My pfsense to unifi switch setup doesn't look right

  • hello

    I have a pfsense sg-3100 box connecting to a unif 24 port poe switch. I have a couple of vlans on the pfsense and also replicated on the unifi switch. Things seem to be working ok but something doesn't look right. On the unifi box, I see the connection to pfsense bouncing around. On the unif box, I have the trunk to pfsense configured with the "all" switch port profile.

    Can someone help me figure out exactly how to setup the connection between the pfsense box and the unifi switch ? I have asked here before how to do this but got nowhere since this is a bit over my head. So just dumb it down for me. thx.


    my pfsense setup:
    pfsense setup.PNG

    unifi network
    unifi network.PNG

    the view from the unifi side

  • Bump. Anyone ?

  • LAYER 8 Global Moderator

    How do you have the vlans setup on the pfsense switch ports? You only have your switch connected to 1 of these ports. Or do you have your switch connected to multiple of the switch ports on the 3100?

  • hello @johnpoz I have just one trunk connection to the unifi switch - from lan 1 port on the netgate sg-3100 to the port on the unifi switch configred with a trunk profile i.e all vlans are tagged , including the management vlan. Nothing else is connected to the pfsense box besides the wan connection.

  • LAYER 8 Netgate

    Interfaces > Switches

    How are the Ports and VLANs configured?

  • hello @Derelict

    hope this helps.

    Screenshot 2019-07-07 20.24.28.png Screenshot 2019-07-07 20.23.43.png

  • LAYER 8 Netgate

    Yeah. You have to switch to dot1q mode and set up the VLAN tags on the switchport going to the switch and the trunk port uplink to the SoC.

  • I tried that and got a bit confused there. some questions:

    • assuming i am using port 4 for the trunk to my unifi switch, do I need to setup the same configuration for the other 3 ports on the sg-3100? ( 1-3), or can i just set this up for port 4 only?

    • on port 4, does 4 need to be tagged or not? 4t5t or 4,5t? I read here that the trunk port to the unifi switch will need all items tagged? I followed the steps there and also repeated the same for every vlan i already had, all with 4t,5t.

    • on the unifi side of th trunk, do i tag all vlans coming to th epfsense box including the management vlan? ( which will be the vlan number for the new dot1q port 4)

  • LAYER 8 Netgate

    4t,5t for all VLANs. You can set each switch port up differently. pfSense sees whatever is on port 5, tagged (mvneta1.VLAN) or untagged (mvneta1).

  • will do so and report back. many thanks.

  • Switched to dot1q mode and setup as shown below. got internet connectivity on all clients. On the unifi side of the trunk, all the vlans are tagged ( 99 for management and 1001 - 1005). And yet, the connection seems to be bouncing around the different vlans as before. See the screenshot where the mac address of the SG-3100 is shown on the home network? In a few seconds it will rotate to another of the vlans. Not sure why this is happening ... I am hoping folks here who have setup the same trunk with a unifi switch can explain this or help solve it.

    Screenshot 2019-07-07 21.45.58.png

    Screenshot 2019-07-07 21.46.15.png

    Screenshot 2019-07-07 21.47.19.png

    Screenshot 2019-07-07 21.48.33.png

Log in to reply