Ubiquiti UniFi Layer 3 Routing Switch, and how it works with pfSense

great video....need more of these ASAP, no channel is covering Layer3 for any equipment

James-xgjr

I am patiently waiting for ACLs to work in the switch so I could control the inter VLAN traffic. Great video and thank you for in explanation.

sweetsdream

What an excellent video, I have a ton of planning to do in order to convert our current flat network to a Layer3 network, much more than I thought other than just purchasing the equipment. A bit overwhelming if I am honest. Going to be difficult to implement in a production environment within Active Directory.

BrownsvilleNotification

Fantastic video, and channel! Lots of information regarding UniFi’s L3 switching that I could only find here.

I’m having a hard time wrapping my head around the interface creation in pfSense. What do I want my IP configuration to be and how does that fit into the rest of the setup? Thanks!

skjaydubya

Thank you for the video.

Where is the default gateway for vlan4040(10.255.253.1)? do I need to configure that in the firewall interface?

biblecontext

Can I hire you to go through my configuration and topology?

SheppardField

thanks for a useful video. question: do Pfsense see all the devices on both VLans? if so, is it possible to perform policy based routing in Pfsense FW for the WAN traffic?

djdeepcrash

Great tutorial. One question though - once traffic is flowing between the switches via L3, pfSense no longer has the ability to control that flow with firewall rules, right?

jsclayton

How did you set up your port from your pfsense lan to your l3 switch uplink? Is it set up as a truck
so it can see the 4040 vlan also? Also, did you create a 4040 interface and assigned it to pfsense lan and assign an ip?

khanh

Does all of this still apply with the addition of the DHCP Relay functionality that was recently added?

Rogueus

Nice video ... but what if you want to block traffic between vlan 101 and 201 at L3 switch level ? As I found out recently - not posible. Only with some temporary ACL which disapear if you restart the L3 sw. And then - what its the point of a ubiquiti L3 switch ? I'm very disapointed. I've search a lot for a solution to avoid intervlan traffic to go to the router level (unifi, pfsense etc ... whatever it is). Just to manage the inter vlan traffic at a L3 switch - with simple ACL in between - and only the traffic who go on the internet to reach the router. No solution with unifi :( In this scenario - the bottleneck will be after all - that 1Gb uplink between L3 sw and router

szaboclaudiu

No sure if I missed something but you mentioned the Gateway IP address of vLAN 4040 is 10.255.253.1 and IP address on L3 switch in your case was 10.255.253.3 (.2 in mine). When you setup pfsense I see nowhere did you actually use 10.255.253.1 in the setup but you mentioned in the video that gateway IP was important. Everything you setup in pfsense seems to refer to the switch ip address 10.255.253.3 only so I am confused on where 10.255.253.1 comes into play here on pfsense. thx

davemurphy

Thanks for the great video!

In the last part of the video where you set the DHCP Name Server for VLAN101 to 8.8.8.8, could you have put in the IP address of pfSense instead, in order to use pfSense's unbound DNS Resolver?

cmChunManChiu

Hi Sir, This is one of the best explanations I have ever seen. Even Ubiquiti Support or People don't have the best video demonstrated about third party firewall integration with Unifi switch. Please share me your e-mail I'd, so that we can drop an email to your account asking for some doubts about unifi devices and setup. Please. Thank you.

ramachandrankrishnamoorthy

I noticed that vLAN 4040 is created on all L3 UniFi firewalls, IPs starting at 10.255.253.2 and then .3, .4, etc. Since the vLANs are only created one particular Unifi L3 switch, is there a way other Unfi L3 switches can handle the same vLANs without reaching out now to the L3 switch those vLANs were originally setup on?

davemurphy

Hi, ive setup a L3 switch with pfsense. Internet and traffic within a vlan works. I can ping across vlans and see that in only goes inside the L3 switch, so it looks good. The problem is that i cannot connect to services between vlans. If a have a pc on one vlan, and unifi software controller (server) on another vlan, i can ping, but not access via web. It works if they are on the same vlan. It seems that Unifi blocks the traffic between the vlans. Any idea?

Chromatic

show ip route on my Unifi Agg Pro doesn't show the static 0.0.0.0/0 via 10.255.253.1 route. only the other 3 connected routes. Am I doing something wrong?

psychoticapex

Hi....I am doing this with a sonicwall, all vlans are working just fine - except native vlan, which is where the switch management IP is. but unifi will not allow me to set the management vlan to a vlan that is on the L3 switch its self. Any thought or ideas?

curtinsteve

Thanks for the video, I am still new to networking and was wondering if these VLANs 101 and 201 have internet access. I have a different router (a Cisco Meraki MX64), and the interface is a little different to pfSense. The only difference I can see is the Gateway configuration for VLAN4040 in pfSense (19:40). There is only an option in my VLAN interface to point to the MX IP. I have set that IP to the one on Ubiquiti's 10.255.253.2 (only 1 layer 3 switch on my network). Have you got any idea as to why my VLANs on Ubiquiti cannot access internet? Thanks again.

eskshum

Don't know if my comments are getting erased or what's going on? I'm trying to answer but my comments disappear? Anyway, I figured you had created an interface for VLAN4040 so I did as well. I don't think that's where the problem is? When I'm trying to make a static route like you did and input my IoT ip-address (192.168.100.40) in "destination network" pfsense warns that "This network conflicts with address configured on interface IoT"? I don't understand what I'm doing different from you?

rawenclaw