Hi
Anyone else using vlans and bridges and have successfully got unifi installed via mimugmail plugin?
I had it working fine with 24.1 but only had LAN and WAN setup and so no vlans/bridges setup.
It was time to segregate my network and so given mimugmail has green-lighted compatibility for 24.7, I gave it a go and divided up my network into 5 vlans, but also wanted to use bridges to take advantage for spare ports in the router. ← Another Unifi 10GB switch isn't exactly cheap for home use.
I've since erased my router boot SSD, started fresh with 24.7 install, and configured the vlans/bridges from scratch in case there was something going on in the upgrade. (turns out: both upgrading and setting up from scratch yielded the same outcome, hence I'm asking for bigger brains).
I've installed unifi and the logs show it running, but I'm not able to get to the web interface on 8080 on any IP address for setup.
Here's my router setup in an old HPTC Antec case:
Gigabyte B250M-D3H Motherboard Micro ATX
i5-7500 CPU @ 3.40GHz
16GB RAM
256GB SATA SSD Boot
4 PCIe network adapters installed (ordered from CPU outwards)
1 x Chelsio 2 x 10GB copper
1 x Intel 2 x 1GB copper
1 x Intel 2 x 1GB copper
1 x Chelsio 2 x 10GB Fibre
I have 5 vlans:
192.1680.140.0/24 ← untagged/mgmt (LAN)
192.1680.141.0/24 ← IoT
192.1680.142.0/24 ← Guest
192.1680.143.0/24 ← Neighbours
192.1680.144.0/24 ← IPCAM
192.1680.145.0/24 ← Raywood/Trusted
and because I'm using the 10GB and 1GB spare copper ports in the router instead of buying another 10Gb switch, here is what the interfaces look like after creating two bridges:
Intertaces
[Bridged_141_grpl]
[em0_opt4]
[em1_opt5]
[em2_opt6]
[em3_opt7]
[vlan141_ix0_opt8]
[Bridged_145_grp2]
[ix1_opt1]
[vlan145_ix0_opt12]
[Bridge_141]
[Bridge_145]
[cxl0_opt2]
[cxll_opt3]
[em4_WAN]
[ixo_MGMT]
[vlan142_ixO_opt9]
[vlan143_ixo__opt10]
[Vlan144_ix0_opt11]
Bridges are:
bridge0 em0_opt4, em1_opt5, em2_opt6, em3_opt7, vlan141_ix0_opt8
bridge1 ix1_opt1, vlan145_ix0_opt12
Installing unifi via gui seems to go smoothly.
looking at /usr/local/share/java/unifi/logs/server.log, here's what I see:
[2024-07-28 00:06:33,945] <launcher> INFO startup - Initiating startup
[2024-07-28 00:06:34,435] <launcher> INFO system - ======================================================================
[2024-07-28 00:06:34,435] <launcher> INFO system - UniFi 8.2.93 (build atag_8.2.93_25939 - release/release) is started
[2024-07-28 00:06:34,436] <launcher> INFO system - Environment: UniFi-OS[false], UniFi-Cloud[false], UniFi-MongoService[false]
[2024-07-28 00:06:34,436] <launcher> INFO system - ======================================================================
[2024-07-28 00:06:34,436] <launcher> INFO system - BASE dir:/usr/local/share/java/unifi
[2024-07-28 00:06:34,442] <launcher> INFO system - Current System IP: 192.168.145.1
[2024-07-28 00:06:34,442] <launcher> INFO system - Hostname: router.hoondi.io
[2024-07-28 00:06:34,443] <launcher> INFO system - ubic.env: prod
[2024-07-28 00:06:34,443] <launcher> INFO system - System loaded
[2024-07-28 00:06:34,485] <launcher> INFO mongo - Checking if database needs to be shut down
[2024-07-28 00:06:35,594] <launcher> INFO mongo - Database was not running
[2024-07-28 00:06:35,594] <launcher> INFO mongo - Starting database process...
[2024-07-28 00:06:36,639] <launcher> INFO mongo - Database process is started
[2024-07-28 00:06:36,648] <launcher> INFO mongo - Connected to database (v6.0.15@mongodb://localhost:27117, journal enabled)
[2024-07-28 00:06:36,651] <launcher> WARN startup - component[mongoRuntimeService] initialization took 2166ms
[2024-07-28 00:06:36,759] <launcher> INFO db - Starting database service initialization...
[2024-07-28 00:06:36,770] <launcher> INFO db - *** Factory Default *** Database exists. Clean it
[2024-07-28 00:06:36,986] <launcher> INFO db - Database service initialized...
[2024-07-28 00:06:36,986] <launcher> WARN startup - component[configDbService] initialization took 227ms
[2024-07-28 00:06:36,989] <launcher> INFO stat - *** Factory Default *** Stat Database exists. Clean it
[2024-07-28 00:06:37,385] <launcher> INFO tomcat - Adding basic REST API support during the startup
[2024-07-28 00:06:37,932] <launcher> INFO system - Tomcat startup took 3973ms
[2024-07-28 00:06:46,954] <launcher> WARN system - cannot load native lib - ubnt_webrtc_jni
[2024-07-28 00:06:47,825] <launcher> WARN system - Country Code is not configured for Site with ID=66a4feecd7accd35e6249d40
[2024-07-28 00:06:47,826] <launcher> WARN system - Country Code is not configured for Site with ID=66a4feecd7accd35e6249d40
[2024-07-28 00:06:47,849] <launcher> INFO state - Creating Default Local Area Network for Site[66a4feecd7accd35e6249d40]
[2024-07-28 00:06:48,052] <launcher> WARN startup - component[dbSeeder] initialization took 318ms
[2024-07-28 00:06:49,285] <launcher> WARN startup - component[mcLagGroupRepositoryFactoryBean] initialization took 1140ms
[2024-07-28 00:06:50,269] <launcher> WARN startup - component[requestMappingHandlerMapping] initialization took 124ms
[2024-07-28 00:06:50,438] <launcher> INFO startup - Context ready
[2024-07-28 00:06:50,473] <launcher> INFO startup - Calling context ready handlers
[2024-07-28 00:06:50,484] <launcher> INFO productinfo - [UIDB] Local UI DB file [/usr/local/share/java/unifi/data/uidb.json] does not exist
[2024-07-28 00:06:50,977] <launcher> WARN discover - unable to join multicast group 233.89.188.1 on 0.0.0.0 (0.0.0.0/0.0.0.0)
[2024-07-28 00:06:50,990] <launcher> INFO productinfo - Using controller channel=RELEASE, firmware channel=RELEASE. Available controller channels=[RELEASE], available firmware
So looking at unifi log, am I understanding that the unifi service has latched onto the last vlan? which is 192.168.145.1:8080?
I've obviously tried that ip:port to no avail (I have a Mac Mini with all vlans setup and have systematically moved each vlan to the top priority to test and am not able to reach unifi on any of the vlans.
Right now, I have firewall rules blocking some vlans access to the wan (i.e. vlan141) but untagged 192.168.140.0//24 has no restrictions atm and can "look/get" into all other vlans fine.
I just don't know what to do right now other than open up all vlans so there's no limitation across any of them and see if I can detect where unify is listening (i.e. 192.168.x.1:8080 for set up), or whether there is something else going on that's broken.
I'm also fairly new to opnsense and bridges (big thanks to Patrick for putting me on the right path) and so I also don't have a huge amount of confidence that I'm even asking the right question here.
Anyway, I do have a spare USFF Dell box that I could solely use for Unifi and AdGuard, but ideally having all 3 on the same box feels much better to me.
As always, thank heaps to the community and always grateful for the knowledge I learn here.
mimugmail suggested I "allow all" across all interfaces as a temp test.
Unify could be reached after that... :-[
Even tho I was testing with a client PC on the same subnet (192.168.140.0/24), I had to add a pass rule to 192.168.140.1:8080 before I could get to it with bridges in the mix. (don't need this rule with just basic LAN/WAN setup)