VLAN accessed wirelessly can not access internet
-
@HLPPC Also, I don't think any port should be tagged except the one from the pfSense, which is doing the tagging and untagging on that port. This guide also recommends disabling vlan 1: https://youtu.be/5ohLAFHnOHg
He has a TL-SG108E which can use a straight through cable with the pfsense but on my ISP router 100% needs a crossover. The TL-SG105E has an MDIX port though, and connecting two of those switches likely needs a crossover cable, or at least it matters between the two different types of TP-Link switches. MDI to MDI.
Those are like, my favorite switches for now but easy af to softlock yourself out if you disable vlan 1, and doing so messes with pfBlocker and maybe VPN
-
@hasekd also I got a tplink wap working with vlans through pfsense itself but it has some lib-c issues maybe with beamforming or mu-mimo and compression. I think their library is zlib or libz or something. The firmware is online but I'd rather have this omada setup entirely for it. Omada controller, jetstream switch.
The lack of the library or whatever is missing for it in pfSense can cause some videogames to bug out but it worked rather swell otherwise (A+ bufferbloat with traffic shaping) (could have been my jank mobo too ). Begged for ntp and upnp constantly but can be port forwarded to pfsense. Also tries talking over strange high range subnets like 224.0.0.0-239.0.0.0 last time I tried it.
-
@HLPPC tagging the wifi traffic also may require devices to be tagged which is overkill for trunking. Trunking and retrunking is a headache.
-
@hasekd https://youtu.be/8ht_myXKfvQ
time 1:20 explaining the switch ports if they are there.
You probably want a xover. Easy to cut.Edit: mybad you have one switch. Jeeze I am daft sometimes
I can't say I had a good or bad time trying a crossover cable to the wap but some are POE, which I definitely wouldn't crossover directly. And because of that linux library issue got a compatible PoE switch and have yet to plug it all together.
-
@HLPPC try not using port 5 with the 5 port switch at all. Whichever one has the square around it. 1 or 5. It is evil. Unless you plug the mdix port directly into the pfsense with a straight through cable. And yeah your vlans are overkill. I sent photos of the controller gear.
-
@hasekd
Here is some random help if you want to view what country DNS or OSPF and MD5 hashes are trying to go to. It is easier to capture them in Windows but in a sterile environment. But maybe weird stuff only procs when WAPS are plugged into windowshttps://youtu.be/z6MzIDwjUmc?si=pxvOlySudx5QpDS1
Plugging stuff into IOMMU and SR-IOV motherboards may trigger loads of C++ routing, Linux ELF binaries, and stuff causing radix or patricia tree overloads or something idk. Lawd knows what it does to linux Wireless access points, BUT WAPs are pretty cool.
-
@hasekd next time I try VMs with static IP blocks I'll try giving all local hosts different IP addresses.
-
Tried many things until now and nothing have worked. Now I dont use tplink firmware, but installed OpenWRT and still have the same problem, that I am getting ip address from the network, but still can not connect to the internet. The port on switch that is connected to router should be tagged, when I made it untagged I was only able to get ip address from iot network. So I think there should be problem in the OpenWRT configuration, but I dont know where, maybe the interfaces. I can provide screenshots if you write what specificly I should show
-
@hasekd
So how did you configure the OpenWRT? As a router or as an access point? Each requires different VLAN settings. -
@viragomann as access point
-
@hasekd
So you might have a bridge device (br-lan), where you have to configure the VLANs on:
Network > Interfaces > Devices
br-lan > configure > Bridge VLAN filtering
Enable VLAN FilteringHere you have to set connected network port as tagged for your VLANs.
Then create interfaces for your VLANs:
Network > Interfaces > Add new interface > Name [give it a name] > Protocol [Unmanaged] > Device [select your Sofware VLAN: br-lan.xx]Then use these interfaces in the VLAN configuration.
Did you configure it this way?
-
@viragomann I tried it this way. Now I am connected to the wifi with the IoT interface, but I get IP from my main network. This is the configuration:
-
@hasekd
Did you also create an interface, with the VLAN device?
And is it selected in the respective WLAN settings? -
@viragomann I thought that this what I created is the interface with the VLAN device. It is selected in the WLAN
-
@hasekd
So the Wifi is connected to the VLAN and should be properly separated on the OpenWRT.However, if a Wifi device, which is connected to this SSID, gets an IP of another network it might lack anywhere else. Maybe on the switch?
-
@viragomann
This is my switch conf. On port 1 I have pfsense port 5 - homeassistant that is connected via ethrnet cable, port 4 - OpenWRT -
@hasekd
I don't know this switch, but looks plausible so far.Anyway, to investigate just plug the OpenWRT directly into the pfSense NIC port and see if you get an IP out of the VLAN then.
-
@viragomann
Still have the IP from main lan -
@hasekd
Did you even renew it?Can you post screenshots from the OpenWRT Interfaces page and the WLAN interface settings?
And as well from pfSesse Interface assignments. -
@viragomann
I did