
I not an advanced user, I’m a complete novice, I don’t know what you are trying to tell me the problem is or what I need to do to fix the issue I’m having. Can you layout for me what I need to do or change in my net work that’s causing the problem? My network is this Netgate SG-3100 pfsense firewall – UniFi switch 8 60W - UniFi switch 8 – UniFi SHD AP, I take it that the issue is within the configuration in the UniFi controller and Netgate firewall? What do I need to do? Thanks

chrismacmahon

What device is assigning the address 172.16.80.10 address?

hpspar05

@chrismacmahon The 3100, I setup all four of the VLAN addtresses in the 3100 first then I went to UniFi controller and put the VLAN tags there like Tom Lawrence did in his YouTube tutorial.