PFsense with VLANs > Brocade switch > Devices and Unifi Controller/APs
-
@dabdad said in PFsense with VLANs > Brocade switch > Devices and Unifi Controller/APs:
I cant for the life of my figure out why my tagged VLAN ports and WIFI SSID's are not getting an IP.
Because they're tagged. They should be untagged.
You only tag a port if it's connected to another tagged port.
So unless you tag all of your devices (ie pc's), you need untagged ports. -
@jarhead I am not sure this is correct. I cannot untag any of my ports (Aruba switch). I set the native VLAN so untagged hosts have some help getting the packet to the right place.
My setup is not that different from the OP. More than one SSID, each on a different VLAN. Mine is not running as a VM, which others stated might be where the issue lies. -
@andyrh If a port is tagged with a vlan, whatever you plug into that port needs to be tagged also. That's not debatable, it's fact.
-
@keyser I added 2 more Network Adapters within HyperV both with the corresponding VLAN tag.
I'm still not getting IP resolution the tagged Ports.
-
@keyser I also adjusted the VLAN parent interface and Interface assignments..
-
@dabdad So now you have enough physical interfaces, why use vlans at all??
Just assign the IP's to the interface itself and connect them to your switch where the ports would be untagged with each vlan. -
@jarhead I guess my switch is different or it is working despite the inability to untag a port. I set it up with advice from the Cisco certified network guys at work.
The PC I am typing this on is on a port in the default (should have renamed it) profile and the PC certainly is not tagged.What is the purpose of the native VLAN setting? One of my multi VLAN APs has 4 VLANs and the native VLAN is set to my primary VLAN so the dumb switch behind it (the AP has a passthrough port) with it's untagged hosts will be on the primary VLAN.
-
@jarhead I've never had to "tag" a device when plugging it into a tagged port. the device tries for an IP, appropriate routing rules and such direct the traffic for the device to the appropriate DHCP server and gets the appropriate IP per that tagged VLAN and port.
my ports are tagged
my vswitch in hyperv is tagged
VLANs within pfsense are tagged
DHCP server with pfsense for the VLANs are running....something i missed please let me know..
-
@jarhead said in PFsense with VLANs > Brocade switch > Devices and Unifi Controller/APs:
@dabdad So now you have enough physical interfaces, why use vlans at all??
Just assign the IP's to the interface itself and connect them to your switch where the ports would be untagged with each vlan.Those are untagged except for the AP.
-
@dabdad said in PFsense with VLANs > Brocade switch > Devices and Unifi Controller/APs:
@jarhead I've never had to "tag" a device when plugging it into a tagged port. the device tries for an IP, appropriate routing rules and such direct the traffic for the device to the appropriate DHCP server and gets the appropriate IP per that tagged VLAN and port.
my ports are tagged
my vswitch in hyperv is tagged
VLANs within pfsense are tagged
DHCP server with pfsense for the VLANs are running....something i missed please let me know..
How about this, connect one of your "vlans" to your switch with that vlan untagged on the port. Then untag that same vlan on another switchport and plug a pc into it. It'll work.
You don't tag a port unless the device being plugged in is tagged also. -
@jarhead
ok hear me out..
ignore the fact that 'now' there are multiple interfaces..here is the flow of traffic:
Internet > Modem > pfsense with tagged vswitches > pfsense tagged vlans and dhcp servers > brocade switch with tagged ports(i defined the tagged ports above) >Devices/APsThe goal is:
if i plug a device into the port 12, i get a 172.16.69.x IP.
if i plug a device into port 46, i get a 192.168.3.x ip.
If i plug a device into port 26 i get a 192.168.1.x IP
Currently i get nothing. post 12 and 46 is tagged as i stated in OP.
port 26 works because its untagged and i get the native vlan ip scope with no issues..Since when do we need to tag a device? ive NEVER in my entire career had to TAG my PC the same as the VLAN.
-
@dabdad
Now that you have enough interfaces, you don't need vlans in pfSense at all.
Are you using one virtual switch or one per interface?
If one per interface, don't tag anything in the VM.
In your brocade, you would untag the ports you want one of the LANs to be one. I think 1-24 was vlan6? So untag vlan 6 on 1-24. Plug port 24 into the correct pfSense interface for that network. That's it. It's no different than your "normal" LAN".
If you left it as 1 interface with vlans, you tag the trunk port, then untag any ports you want to use for that vlan.All a vlan does is separate a switch into multiple switches. Why do you think it is any different than any other LAN. All your LAN ports are untagged and they work, right?
-
Im a bit perplexed on how you think this should be setup..
You're saying i need to tag my devices that connect to a port on the switch..which ive never had to do before.
you are also saying to untag my ports..but then how would the appropriate IPs be assigned?
Are you aware that i stated i have a 2 port pcie network card. slot for WAN and slot 2 of LAN?
the additional interfaces are only showing because i added the same vswitch interface with a VLAN on them, therefore PFsense see's these are multiple interfaces...these are NOT physical ports.. -
@dabdad No, I said if you tag a switchport, whatever you plug into that port needs to be tagged also. So in your original config, you had ports 1-24 tagged. The only way to use those ports would be if your pc's were also tagged.
Google trunk port and access port.
A trunk port carries multiple vlans. The only way to separate those vlans on a single port is by tagging.
An access port carries one vlan, and it's untagged.
Devices like pc's connect to access ports 9 out of ten times, because the pc's interface isn't tagged.So go back to your original config.
Add the vlans to the LAN. Connect that interface back to port 25. Make port 25 a trunk port with the vlans tagged and your LAN untagged.
Then untag port 1 as vlan6. Plug a pc into it and it will get an IP in vlan6's network.
Providing your vSwitch is correct of course. -
@jarhead
bruh, i dont think you read my OP completely..
Port 25 is trunked to ALL VLANs.....
-
@dabdad No, I read it.
You're not understanding how vlans work.
Port 25 is your trunk port. It carries all your vlans to your switch. Once they're there, you don't need any other ports tagged unless you're carrying multiple vlans to another device.
Just untag ports 1-24 and plug a pc into one of them. -
Devices connected to Untagged ports 26-45(default VLAN 1) get a 192.168.1.x IP.
devices connected to ports 1-24 should get a 176.16.69.x IP..
devices connected to ports 46 and 47 should get a 192.168.3.1 IP..if i untag port 1, then ill get an IP of 192.168.1.x which is not what we want..
I'm sorry but maybe i'm misunderstanding when you say that my PC needs to be tagged. again ive never had to tag a PC and connect it to a port with the same tag in order for traffic to flow. Pc requests an IP when connected, The switch knows what VLAN its on, it communicates via the Trunked port(25) with that 'tagged' traffic to pfsense, pfsense see the tagged traffic as assigns an appropriate IP..
Please school me, im curious to your methods..
-
@dabdad You have to untag it with vlan 6. You're untagging it with vlan1.
There should be a pvid setting in your switch. For ports 1-24 the pvid should be 6.
If you use the cli of your switch the command's are here
https://www.alteeve.com/w/Configuring_Brocade_Switches#Configure_VLAN -
@jarhead said in PFsense with VLANs > Brocade switch > Devices and Unifi Controller/APs:
https://www.alteeve.com/w/Configuring_Brocade_Switches#Configure_VLAN
VLANs per console layout:
port 25 is tagged in each vlan
drilling into port 24 within the GUI:
it says VLAN 6 and registered as tagged.
I'm not seeing any issues with the switch
-
I was able to get the switch ports to grab the correct IP based on the VLAN assigned.
I swapped the interfaces within pfsense to the 'new' interfaces that were created when i created the additional vSwitches within HyperV. thanks @AndyRH for the recommendation.
THEN.. i had to go to each port and select IEEE tagging to "untag".
This was a pain as you have to go to each port and switch this setting. i tried within the console but no luck in doing it en mass then either. Thank @Jarhead for the info here, pretty sure this is what you were referring to.
Now, the APs are connected via Port 47 and 48 with POE enabled on those ports.
I tried to trunk them but this seems to be a limitation within the switch? its only allow me to trunk a single port..which right now is port 25 for the uplink to pfsense.
the controller/aps are not passing the correct tagged traffic through those ports to pfsense, wifi devices on 2 SSID's are still not resolving. any thoughts here would be appreciated.
