:facepalm: I forgot about vlan 4040! Derp! As of writing, my USW Pro Max 16 didn't show it's IP information for the VLAN4040 setup, but manually setting the values like yours totally allowed everything to work finally. I'll have a stiff one for you later.
I did think of speed testing initially, then decide not to include it in the series, because it seems L3 inter vlan routing can be handled by the pro switches effortlessly, especially if we are just talking about 1GbE ports.
First off my network skills are poor and introducing L3 into *sense* firewalls was breaking my brain. These videos are absolutely INCREDIBLE as I've been debating whether or not to use the L3 functions of my switch for cross vlan routing and being able to isolate my servers. You even started from a scratch config on all devices, this is SO WELL DONE my friend. However I keep hearing of ACL dropping config on reboot. I haven't even looked into the ACL portion to see what parameters are possible to block vlans from communicating with each other but if the config does not come back up....is there even a point to using L3? I'm so excited for these videos and yet so dismayed at the same time. Please tell me we can use ACL between vlans and the settings will keep after a reboot? This has to be a bug and priority number one for Ubiquity right? It makes no sense. Can we just load config from backup if the switch goes down?
Unfortunately nothing has changed about ACL: your config will be lost after reboot. Ubiquiti never publish their roadmaps so I have no idea whether ACL will be supported at all in the future.
@hz777 Well I'm going to use L2 for now then. When ACL are implemented I am coming back to this video and I will leave some $ for a coffee. Thank you so much for such a well thought out video series.
Thank you for the video! I finally understood UniFi‘s implementation of L3 routing. One question: do you know, if the switches support some kind of ACL‘s? Of course, when traffic is being routed by pfSense, I can apply firewall rules there. But what I want to know: when I’m creating 2 VLAN‘s on the switch, can I create firewall rules between those? Can I restrict traffic between those VLAN‘s?
Yeah also a good a video. But sadly just highlights that UniFi L3 switches are pretty much pointless. The main reason you create VLANs is to restrict traffic between them 😂
@RifatNabi Thanks a lot for alls the work you put in your videos. Especially the L3 Switching is of great interest for me. What I have not understood so far is how the Unifi Controller is connected to your switch? Is it a cloud controller, or hosted as vm on the same device as the PF Sense?
ok, thanks! Could it also be achieved with a local controller? I do use an express and in the moment it is situated between Firewall and USW-Pro-May-16 PoE. Default and Inter Clan 4040 networks reside on Unify express whereas the other VPNs I manage to setup on the usw.
This series of videos is about pfSense. If you use Unifi gateways which come with unifi controllers, the situation will be different and much more simpler. Everything is simply supported out of box. Having said that, I don't own an express so not sure where anything will be special.
Thank you for another great video. Could you please share where we can learn those CLI commands from Unifi gears? They look very similar to Cisco commands. Thanks again.
google "ubiquiti edge cli pdf", you should be able to find the official document from Ubiquiti about CLI for the edge switches (the old versions, before unifi switches). Please note it seems Ubiquiti never officially mentioned the existence of those CLI commands in UniFi switches, which means they not really officially supported and may change any time in the future.
Man, this config save problem is a show stopper. With no ACLs working, why should I use the L3 functions? Better to leave devices on same VLAN or use pfsense as the router on a spoke...
for pfsense to l3 switch port config what is it set to? All or a custom profile with all the tag vlans? For some reason I don't have the all profile anymore
Do we still have no ACL support (official) between two vlans on unifi? so even in the case of a guest network, how to prevent all vlan to vlan traffic in unifi?
I remember looking at doing this a year or two ago and people were saying that Ubnt Level 3 switching wasn't persistent across switch reboots, so if you rebooted the switch it would undo all the configuration. Has this been fixed?
Thanks for very nice guide, but I'm confused I have usw enterprise 8 poe and opnsense as a dns, dhcp server. And I was thinking that I can: optimize network communication between devices using L3, don't stress the opnsense server and play around these Vlans, separate things etc... but before doing anything, my traceroutes are direct to any LAN/WLAN device. I know that with Vlans I could isolate IoT devices etc (which to be honest could be already filtered on unbound dns blacklist) What I'm missing/not understanding there? tracert 192.168.1.239 Tracing route to 192.168.1.239 over a maximum of 30 hops 1
