Folks I need Help!
-
Correct me if I'm wrong but you only appear to have VLAN100 tagged on one port?
Yes…do I need more ports?
I did try that and it didn't work -
You need VLAN100 tagged on the port that connects to your WiFi AND the port that connects back to pfSense. VLAN1 should remain untagged but active on all ports. Your AP also needs to be VLAN aware, what one are you using?
-
You need VLAN100 tagged on the port that connects to your WiFi AND the port that connects back to pfSense. VLAN1 should remain untagged but active on all ports. Your AP also needs to be VLAN aware, what one are you using?
Sorry really green at this…vlan 100 to tagged to port 10 and port that connects to pfsense is port 3.
If you can help me with the commands I would appreciate it, see below, show run command...thxinterface GigabitEthernet1/0/3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100,1001-1005
switchport mode trunk
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
switchport access vlan 100
switchport mode access -
ok so port 10 is in vlan 100
Can you do a show interfaces trunk
Or how about
sho int switchport G1/0/3That is the port you have in trunk mode to pfsense right..
I would remove this from your port 3
switchport trunk encapsulation dot1qconf t
int gi1/0/3
no switchport trunk encapsulation dot1qThen show the commands of the ones I gave above.
Then once you have a device that you connect to on port 10, we can worry about connecting a AP on another trunk port that does vlans, etc.
-
I wouldn't have a clue about commands, my switch has a Web GUI 8)
But if pfSense is on port 3 then that also needs tagged to VLAN100
-
ok so port 10 is in vlan 100
Can you do a show interfaces trunk
Or how about
sho int switchport G1/0/3That is the port you have in trunk mode to pfsense right..SW#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/3 on 802.1q trunking 1Port Vlans allowed on trunk
Gi1/0/3 1,100,1001-1005Port Vlans allowed and active in management domain
Gi1/0/3 1,100Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/3 1,100Yes port 3 is trunk…see below
-
We already went over what needs to be tagged where.. Yes completely agree with you
Port to pfsense needs vlan 100 tagged.. And then any uplinks to any AP that would be doing vlan 100 on SSID also tagged, etc.
But he can not seem to get vlan 100 to work..
-
Have we established that his AP is VLAN aware? and set up to use VLAN100?
-
Have we established that his AP is VLAN aware?
AP is vlan aware it's a Ubiquiti UniFi AP-AC-Pro AP…but if I plug my laptop in that port I can't get and ip
-
He is not doing that yet - he is just connecting a device to is vlan port 10.. And its not getting an IP from pfsense, or can not talk to pfsense. If he can not get a simple access port to work.. Then what is the point of moving to AP?
on your pfsense box can you do a ifconfig and post the output so we can see that your nic actually supports vlan tagging..
example
em2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=9b<rxcsum,txcsum,vlan_mtu,<strong>VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:50:56:00:00:03
inet6 fe80::250:56ff:fe00:3%em2 prefixlen 64 scopeid 0x3
inet 192.168.2.253 netmask 0xffffff00 broadcast 192.168.2.255</rxcsum,txcsum,vlan_mtu,<strong></up,broadcast,running,promisc,simplex,multicast> -
here you go
em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=5009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso>ether 00:14:5e:77:61:9c
inet6 fe80::214:5eff:fe77:619c%em0 prefixlen 64 scopeid 0x1
inet 24.23.x.x netmask 0xfffff800 broadcast 24.239.15.255
nd6 options=23 <performnud,accept_rtadv,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=5009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso>ether 00:14:5e:77:61:9d
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::1:1%em1 prefixlen 64 scopeid 0x2
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
pflog0: flags=100 <promisc>metric 0 mtu 33160
pfsync0: flags=0<> metric 0 mtu 1500
syncpeer: 224.0.0.240 maxupd: 128 defer: on
syncok: 1
enc0: flags=0<> metric 0 mtu 1536
nd6 options=21 <performnud,auto_linklocal>lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
nd6 options=21 <performnud,auto_linklocal>em1_vlan100: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=3 <rxcsum,txcsum>ether 00:14:5e:77:61:9d
inet6 fe80::214:5eff:fe77:619d%em1_vlan100 prefixlen 64 scopeid 0x7
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 100 vlanpcp: 0 parent interface: em1</full-duplex></performnud,auto_linklocal></rxcsum,txcsum></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></performnud,auto_linklocal></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast> -
Your laptop won't work on port 10 because it's not a member of VLAN1 and I'm guessing the laptop isn't VLAN aware.
-
^ what?? Its a native vlan.. Laptop does not have to have any clue to what vlan its on.. Its native untagged vlan..
-
According to the listing back on the first page, his port 10 is not a member of the native VLAN (VLAN1), it is only a member of VLAN100, if this is a tagged port then the laptop won't see it.
-
pfSense(to switch) vLAN(100);
switch upload(to pfSense) Tagged(100) for port(AP) /Trunk;
switch port(AP) Untagged;
AP no vLAN. -
@hda:
pfSense(to switch) vLAN(100);
switch upload(to pfSense) Tagged(100) for port(AP) /Trunk;
switch port(AP) Untagged;
AP no vLAN.Sorry not sure I understood all that.
Is there someone with any other ideas…maybe someone with the same switch? -
Ah, I gotcha now. You have port 10 set as VLAN100 untagged and it's not working? Sorry about my ramblings then, lol. I'm not familiar with Cisco switch terminology but would there not be a PVID setting to also get changed for port 10 to tag traffic from the laptop as VLAN100? Or is that all taken care of when assigning the port?
-
When you assign the port it changes the pvid.
Are we SURE!! that pfsense is connected to port 3 that you have set to trunk??
Your saying all the other ports work, ie vlan 1 but not vlan 100.. Seems like to me if you were on some other port and not 3 that is exactly what would happen.
Please verify that, and if in fact in 3 then lets sniff on pfsense lan interface. You should see the tagged dhcp discover come in..
-
port 3 is connected to pfsense and trunk with vlan 100 allowed.
port 10 is set as vlan 100, is access port…not trunk.
if I plug into any other port which is set to vlan 1 default on the switch I get ip address and internet.
port 10 which is vlan 100 cannot reach the dhcp server. -
OK got it all working…still not sure what it was. I reinstall Pfsense and factory reset my switch redid everything and seems to work.
Might have been also a problem the laptop adaptor I was connecting to the switch, one person mentioned that, so I tried my desktop and it work.
All is good now.
Thanks guys for all your help. :D
