No video
Ubiquiti UniFi & pfSense - How To Move UniFi Devices To A Separate Management VLAN
Рет қаралды 6,039
Күн бұрын
@sweetsdream 2 жыл бұрын
This channel is underrated. Great information!
@Foiliagegaming 2 жыл бұрын
Thank you for this video. I have been banging my head against the wall with this.
@redadz9105 2 жыл бұрын
Hi, Thank you for the awesome video. I have 2 simple questions: 1. How do you put Unifi Controller on different management VLAN,? (in your example VLAN 15)? 2. Does the port where the Unified Cloud Key is connected to needs to be configured as a untagged (Native) port or as Tagged port? Thanks again for your tutorial.
@hz777 2 жыл бұрын
To answer both questions: once you create the VLAN in controller, a corresponding port profile will be created automatically. I simple assign that port profile to the port that my cloud key was connected with.
@redadz9105 2 жыл бұрын
@@hz777 Hey thank you for your quick answer. I tried this, when I change that port to the new port profile I loose connection, I am connected to the same switch with my pc. Do you know what the are the right steps to do this without loosing the connection? Thanks again for your precious help
@hz777 2 жыл бұрын
You lost connection to your controller? Or your controller lost connections to your devices? If former, have you set the firewall rules so that you can connect to the VLAN? If latter, you may need to work on L3 adoption. I do have a video about L3 adoption.
@redadz9105 2 жыл бұрын
@@hz777 Thank you for the hint and yes you are right, the devices lost connections to the controller. I have seen most of your videos on Unifi. Thank you. I will try L3 adoption and let you know. Thanks again.
@jkw75 8 ай бұрын
Great learning video, I have been trying to do something similar but I keep getting into the same problem, each time I try to move the switch and APs to the management vlan , the switch and AP get disconnected after provisioning, what am I doing wrong
@hz777 8 ай бұрын
I have never had such issues. Are you able to ping the new IP addresses of your UniFi devices from the vlan where you run the network controller?
@psycl0ptic Жыл бұрын
What about using the "Device Update Cache" feature? rather than giving your devices internet access. "Download and Save device firmware to your Network Application, in order to update unifi devices that don't have internet access"
@hz777 Жыл бұрын
Yes, that works if you want to disable internet access on management network.
@danielstergaardnielsen5310 Жыл бұрын
Great video! Have you tried to change mgmt vlan on the unifi routers also?
@hz777 Жыл бұрын
I use pfSense in my home network, so do not have the need. But I am not aware of such settings. It seems ti me the default LAN is the one for router.
@danielstergaardnielsen5310 Жыл бұрын
Thanks for you reply! I use a FortiGate as my home network router atm, but am considering to replace it with a UXG-Pro. I will try to see if its possible to use the port profile method you showed, but im not confident it will work..
@ripvanwinkle2741 2 жыл бұрын
Do you also manage pfsense via the management vlan? Could you do a video on how you configured pfsense?
@hz777 2 жыл бұрын
I use a custom-built small factor PC for my pfSense. I don't know whether the box from Netgate comes with dedicate management port, but in my understanding you want to manage pfSense using the interface where the "Anti-Lockout" firewall rule resides. So, I simply use my default LAN network for pfSense management.
@hz777 2 жыл бұрын
Here is a link talking about management port for pfSense: docs.netgate.com/pfsense/en/latest/recipes/remote-firewall-administration.html
@andymueller786 2 жыл бұрын
Hi Iwould like to create a separte Management in UDM Pro. I created a managment vlan. In the local Rule of UDM Pro, I made a Rule from the management vlan pointing to the ip address of the controller. Then I created a block rule for port 22, 80 and 443 in order to block the access. I put the block rule before hte allow rule and moved the entire devices into the new management vlan. I had to wait a few moments till all the devices became provisioned int the new managment rule. Is way I proceeded correct ? Thx for your help.
@hz777 2 жыл бұрын
Hi, I am not sure whether I completely follow what you described, but it seems you were doing two different things: firewall rule setup and moving devices to management VLAN. Without all the rules, were you able to move your devices to management VLAN? If yes, then if you activate the rules, do you still see issues?
@andymueller786 2 жыл бұрын
with the lokal firewall rules from the management vlan to the controller LAN, I was able to move all the devices from the LAN to the management vlan. Is there another way to successfully proceed without any rules in UDM Pro?
@hz777 2 жыл бұрын
@@andymueller786 you have to have rules to allow the traffic between the two VLAN’s. I believe the default generated rules allow any to any, and you can narrow the access by adding new rules above the generated ones. Sorry if I still do not follow the question.
@chrismccallum5316 2 жыл бұрын
Thanks for the video I was thinking to do something similar in my home unifi setup! Just wondering if after setting the Management VLAN if you then also set a new static ip to this new subnet as I noticed they didn't get the 200 or 201 address if you used your DHCP?
@hz777 2 жыл бұрын
You are right. I did not mention that I already assigned them static ip in pfSense.
@chrismccallum5316 2 жыл бұрын
@@hz777 Would it not be better to assign an ip address directly on each device and not set them to DHCP?
@hz777 2 жыл бұрын
Maybe, but those devices are also part of my homelab, so I reset them from time to time. To set the ip once in pfSense saves time in my case.
777 or 404
Рет қаралды 2,4 М.
Harley Quinn with the Joker
Рет қаралды 8 МЛН
Cool Items Official
Рет қаралды 19 МЛН
777 or 404
Рет қаралды 5 М.
Techno Tim
Рет қаралды 220 М.
777 or 404
Рет қаралды 5 М.
Lawrence Systems
Рет қаралды 259 М.
Harley Quinn with the Joker
Рет қаралды 8 МЛН