Host OverRide for UnFi APs
-
Thanks. May I ask why it's called level 3 adoption?
-
@magikmark because your adopting the AP that resides on a different L3 than your controller.
-
@magikmark Nope as I mentioned I ditched Unifi a while back.
https://community.ui.com/questions/pfSense-DHCP-provision-option/b42003ce-7560-4680-8731-805e59459bfc
-
@magikmark said in Host OverRide for UnFi APs:
Do you have a step by step guide?
The step by step guide is given on the link to the L3 adoption - they even provide a pfsense example for setting the dhcp option 43
-
Either SSHing into the access point and setting the inform url or setting a host override in pfSense for 'unifi' should work there. I have done both, neither was especially difficult.
Steve
-
This post is deleted! -
Guys,
LAN: 10.0.1.1
HTPC: 10.0.1.2
Asus: 10.0.2.1
UniFi: 10.0.3.1SSH
- Can't even ssh to the device. I could see U6 in dhcp leases in has an ip of 10.0.3.5. Turned ssh in pfsense. on I can ssh my pfsense box
- Doesn't respond to ping
- Firewall Rule all ports open, any protocol, any source and any destination
DNS
- I have Adguard installed. Is there an effect?
DNS Resolver Entry
- Host: unifi
- Domain: HTPC.pfSense.mylocal
- IP add: 127.0.0.1 or 10.0.1.1 or 10.0.1.2
DHCP Option 43:
- Set this under Unfi Interface
Number: 43
DCHP Option: 43
Type; String
Value: 01:04:0a:00:01:01 (10.0.1.1)
01:04:7f:00:00:01 (127.0.0.1)
Light still steady white. Can't be discovered by the controller
Maybe I missed something? Perhaps rule? -
If you connect anything else to the same subnet does it pull a valid dhcp lease?
The AP could be unable to respond for some reason.
Steve
-
Yes I used to have Netgear / Asus and working fine. Trying to upgrade to Wif6 enterprise grade. Chose Unfi
I thought maybe some configuration since U6 is fairly new
I have echo reply blocked in floating rules. Dunno if it has some effect
The rest of my Floating rules are:
Blocked Ips from Firehol
I have QOS / limiter running as well
-
Can we see screenshots of those rules and firewall logs?
-
For the firewall log:
Its kinda long. It only shows blocking ipv6 on my wirelesslan (asus)
-
@magikmark so you run all your rules in floating.. So there is really no way to know even what direction they are in? Other than your description there saying outgoing or incoming
So in what possible scenario would wirelesslan be an outgoing interface towards whatever is in firehol level 1?
First thing I would suggest is get rid of ALL of those... You understand use of "this firewall" is every IP of the firewall right? But in what scenario would these interfaces be used in the out direction htpc and wirelesslan? Or how would these what I assume are external sources in your aliases be inbound into those interfaces?
What are the rules on your actual interfaces.. Please delete all those rules and show us the rules on your actual interfaces.. You can put your whatever those are suppose to be and do back after you actual have stuff working..
Most of those rules don't even have any hits.. they are all 0/0
Value: 01:04:0a:00:01:01 (10.0.1.1)
01:04:7f:00:00:01 (127.0.0.1)Those are not how you do option 43.. For option 43 you put in the IP of your controller..
-
Ok Will delete those
-
@magikmark what interfaces are those rules on? I can guess that the antilock out is your lan, but you have it named htpc ?
-
Ethernet 1 Wan 192.168.1.2 (ISP)
Ethernet 2 Lan (HTPC) 10.0.1.1
Ethernet 3 Asus 10.0.2.1
Ethernet 4 Unfi 10.0.3.1. -
Floating Rule
Host Override
DhcP Option 43 under the Unifi IP 10.0.3.2
-
@magikmark where did you come up with that hex? I show that converting to 0.0.0.1
That should be the IP of your controller..
-
From
https://www.browserling.com/tools/ip-to-hexUnifi Controller Ip:
10.1.2 -> 0a.00.01.02According to
https://network.unifi.ui.com/
my Controller IP is 10.0.1.2
-
where is that 10.13.128.97 coming from - you make no mention of this 10 network..
-
I have no idea. Unifi just included that,.
Maybe when I was installing the controller I was using the VPN?
