PfSense no DHCP on VLANs for UniFi WiFi controller
-
Small setup on a 2100 in default port mode. (802.1q not enabled.) VLAN created in Interfaces / VLANs in the usual way. Then Enabled in Interface Assignments on the LAN mvneta1. DHCP Server enabled. Basic Firewall rule to block RFC1918. Network & Tag configured in UniFi controller but no ip address issuing. (169 address only...)
-
You're going to want to post screen shots... VLANs page the 2100, the switches pages on the 2100, the VLANs tagging on the UI device, etc.
-
-
-
You have to tag the VLANs on Port 5 the Uplink Switch to CPU:
-
You don't actually have to assign the VLANs in the switch. If it's in port mode it will just pass all tagged or untagged traffic to every port. However that's an unusual setup.
Are you seeing any traffic on any of those VLANs?
-
Don't see any traffic on them. I figured that leaving it in Port Mode would work fine and skip the step of tagging. I just want all the traffic to appear on the LAN ports. Better to use 802.1q mode for some reason?
-
It should work both ways but using .1q mode and tagging at the switch is far more tested. Almost everyone uses that.
Do you see any tagged traffic if you run a pcap on LAN?
-
Maybe I'm missing something obvious. Still no joy:
-
That should work. VLAN 11 should be available on port 1. But it should also have worked in port vlan mode so perhaps something is misconfigured at the client?
-
It's something... When I tag a port on the downstream switch with that VLAN (11) and connect a PC, it doesn't get an address. (169. etc.) There's not much to screw up in the controller WRT setting up networks.
-
@Happydog You can't tag a port and have a system see the network -- if you are plugging into a switch port you need that VLAN untagged.
-
right. In any case, made it a simple test setup. Just a switch and an AP and a PC on the LAN1 port. Looks like setups I have on 1100s except the WAN interface is separate (mvneta0) on the 2100 and they work fine. On the 6100s The VLANs are just assigned to a physical port. Setting a port profile to a VLAN in Unifi gives that VLAN IP address to the connected device. Can't see much else to screw it up.
-
So how exactly are you testing?
I assume untagged clients work on the LAN directly?
-
Testing on a WiFi network (shows the client connected but no IP address) and a PC connected to a port with a VLAN profile. Same thing. Has to be something simple. The LAN works properly on both.
-
@Happydog It doesn't appear to be a pfSense issue.
-
@Happydog is there a UniFi router in their config? I’ve seen it where the network there is set to use a UniFi router which wasn’t connected yet as the old router was still in place.
-
No. Netgate 2100, UniFi PoE8 switch, UniFi AP and a PC (used to access the 2100; I bundle one with each Netgate). The problem must be somewhere in the Netgate setup. But there isn't much there in this basic config. DHCP Server is OK.
-
-
@Happydog Again - I don't see anything wrong with your 2100's configuration. It has to be on the Unifi.
