VLAN accessed wirelessly can not access internet
-
Hey. I am trying to make my VLAN access wirelessly but I can not access the internet. I can ping google, my pfsense router. For exmaple when I connect to the wifi on pc and plug also ethernet cable then the wifi is okay (based on the wifi icon on pc otherwise I have a question mark on it on linux). When I connect the VLAN through ethernet cable on port 5 on my managed switch it works fine. I have the WAP connected on port 3 and on the WAP I have created two SSIDs. One with default VLAN id which works fine and the other with VLAN id 36 which does not work. On port 1 I have the pfsense
Can someone help me with that please?
Here are screenshots of my managed switch setup
login-to-view login-to-view -
@hasekd Your switch config looks fine based on your description. And it sounds like you have things set up correctly on pfsense given that you have access when connecting directly to port 5. But perhaps a bit more information is required...
Your pfsense settings wrt VLAN, and your AP setup as well, perhaps that's where it's something you need adjusting.
-
@Gblenn You mean this? login-to-view login-to-view
-
Have you created access control lists on the interface you assigned your vlans?
-
@JonathanLee Well I do not know what you mean, so no. How to do it please? Maybe If I install OpenWrt on my wap it will be easier to config?
-
@hasekd What is listed on your interfaces tab?
-
@JonathanLee I have there the VLAN, LAN and WAN
-
@hasekd Do you have any rules listed for your VPN like this..?
I am sure you do just checking -
@JonathanLee Only this login-to-view
-
@hasekd run a trace route and see where the packets fail.. Did you set your DNS to allow resolution form your IOT side also?
Does Network interfaces have IOT selected?
-
Also have you enabled DHCP on that interface?
-
@JonathanLee I have everything allowed and enabled. Maybe the WAP is the problem I will try to change for a different one and maybe install OpenWrt on it and I will see. On this I can not install it. I did not find any tutorial to set up this on tp-link, but for OpenWrt tutorials are available
-
@hasekd said in VLAN accessed wirelessly can not access internet:
Maybe If I install OpenWrt on my wap it will be easier to config?
At least I can tell you, that I'm successfully running an OpenWRT WAP with 5 VLANs behind pfSense.
Maybe you should try to change your VLAN ID 1 into something else. Some devices don't work properly, when you have tagged and untagged packets on the same interface.
-
@viragomann Okay, I will try it with the OpenWrt and also try to change the VLAN id 1 to something else
-
OpenWRT works fine I tested it out with AP dummy mode on mine.
-
@hasekd does your AP have the DNS set as the firewall and or is it in bridge mode or is it handing out dhcp also?
-
I could not find any of these settings on the AP. I have now disconnected it and will change for some else. I will let then know if I figure it out with the other one.
-
@hasekd that ACL allows access to everything any VLAN or interface fyi
-
@hasekd Some TP-Link switches have an MDIX port and some require a crossover cable. And some have a line above two or three ports which mean you can use only one of these two or three ports for WAN/LAN.
-
@HLPPC Also, I don't think any port should be tagged except the one from the pfSense, which is doing the tagging and untagging on that port. This guide also recommends disabling vlan 1: https://youtu.be/5ohLAFHnOHg
He has a TL-SG108E which can use a straight through cable with the pfsense but on my ISP router 100% needs a crossover. The TL-SG105E has an MDIX port though, and connecting two of those switches likely needs a crossover cable, or at least it matters between the two different types of TP-Link switches. MDI to MDI.
Those are like, my favorite switches for now but easy af to softlock yourself out if you disable vlan 1, and doing so messes with pfBlocker and maybe VPN