PfSense no DHCP on VLANs for UniFi WiFi controller
-
Feel the same. Pretty simple setup and I've done a few. What are the settings in Pfsense to configure one of the LAN ports as a particular VLAN only? Just so I get it right.
-
@Happydog to isolate a port: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html
-
Just a thought ....
Did you try to disable DHCP snooping on the unifi.
I can't really decide if the below is for a switch or if it's also in the AP.
Maybe try it .....From:
https://evanmccann.net/blog/2021/11/unifi-advanced-wi-fi-settings
-
Testing by connecting to a WiFi network on a VLAN network. That shows the client connecting but no IP address. Also connected a PC to a tagged port. Again no IP address.
-
Set up a couple VLANs on another system. Same thing. This is such basic stuff that there must be some easy solution. Disabled DHCP snooping and one wifi network came back to life. Another didn't. Same settings everywhere. And on a different system (1100). Need to go over this with a UniFi expert. I doubt this is a Pfsense or Netgate issue because all the other VALNs and associated networks are fine.
-
Go through this manual again
https://www.youtube.com/watch?v=WMyz7SVlrgc
I know this is basic stuff we are talking about here, but sometimes things get overlooked. It happened to me many times.
-
@Happydog said in PfSense no DHCP on VLANs for UniFi WiFi controller:
Also connected a PC to a tagged port. Again no IP address.
This could be read several ways. To test with a PC directly it has to be on an untagged port that's a member of the VLAN. Presumably on the unifi switch.
-
@Happydog said in PfSense no DHCP on VLANs for UniFi WiFi controller:
Also connected a PC to a tagged port. Again no IP address.
As @stephenw10 stated.. If your just going to connect a pc to a tagged port - the PC would have to be set to send and understand tags that it gets. this can be done in the driver in windows, and linux can be set to understand the tag as well.
But almost always these ports should be in the vlan untagged, with the pvid set to the vlan ID.
Single devices are normally in 1 vlan, so should be untagged. The only time you need to have tags is when your going to carry more than 1 vlan over the same wire.
-
@Happydog I'm thinking you haven't tagged the WiFi VLAN on the uplink port to the pfSense yet.
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
@Happydog I'm thinking you haven't tagged the WiFi VLAN on the uplink port to the pfSense yet.
I second that.
-
I think it's set up correctly. Tagging a port with a VLAN and connecting to a DHCP enabled device works fine. Connecting to a WiFi network with a VLAN tag takes a long time (5+ minutes) to get an IP and connect. The default LAN works fine. The settings in UniFi are very simple. I've done dozens of those setups. The Firewall on each VLAN has one allow all rule (for now).
-
@Happydog said in PfSense no DHCP on VLANs for UniFi WiFi controller:
Tagging a port with a VLAN and connecting to a DHCP enabled device works fine
Does this DHCP lease appear in pfSense?
-
@Happydog said in PfSense no DHCP on VLANs for UniFi WiFi controller:
Connecting to a WiFi network with a VLAN tag takes a long time (5+ minutes)
But a wifi client connected to it does eventually get a dhcp lease? In the expected subnet?
-
@Happydog said in PfSense no DHCP on VLANs for UniFi WiFi controller:
VLAN tag takes a long time (5+ minutes) to get an IP
Well why not just sniff on pfsense, or even look in the dhcp log.
So for example here here is dhcp on a tagged vlan ID 4 on pfsense.. Here is my phone connecting - you can see the discover, the offer, the request and then the ack.
The whole process took 2 seconds.
Do you have like dhcp guarding or snooping enable in your unifi setup?
edit:
You could be having issue with broadcast being dropped? What firmware are you running on the AP... I recall there was some issue back a while ago where specific firmware had a problem with this.. Many moons ago that was, but maybe your firmware is really old? Could have something to do with band steering and client having actual issue with connecting, then once the wifi connection is actually made - then the dhcp has to happen.Heer you can see where my phone disconnected from the ssid it was on, connected to the other ssid that was the above dhcp logs and sniff. Time matches up, too bad it doesn't show seconds in the log.. but you can see where I moved from one ssid and then to another ssid and then the phone moved back to its preferred ssid. I have the ssids blocked out for privacy - ssids can be looked up in dbs online. And my ssids are very unique.. They are not just typical linksys ;)
edit2: on your controller - on the dashboard, under wifi insights are you showing any problems in the connectivity tab with any problem clients listed, etc. Or any issues with any of the details shown there?
