Noob VLAN Config issue....
-
@mless1 said in Noob VLAN Config issue....:
Port 8 is connected to ASUS RT-AC1900P which is set to AP mode.
Is the AP VLAN-capable at all?
DHCP for VLAN is enabled.
On the AP?
-
Is the AP VLAN-capable at all?
I think so, when in "Router mode" it has 802.1q so I would assume in AP mode it can carry tags as well
On the AP?
No, on pfSense. VLAN is created, interface assigned, interface enabled, DHCP enabled
-
Your AP does not send tagged frames so make Port 8 untagged in VLAN 10 and keep its PVID=10.
-
@mless1 said in Noob VLAN Config issue....:
I think so, when in "Router mode" it has 802.1q so I would assume in AP mode it can carry tags as well
Yes, but I cannot find any hint for this function in the specs: https://www.asus.com/us/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ac1900p/
Also tagging the packets to the AP only makes sens if it supports multiple SSIDs.
-
Also tagging the packets to the AP only makes sens if it supports multiple SSIDs.
So what is the alternative solution? For example, I want this to be IoT WiFi network not on main network. Main network is 10.0.0.1 and this VLAN is 10.0.10.1
Point me in the right direction if I am missing something please
-
@kjk54
Okay I see my AP (i think) in the ARP table but its still not working.
-
@mless1
The only option with this AP seems to run a guest wifi in addition to the normal wifi, which might only be possible if it's in router mode.
But I cannot see that is supports multiple SSIDs with VLANs.Okay I see my AP (i think) in the ARP table but its still not working.
You have also enable PVID for VLAN 10 on port 8 to access it via VLAN.
-
Port 8 is set to PVID 10, as seen in screenshot above.
To be clear, I only want devices connected to this AP to pull VLAN10 IP's. It pulls 10.0.0.3 and allows for DHCP using default switch settings. Instead I want it to pull 10.0.10.x , that is the issue at the moment.
-
@mless1 said in Noob VLAN Config issue....:
Port 8 is set to PVID 10, as seen in screenshot above.
Correct.
However, you would need to also tag the switch, which is connected to pfSense. -
What do you mean it's not working? If you see the AP in the ARP table, it means it got an IP address. You should be able to interface with other devices in the same VLAN.
I'm confused about your goal. Your AP is VLAN-unaware. If you want your Wi-Fi devices be in different VLANs, the best way to have it is to buy an AP that supports VLANs. TP-Link offers many APs that support VLANs.
Actually, you can have it even with your current AP if you use MAC-based VLANs on your switch. However you will probably get tired fast of managing MAC addresses on the switch.
-
@viragomann Got it!
Thanks for the help. Now I am having trouble accessing the web interface for the AP from the mobile device connected to directly to AP via WiFi. I am assuming its a firewall rule.
-
@kjk54 Im not sure what happened. It appeared in the ARP Table (as incomplete) for a short minute. Now, I am unable to access the AP web interface from my phone which is connected to the AP over WiFi. My next step is digging into firewall rules.
EDIT: I forgot to mention it is now working after tagging adding port 1 as tagged, and port as untagged.
-
@mless1 said in Noob VLAN Config issue....:
Now I am having trouble accessing the web interface for the AP from the mobile device connected to directly to AP via WiFi. I am assuming its a firewall rule.
This traffic doesn't pass pfSense, since both are in the same VLAN.
It rather might be blocked by the APs default settings. -
@viragomann Hmmm. I could access it when it was on 10.0.0.1 as 10.0.0.3 from other 10.0.0.x addresses.