Only VLAN interface works out of 2 using wifi, both essentially configured the same
-
Hi, I've been trying to setup 2 VLAN on my network, separated from the normal LAN traffic. One VLAN for guests and one for IOT stuff.
Problem is only 1 of them is working as intended and I can't figure out why. I suspect it has to do with something on my wifi-AP running FreshTomato.My network is setup as shown below here:
The two VLAN have tags 10 (guest network) and 20 (IOT) setup in pfSense which runs as a virtual machine on my Proxmox server. Both tags work as intended when accessed through a VM there running ubuntu. The VM gets access to the internet but no local IPs.
pfSense firewall and other settings (PrivateIPs is an alias for all local IP networks):
On the TP-Link smart switch I've configured the VLANs like this:
Now finally my Netgear R8000 running FreshTomato is configured like this:
Both VLANs as mentioned before work on the Proxmox VM but only GuestoTesto works on the wifi end. My laptop can connect and gets an IP like 192.168.10.x getting internet access but can't ping any local IPs, great. But when connecting to IOT_R8000 I can't access anything at all and when running ipconfig in the command prompt I haven't been given an IP like 192.168.20.x.
This issue remains after restarting all devices, I can't figure out what's wrong. Any network gurus out there know what's wrong?
Sorry for the big post and thankful for any help. -
@thetorsk One thing that is wrong for both, you gave the same IP-address x.x.x.1 to pfSense (that is good) and FT (that is wrong). You should enter 0.0.0.0 as IP-address in FT for those networks.
-
@Bob-Dig Thanks for the reply. Do you mean like in the picture below? I changed and the result was the same, GuestoTesto works but not IOT_R8000.
-
@thetorsk For me it is looking like this.
Now your problems could be from anything in your chain... maybe show your pfSense config in more detail. For the other stuff you probably asking in the wrong place. My guess would be it is your proxmox config... maybe you used those addresses there too.
-
@Bob-Dig I configured mine to look like yours and it worked like before. However I managed to fix the issue by not using VID 20 and instead used VID 30. I ended up creating a new VLAN in pfSense while doing this, so maybe something was broken in the settings of VLAN with the 20 tag or some other device messed with VID 20.
Nonetheless my config now works but it still leaves me confused because I went through the same process creating the VLAN with tag 20 and tag 30. And I double checked every setting and rule.
In pfSense
- Created the VLAN with the LAN-port as the parent interface and assigned it as an interface
- Setup firewall rules for DNS and blocking local IPs
- Enabled the DHCP server for the VLAN interface and assigned the IP address range.
Then on my smart switch I configured it like in my pictures in my first post.
And in FreshTomato I configured it exactly the same as in the pictures of the first post with the exception of my LAN setup which looks like this instead:
Hope my confusion can help someone else setting up VLANs atleast, thanks for the response @Bob-Dig
