What is wrong with this 2100 switch configuration?
-
@patient0 said in What is wrong with this 2100 switch configuration?:
How do you set the PVID for ports on this switch, each port can only have one PVID set, too.
That TP-Link switch is configured to use 802.1q VLANs. VLAN IDs 39–41 are tagged on Ethernet jacks 1, 23, 40, 48.
-
@patient0: Understanding what I am trying to do, what should I do differently?
-
@DominikHoffmann FWIW the factory default config doesn’t have those VLANs…by default ports 1-4 are a plain unmanaged switch. The doc page above is for isolating the ports to be separate networks/interfaces.
-
Yeah you would need the PVID set on the ports to connect untagged traffic to them but that wouldn't affect tagged traffic coming from other switches.
-
@DominikHoffmann said in What is wrong with this 2100 switch configuration?:
@patient0: I think, this is the insight I needed! VLAN 4081–4084 were holdovers from the factory-default configuration, and I simply left them in place. I should be able to simply remove those VLAN IDs, shouldn’t I?
Yes, if you have no interfaces configured for them, you can removed them. Then the ports will again be part of the switch/LAN and have VLAN 1 set for untagged traffic.
That TP-Link switch is configured to use 802.1q VLANs. VLAN IDs 39–41 are tagged on Ethernet jacks 1, 23, 40, 48.
And what is/are the PVIDs for this ports, VLAN 1?
@stephenw10 is right in that the issue with the untagged ports would not affect the tagged traffic. Except if on the TP-Link the PVID is not set to VLAN 1 but VLAN 39 or 41.
Do you have a network defined on LAN and does that work?
-
@patient0: First of all, thank you very much for your willingness to dig into my issue with me!
Yes, all the ports on the switch are set to PVID 1:
The table is scrollable, and when I scroll down PVID = 1 for all of the switch ports.
This is my new configuration in Interfaces → Switch → VLANs now looks like this:
-
Additionally, I just did another test. I configured my MacBook Pro’s Belkin USB-C to Ethernet adapter to untag traffic with VLAN ID 39 and hooked it up to Switch Port 2 on the 2100 directly. This eliminates the TP-Link switch and UniFi Wi-Fi equipment from the equation. With that simplified setup I still cannot get to the internet from my guest network.
-
@DominikHoffmann said in What is wrong with this 2100 switch configuration?:
I configured my MacBook Pro’s Belkin USB-C to Ethernet adapter to untag traffic with VLAN ID 39 and hooked it up to Switch Port 2 on the 2100 directly.
Now the switch config does indeed look good.
Am I right to assume that the normal LAN (untagged VLAN1) does work with the Belkin USB-C ethernet adapter.
Can you access the internet and the router if you set the IP,subnet, router and DNS manually for the VLAN ID 39?
Just to make sure: And you created the VLAN 39 on the macOS by creating a VLAN in System Settings / Network, Manage Virtual Interfaces > New VLAN, set tag and select the Belkin USB-C adapter.
First of all, thank you very much for your willingness to dig into my issue with me!
Same goes for you for keeping on it, it certainly takes a quite a bit time, more then one thinks it should.
-
Ok that 2100 switch config should work for a directly connected connected tagged client like that.
So do you have VLAN 39 defined as an interface? Does it have dhcp running on it? Did your test client pull a lease in the correct subnet?
-
@patient0 said in What is wrong with this 2100 switch configuration?:
Now the switch config does indeed look good.
Thanks very much for confirming!
Am I right to assume that the normal LAN (untagged VLAN1) does work with the Belkin USB-C ethernet adapter.
Yes, it does.
Can you access the internet and the router if you set the IP,subnet, router and DNS manually for the VLAN ID 39?
I don’t think that’s necessary, as my laptop pulls an IP address, router and DNS.
Just to make sure: And you created the VLAN 39 on the macOS by creating a VLAN in System Settings / Network, Manage Virtual Interfaces > New VLAN, set tag and select the Belkin USB-C adapter.
I did.
@stephenw10 said in What is wrong with this 2100 switch configuration?:
So do you have VLAN 39 defined as an interface? Does it have dhcp running on it? Did your test client pull a lease in the correct subnet?
Yes, yes and yes.
Still no cigar!
-
@DominikHoffmann said in What is wrong with this 2100 switch configuration?:
I don’t think that’s necessary, as my laptop pulls an IP address, router and DNS.
Oh, I see, I thought you didn't get an IP.
DHCP is working but you can't get to the internet. Is the captive portal still active (I have no knowledge about that, never used it) and if yes can you authenticate successfully?
And you can ping the pfSense/gateway? Can you ping an external IP address? Does DNS resolution work?
-
@patient0 said in What is wrong with this 2100 switch configuration?:
And you can ping the pfSense/gateway? Can you ping an external IP address? Does DNS resolution work?
I cannot ping it.
I don’t think, I ever checked, whether the captive portal is the culprit. I will do so this afternoon.
-
Yup if it pulls a dhcp lease in the correct subnet but cannot even ping the pfSense interface address then it must be a firewall rule or the captive portal.
-
@stephenw10: Yes, it was the captive portal. Now I have to figure out what’s wrong with the configuration…
-
D DominikHoffmann referenced this topic
-
Indeed, I have to consult the community on how to configure the captive portal, too.
