Unifi AP-AC lite clients getting wrong VLAN IP
-
So, I am brand new when it comes to pfSense, had quite some challenges already to get things working but slowly I am getting somewhere. I am slowly replacing my Unifi kit, pfSense replaced my USG, I got a Cisco small business layer 3 switch to replace my Unifi switch and shortly I will get a new Cisco AP.
At the moment my Unifi AP is connected to a Unifi PoE switch and I got two wireless networks, main (or corporate if you want) and IoT. With my USG still running, I got an IP address in VLAN14 on the main wireless network and an IP address in the VLAN15 range when on the IoT wireless network. The AP itself is in VLAN1. Now the pfSense is running, I get an IP address in the VLAN1 range and not VLAN14 anymore (while on the main wireless network obviously). The other wireless network works as intended. Now, maybe this will correct itself with the Cisco AP, but just in case it doesn't - could this be pfSense related and if so, what can I do about it?
Thanks in advance.
-
@johanl79
Not enough information to go on really. Do you have the VLANs, IP ranges, DHCP servers and interface assignments set on your pfSense?
️ -
@johanl79 said in Unifi AP-AC lite clients getting wrong VLAN IP:
So, I am brand new when it comes to pfSense, had quite some challenges already to get things working but slowly I am getting somewhere. I am slowly replacing my Unifi kit, pfSense replaced my USG, I got a Cisco small business layer 3 switch to replace my Unifi switch and shortly I will get a new Cisco AP.
At the moment my Unifi AP is connected to a Unifi PoE switch and I got two wireless networks, main (or corporate if you want) and IoT. With my USG still running, I got an IP address in VLAN14 on the main wireless network and an IP address in the VLAN15 range when on the IoT wireless network. The AP itself is in VLAN1. Now the pfSense is running, I get an IP address in the VLAN1 range and not VLAN14 anymore (while on the main wireless network obviously). The other wireless network works as intended. Now, maybe this will correct itself with the Cisco AP, but just in case it doesn't - could this be pfSense related and if so, what can I do about it?
Thanks in advance.
Unifi does all the "work" for you. Which results in a lot of people not knowing anything about networking. Most likely the port you had the AP plugged into on the Unifi switch was set to vlan "any". which makes the controller send the vlans to where they need to be.
Once you got rid of the Unifi stuff (good move BTW), you now have to send the vlans where you want them.
The switchport you have the AP plugged into now has to be a trunk port and should have vlan1 untagged and vlans 14 and 15 tagged.
Do you have it that way?
Assuming pfSense is doing the layer3 for your vlans, the switchport connected from pfSense to switch will also have to be the same and the vlans would need to be created in pfSense.
Is that the way you have it? -
@jarhead The AP is on the Unifi PoE switch for now because I don't have a PoE injector for it so can't put it on my Cisco switch. That port is set to All, as Ubiquity calls it, which I always assumed is their version of a trunk port.
The Cisco AP will come with a PoE injector so then it will be connected to the Cisco switch.
@RobbieTT Yes pfSense is handling DHCP and has all the VLANs I use. I did get an IP address on a VM when I connected it to VLAN14.
-
@johanl79 Yeah, ALL is sort of a trunk but it needs the controller to actually work. My best guess is that's the issue you're having.
Some models let you select specific vlans along with the ALL (instead of).
Not sure if that was a firmware or model option, but see if you can do that.
If not, get the injector. -
@johanl79
I'll say it with less subtlety; we can only help you when you provide actual meaningful details of your network equipment and topology. For example, loose words such as 'a UniFi PoE switch' means nothing. This could mean a very dumbed-down switch with little functionality or a switch that can handle multiple network profiles, some L3 functionality, DHCP etc. Model numbers count.As for topology, where does your UniFi Network Application (aka UniFi Controller) sit? You mention a USG, which can act as the 'Controller', but you didn't mention where you are running the UniFi Controller once you removed the USG. This issue could be as simple as you removing your controller when you switched-off the USG and are now wondering why UniFi has lost its mind.
We are happy to help, so please add the details.
️ -
@johanl79 as @RobbieTT mentions - are you running the controller? I am not sure if you can setup vlans to ssid on the AP if your not running the controller. There little app setup that you could do with them if not running the controller. I don't believer it allows for vlan setup to ssid. It didn't use to that is for sure.
I use the unifi APs with cisco switch, my APs use poe injectors. Once you setup the ports correctly on the switch to carry the vlans, you just need to make sure that the AP knows that ssid is vlan X or Y, etc.
-
@johanl79 for reassurance, many of us use Netgate / pfSense with UniFi switches, APs, cameras etc in both commercial and domestic locations.
This is a snapshot of my pfSense & UniFi home network (it's the weekend so most of the work-related stuff is off) - big arrow for the Netgate 6100:
️ -
The USG has been taken out of the equation so no, not running it anymore. Based on what Jarhead said I am pretty sure I have my answer, and replacing the AP-AC lite with a Cisco WAP will fix my issue. Thanks everyone for chiming in.
-
@johanl79 So nothing running the controller software on the network then and therefore nothing wrong with the UniFi switch, UniFi AP or pfSense.
It seems odd to pay for new equipment rather than installing a free app. Buying just the Cisco AP will not be enough to fix the uninstalled software problem though, you will need to buy a new switch too.
️(The free app can be run on pretty much anything - Linux, Windows, macOS, VM, the cloud, NAS software etc.)
-
@robbiett Of course I have the Unifi app running, in a VM. But apparently it's not enough for the AP to hand out the proper IP addresses. As I stated in my first post, everything Unifi is going out of the door, I'm waiting for the Cisco AP and a PoE injector for my phone then I won't need the Unifi 8SW PoE anymore and the Unifi controller can go as well.
-
@johanl79 Ok, you have a UniFi set-up issue and we probably should have had this conversation on their forum. UniFi has no issues running with pfSense and some make this their default business model (see Tom Lawrence as an example). What you originally enquired about was your VLANs, something easily managed with pfSense and your UniFi equipment.
It's taken a while to even understand your equipment and network topology but I think we all understand that now. You have set your mind on purchasing different equipment rather than adjusting your current settings on your new VM-based controller in order to fix your original stated issue.
️
