With both NICs plugged into Unifi switch, system is unstable; disconnects then reconnects every few minutes.
1Gb NIC was/is VLAN1 intended to be management/GUI access
Plugged into 1Gb port: VLAN1, Native, All others blocked, xxx.xxx.83.0/24
SFP+ was/is VLAN84 intended to be Main storage for network
Plugged into 10Gb SFP+ port: VLAN84, Native, All others blocked, xxx.xxx.84.0/24
Switch has 2 uplinks from pfSense/Netgate hardware
LAN: xxx.xxx.83.0/24, DHCP enabled
LAN2: xxx.xxx.84.0/24, DHCP enabled
Gateway IP: xxx.xxx.83.3
NO VLANs defined in pfSense since I have discrete LAN ports
I assume I have a network conflict problem, but I can’t figure it out.
I unplugged the 1Gb NIC and the system has returned to stability.
I just wanted to “lockdown” the GUI to another IP address. I assume most users would just VLAN a mgmt subnet on the single wire. I have multiple NICs so I thought it would be nice to separate the mgmt subnet on another “physical” wire.
Any help would be appreciated.
pfSense–Unifi switch–TrueNAS
Don’t use DHCP or you will end up with two default gateways. Configure both interfaces statically. Pick one interface for the Internet uplink of TrueNAS and configure a single default gateway.
Also if you want to access the UI from the other VLAN, that won’t work because of asymmetric routing. This will trigger an out of state block on your pfSense.
One possible solution: NAT to the pfSense interface address in that management VLAN.
More info for you …
Both NICs were statically configured (at the TrueNAS UI)
em0 (motherboard): 192.168.83.20
ix0 (intel x550): 192.168.84.20
ix1: not connected
pfSense info
pfSense GUI address: 192.168.83.3
LAN (igc0): 192.168.83.0/24 (LAN interface assignment: 192.168.83.3)
DHCP enabled (so other devices plugged into Unifi ports [configured
appropriately] will receive IP addresses)
No static mappings
FW rule: Allow LAN to Any (wide open)
LAN2 (igc1): 192.168.84.0/24 (LAN2 interface: 192.168.84.3)
DHCP enabled (same as LAN)
No static mappings
FW rule: Allow LAN2 to Any (copied Default rule from LAN; LAN2 subnets
substituted for LAN on this rule)
NO VLANs configured here
Unifi controller
Self-hosted on Windows computer (192.168.84.xx)
127.0.0.1
Unifi switch info
USW Pro Max 16 PoE
Port 13 & 14 (both 2.5Gb): From LAN & LAN2 respectively
I think we call these “Uplinks”
Only Port 13 has the little ^ showing “uplink”; Native VLAN1 (LAN, .83.x) +
Allow All (trunked?)
Port 14 showing up in client list (as if LAN2 is “downstream” client)
Not sure if this is just a UI limitation or not
Also showing MAC address of the igc1 interface similar to the other
downlink ports on the switch
Native VLAN84 + Allow All
Port 17 (SFP+): TrueNAS ix0
Port 3 (1Gb): was, REPEAT WAS, connected to TrueNAS em0
System was unstable as configured; disconnecting then reconnecting (without me having to log back in). Also Unifi controller would change Port 17 to uplink at times.
I finally just unplugged Port 3 to TrueNAS em0. Stable again.
GOAL was to have LAN as mgmt network with static IPs for the Unifi network gear (already done).
LAN2 as Main network for trusted wired/wireless devices (all computers, phones, printers)
Seems unfortunate to have three NIC interfaces on my TrueNAS, but only one can be connected at a time. Also, I can’t restrict TrueNAS GUI to a particular IP.
Maybe I’m just trying to do something the “wrong” way since I haven’t been networking for very long.
