I also run the Controller separately… sort of why I decided to rather with a pfSense + Unifi switch.
G
If your use the same SSID and connections settings on all your Access Points then it will look like one network. The AP with the strongest signal to the device will be connected to. As you move around that connection might jump to another AP when it’s signal is stronger and your device will just keep on working “seamlessly”
Thats a default capability of Unifi AP’s, I don’t need to specifically configure that.
I have 2 AP’s, define the SSID on the controller, and Unifi connects me and hands me off to the AP with the best signal/throughput.
G
Newest version of the thinking…
The little IONN device just got delivered… sleek little box, for it’s capability, heavy little box also.
Let me get pfSense onto it and play around a bit. see what I can do (or make that risk doing) before the Unifi switch arrive (FirstShop still seems to be pushing papers around, haven’t shipped yet).
G
Is there any reason to go with AC Pro’s vs the AC Lite’s?
Last time I checked… the AC Pro can run more high speed concurrent connections vs the AC Lite…
But thats like, if you in a office… and have 20-30 people connecting, for a house, the AC Lite should be fine and good amount cheaper.
I’m actually looking at replacing a older AC LR next month with a 2nd AC Lite in the house (already have out, the AC LR is end of life, long term support).
G
Your latest diagram will work fine… 
Here is video I accidentally found… “How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsense”
The way you would prevent one vLAN seeing and routing into another is via a firewall…if you want to fully segregate for example iot and voice networks, etc. By default, routers route to all networks know to them.
1 Like
seen the video being listed, haven’t watched it yet,
will go do.
PS: please see DM from me.
G
There are a few gotchas with Ubiquity routers. I’m running a UDMPro now, as I wanted self contained routing and controller device. I also recently went to 500/250 and wanted IPS/IDS on the router, so the previous USG wouldn’t cut it with its 85Mbs limit. The UDMPro can do this at 3.5Gbs no problem. But then, tadaa, another gotcha: even though UDMPro can do 3.5Gbs using VLAN’ed WAN, it’s not a service Openserve supports. Openserve uses PPPoe, and in such cases the UDMPro is limited to around 650Mbs. At the moment it doesn’t bug me as my line is 500Mbs, but it’s another thing to be aware of as I wasn’t as future proofed as I thought I was. But, on the other hand, it looks like the importers are clearing stock of the last UDMPro’s at the moment with some incredible pricing
1 Like
and another example why I like forum’s, sometimes the only places where the’s little gotcha’s comes out…
I’m going with a pfSense on IONN device, feeding into a Unifi Managed switch 24 port PoE. Controller will stay where it is on the TrueNAS.
Also need to figure out how to setup PPPoE for Openserve/Axxess… Axxess is useless on support so not even bothering asking them.
G
You’ll need to get the username and password from Axxess. As far as Afrihost is concerned (I assume Axxess would be the same), the WAN IP is assigned dynamically. So you just establish a PPPoE session using your credentials and you all set
got my username and pw.
I see PPPoE also lists a VPC and VCI settings, but don’t see in pfSense where to set it.
G
Would you say it is still useful to go with a “all Ubiquiti” setup? I really want to keep all my networking in the same ecosystem if at all possible…
yes, for 90% of people it’s just so much simpler, but some of us don’t always like it to simple, or we have some specific requirements (thats what drove me to pfSense primarily), which then led to me also changing out my switch…
will have a Draytek 2760 and Unifi USG up for sale, + also have 2 x tplinks (C5 never used and a AC1750 that I’ll wanna swing).
G
Well I’m converted I guess (wiring still needs to be tidied up)
Only thing not Ubiquity is my 10Gb switch; it’s a little 4 port Mikrotik and they cheap as chips for plain switching
Don’t think you need those setting to be honest. I only included username and password for my router and that was it. Didn’t even need to set MTU
how where you get the rack,
what you pay ?
G
I"d rather know I need them and have them or know I don’t need them and continue than start the migration, which starts with me killing 75% of my network and then discover I need them.
G
There you go:
Fixed wall boxes are usually not too expensive. But portable ones with wheels often are.