SG-2440 Tagging VLAN Traffic for Ubiquity
-
@denverdesktopssupport To do VLANs on the SG-2440, you simply need to setup the VLAN tag number, and assign it to an actual physical "parent" interface.
Here's how to do it:
https://docs.netgate.com/pfsense/en/latest/vlan/configuration.html#web-interface-vlan-configuration
Then, on the switch, you need to have the same tags on the switch ports that are coming from your pfsense box, and on any other switch ports that you want to use the same specific VLAN stuff. Make sense? It's pretty easy once you get it all setup, start connecting devices and moving traffic.
-
Thanks for the respons
e. The VLAN is configured, but for some reason not getting to the Ubiquity switch network that I have tagged for the VLAN traffic.Maybe I am using the wrong parent interface?
-
@denverdesktopssupport
Your parent interface has to be the one connected to the Ubi switch.
That is probably not WAN (IGB0)I made a brief how2 here
https://forum.netgate.com/post/944425/Bingo
-
The NetGate OPT2 is plugged into a Dell managed switch (that should have no traffic tagged, then off to the Ubiquity switch. I wonder if the Dell switch is getting in the way.
Might have time this weekend to get the Dell switch out of the mix all together which will hopefully resolve my issue.
To be clear though....if Parent interface is physical port OPT2 on the Netgate, ethernet cable needs to go to the configured port on the Ubiquity switch?
I am for sure making this more complicated than it needs to be.
Thanks for the support.
-
@denverdesktopssupport You can still have the Dell switch in there, between pfsense and the Unifi switch. All you have to do is have 2 ports on the Dell tagged - the one connecting to the pfsense box, and the one connecting to the Unifi switch. Then on the Unifi switch, you need the port connecting to the Dell switch with the same VLAN tag.
I will say, however, if you can remove the Dell and you don't really need it for anything, it will make your setup and network easier.
-
I am making this much more complicated than I need to, but the new VLAN DHCP is still not handing out addresses.
-
@denverdesktopssupport said in SG-2440 Tagging VLAN Traffic for Ubiquity:
I am making this much more complicated than I need to, but the new VLAN DHCP is still not handing out addresses.
When you go to Services->DHCP Server have you configured the IoT interface?
-
@denverdesktopssupport So, on your pfsense box, what is the igb3 port connected to, your smart switch? If it is, that switch port needs to be tagged with VLAN ID 20, and so do any other ports on the same switch where you want to connect a device to the same VLAN. Then you should get a DHCP address in that range on that device.
-
Yes. I included a screen shot above.
-
The igb3 port is a physical port on the Netgate?
-
OPT2 is connected to a port on the managed switch and that switch is tagged with VLAN20
-
The Pfsense side of it is looking ok, but I think it's the switch configs which are causing the issue. (Not sure if the dell is still in the way, but it'll be much easier if that wasn't in the equation for simplicity)
Stab in the dark, but I'm wondering if your switch ports are actually access ports for VLAN20 as opposed to trunk ports? (different manufacturs have different terminology - but access ports are untagged, tagged ports are trunk ports). I don't know how Unifi work their VLAN terminology as I've not used their switch kit before.
If the port to igb3 is actually an access port it won't work, as traffic will have the VLAN stripped and it'll arrive on the parent interface on PFsense (igb3) and drop.
The ports for clients etc can be normal access ports, but ports to the upstream switches/firewalls etc where the VLAN tag needs to remain have to be trunk ports. Just a hunch but I think that's the problem.
-
Dell is out of the mix.
-
I'm using a Ubiquity 16 port POE lite switch
-
@denverdesktopssupport I must admit I've not used Ubiquti switching before, but having a quick look on the Unfi controller I use for my AP's....have you created a switch port profile? (as well as the VLAN within the networks in Ubiquti).
From reading how this works, creating the VLAN in ubiquti then allows you to 'select' that for the switch profile you create, then I guess you apply that switch profile to port uplinking to Igb3 and away you go. If that's what you've done...then it should work!
-
I believe that is what I have done!!! But....obviously not!!!
I'll keep digging.
-
Finally!!!
After configuring the access point to talk the VLAN only it was able to obtain an IP address from the PFsense VLAN. Not sure why the traffic can't be tagged at the port level of the Ubiquity, as long term there will be multiple VLAN's on this port for multiple SSID's.
Thanks for the insight!
-
@denverdesktopssupport If the traffic isn't tagged on the 2440 (it's a dedicated port, yes?) then it comes into the switch untagged.
If it's a tagged interface on the pf then it comes into the switch tagged.
