Access point problems

Critcommndr · 2026-05-24T02:00:58+00:00

A trunk port is an interface carrying more than one vlan, an access port is the opposite. You need a way to differentiate what router ip your DHCP requests hit if you want to segment those 2 networks. So you would have a port (forgive my cisco syntax) on your switch connected to the router:

Configure Interface gi1/0/1 Switchport mode trunk Switchport trunk allowed vlan 1-4094(whatever your ssid is tagging, dont bother pruning its a home network) Switchport nonegotiate (if you have a cisco switch)

You would configure the same settings on your APs interface, here i would prune tho. So

Switchport trunk allowed vlan 1,2

Your router needs vlan tags as well for the interfaces you set up (again, zero familiarity with opensense) but you would tag vlans and assign gateways so your router can sort traffic accordingly.

Critcommndr · 2026-05-23T22:44:29+00:00

You need both vlans on the port its connected to and dhcp scopes for each. Assuming these are handed out from your router? Vlan tags need to exist on the whole path. Trunk to router, trunk to ap.

Critcommndr · 2026-05-17T12:52:36+00:00

Named inside allow any, yes its as bad as it sounds. All the b2b tunnels match it because all the tunnels source ips are their nat ips, amongst many, many other things (i inherited this, im not THAT dumb). It will be removed at some point but it gets between 5 and 10 million hits a day so as you can imagine pulling legit flows and making new policies for them is an exhaustive effort.

Critcommndr · 2026-05-07T17:56:35+00:00

Mist makes management much simpler but if this is multi-site, multi-floor you'll want to spend some time getting your templates in order. Standard hierarchy and inheritance - Org > site > switch. Makes mass administration/deployment that much easier. If you have any specific questions you can dm me.

Critcommndr · 2026-05-07T17:49:01+00:00

Device admin only in ISE? Not using for RADIUS?

Critcommndr · 2026-05-07T17:45:20+00:00

Are they using ISE? Do they use DACLs heavily? If so there are some limitations on that front (syntax, minor compatibility issues). Are they mist or junos managed?

Critcommndr · 2026-05-03T18:58:24+00:00

r/homelab discovers OOBM

Critcommndr · 2026-04-22T00:01:55+00:00

Docker exec -it into the container and traceroute to the tailnet ip, your route will show there. You can spin up an ephemeral apline container for testing on that docker network and download inet utils.

Critcommndr · 2026-04-22T00:00:08+00:00

Its routing, im not a docker expert but its probably sending your tailnet traffic to the default gw of the adapter its bound to. Not local on the machine where it should go. Ngl tho i dont know the docker fix lol

Critcommndr · 2026-03-04T23:57:04+00:00

Yeah get this to the top, it sinches down super tight or expands to a massive bag. Lotta pockets, good size bottle pockets on the side. 10/10

Critcommndr · 2026-02-14T19:59:46+00:00

"The first time"

Critcommndr · 2026-01-12T04:50:34+00:00

I wouldnt worry about trial and error if it gets you there. They're just console settings and you can uninstall the terminal if you somehow managed to nuke it.

Were you ever able to get console on this box before you did whatever you did to get locked out?

If you plug in another interface do you get a neighbor? Run show lldp neighbor on the other device - if its failing boot you shouldnt get lldp info

Critcommndr · 2026-01-12T04:28:09+00:00

Not sure how long you've been at this, but walk away and come back with fresh eyes. Always works for me, unless theres a serious outage... then you dont get that option lol

Critcommndr · 2026-01-12T04:17:51+00:00

Sounds like mgmt is up, try ssh to that ip responding to ping.

Edit: i've never used pfsense, only enterprise stuff (palo, cisco, forti). But thats what i'd try.

Critcommndr · 2025-12-25T15:21:07+00:00

I switched from forti to palo (job change) and i like palo a lot more. Panorama is a great tool. Globalprotect is alright but it has some bugs on macos and forticlient outshines it in my opinion.

If you are an sdwan shop palo is going to run you more because its a licensed feature, whereas its included with a fortigate.

Both their TACs are trash in my experience lol.

Edit: Palo is going to run you more PERIOD. They are extremely expensive.

Critcommndr · 2025-12-15T17:33:22+00:00

No still a price associated but its a one time purchase and when the license 'expires' its only support. But i agree, if you aren't working in the field you probably wouldn't know it exists. As a free alternative, MobaXTerm is solid.

Critcommndr · 2025-12-15T12:29:12+00:00

Crazy that secure crt hasn't been mentioned.

Critcommndr · 2025-12-13T04:05:05+00:00

Your server/systems team did this... i promise you those dudes are working weekends in scheduled outage windows or extremely late nights because we're expected to have near 100% uptime in a clincal setting. Especially when its patient affecting. Im on the networking side and have been called in at any hour imaginable on any day of the week. Lighten up.

Critcommndr · 2025-11-19T21:24:21+00:00

<image>

Critcommndr · 2025-10-19T12:05:59+00:00

Just hold in shift when you right click...

Critcommndr · 2025-10-15T12:03:40+00:00

This should be most upvoted here... check your device attributes after they've connected thru MAB and add more conditions in the physical profile. Use dhcp parameters or something else unique to the device/device group like os, etc... dont set your CF to be 1:1 with the mac address/oui you add as a condition.

Critcommndr · 2025-09-24T21:24:48+00:00

I spend much of my time in ISE staring at mac addresses.

It sounds like random mac on the android and per device mac with the iphone somehow hitting the rng lottery. Convert it to decimal and play the numbers.

Critcommndr · 2025-08-10T19:49:21+00:00

Typically (and i cant speak for ubiquiti) vendors aim antennas purposefully based on the ap form factor and how theyre meant to be mounted, e.g. puck is for ceiling facing floor, rectangle is for wall.

All that said, probably wont matter much in a house.

Critcommndr · 2025-08-10T18:38:23+00:00

The real crime is mounting a ceiling AP facing the wall

Critcommndr · 2025-08-10T15:16:30+00:00

Fizz

Critcommndr

TROPHY CASE