Folks I need Help!

johnpoz

We already went over what needs to be tagged where.. Yes completely agree with you

Port to pfsense needs vlan 100 tagged.. And then any uplinks to any AP that would be doing vlan 100 on SSID also tagged, etc.

But he can not seem to get vlan 100 to work..

NeoDude

Have we established that his AP is VLAN aware? and set up to use VLAN100?

jehu

@NeoDude:

Have we established that his AP is VLAN aware?

AP is vlan aware it's a Ubiquiti UniFi AP-AC-Pro AP…but if I plug my laptop in that port I can't get and ip

johnpoz

He is not doing that yet - he is just connecting a device to is vlan port 10.. And its not getting an IP from pfsense, or can not talk to pfsense.  If he can not get a simple access port to work.. Then what is the point of moving to AP?

on your pfsense box can you do a ifconfig and post the output so we can see that your nic actually supports vlan tagging..

example

em2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
        options=9b<rxcsum,txcsum,vlan_mtu,<strong>VLAN_HWTAGGING,VLAN_HWCSUM>
        ether 00:50:56:00:00:03
        inet6 fe80::250:56ff:fe00:3%em2 prefixlen 64 scopeid 0x3
        inet 192.168.2.253 netmask 0xffffff00 broadcast 192.168.2.255</rxcsum,txcsum,vlan_mtu,<strong></up,broadcast,running,promisc,simplex,multicast>

jehu

here you go

em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=5009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso>ether 00:14:5e:77:61:9c
        inet6 fe80::214:5eff:fe77:619c%em0 prefixlen 64 scopeid 0x1
        inet 24.23.x.x netmask 0xfffff800 broadcast 24.239.15.255
        nd6 options=23 <performnud,accept_rtadv,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=5009b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso>ether 00:14:5e:77:61:9d
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::1:1%em1 prefixlen 64 scopeid 0x2
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
pflog0: flags=100 <promisc>metric 0 mtu 33160
pfsync0: flags=0<> metric 0 mtu 1500
        syncpeer: 224.0.0.240 maxupd: 128 defer: on
        syncok: 1
enc0: flags=0<> metric 0 mtu 1536
        nd6 options=21 <performnud,auto_linklocal>lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
        options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
        nd6 options=21 <performnud,auto_linklocal>em1_vlan100: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=3 <rxcsum,txcsum>ether 00:14:5e:77:61:9d
        inet6 fe80::214:5eff:fe77:619d%em1_vlan100 prefixlen 64 scopeid 0x7
        inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        vlan: 100 vlanpcp: 0 parent interface: em1</full-duplex></performnud,auto_linklocal></rxcsum,txcsum></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></performnud,auto_linklocal></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,vlan_hwfilter,vlan_hwtso></up,broadcast,running,simplex,multicast>

NeoDude

Your laptop won't work on port 10 because it's not a member of VLAN1 and I'm guessing the laptop isn't VLAN aware.

johnpoz

^ what??  Its a native vlan.. Laptop does not have to have any clue to what vlan its on.. Its native untagged vlan..

NeoDude

According to the listing back on the first page, his port 10 is not a member of the native VLAN (VLAN1), it is only a member of VLAN100, if this is a tagged port then the laptop won't see it.

hda

pfSense(to switch) vLAN(100);
switch upload(to pfSense) Tagged(100) for port(AP) /Trunk;
switch port(AP) Untagged;
AP no vLAN.

jehu

@hda:

pfSense(to switch) vLAN(100);
switch upload(to pfSense) Tagged(100) for port(AP) /Trunk;
switch port(AP) Untagged;
AP no vLAN.

Sorry not sure I understood all that.
Is there someone with any other ideas…maybe someone with the same switch?

NeoDude

Ah, I gotcha now. You have port 10 set as VLAN100 untagged and it's not working? Sorry about my ramblings then, lol. I'm not familiar with Cisco switch terminology but would there not be a PVID setting to also get changed for port 10 to tag traffic from the laptop as VLAN100? Or is that all taken care of when assigning the port?

johnpoz

When you assign the port it changes the pvid.

Are we SURE!! that pfsense is connected to port 3 that you have set to trunk??

Your saying all the other ports work, ie vlan 1 but not vlan 100..  Seems like to me if you were on some other port and not 3 that is exactly what would happen.

Please verify that, and if in fact in 3 then lets sniff on pfsense lan interface.  You should see the tagged dhcp discover come in..

jehu

port 3 is connected to pfsense and trunk with vlan 100 allowed.
port 10 is set as vlan 100, is access port…not trunk.
if I plug into any other port which is set to vlan 1 default on the switch I get ip address and internet.
port 10 which is vlan 100 cannot reach the dhcp server.

jehu

OK got it all working…still not sure what it was. I reinstall Pfsense and factory reset my switch redid everything and seems to work.
Might have been also a problem the laptop adaptor I was connecting to the switch, one person mentioned that, so I tried my desktop and it work.
All is good now.
Thanks guys for all your help. :D