How to make use of VLANs
-
You have to set up a trunk port on the switch to connect to the AP and also pfSense. This will allow it to carry all VLANs. You then configure pfSense with VLANs. However, I have that same AP and it doesn't handle VLANs/SSIDs well. TP-Link doesn't seem to understand the concept of VLANs and how they're supposed to be logically separate. As I result, traffic from the native LAN will be mixed in with the VLAN. After much frustration, I gave up on the idea of VLANs & multiple SSIDs on it.
BTW, I had a lot of discussion with first level support about this issue and that person insisted it was normal. It was only the person at 2nd level support who understood the problem, but there was no fix forthcoming.
-
there is bunch of discussion in another thread heard about the tplink switches and a hack to remove the vlan 1 nonsense.
But I would suggest you get a different switch the dsg1100 from dlink is same price point and handles vlans correctly.
I have lack of confidence that the tp-link AP handles vlans correctly either. I would suggest another AP, the unifi line handles vlans correctly. And very reasonable priced.
-
Another possibility is the D-Link DAP-2660. While I haven't used this AP, I trust D-Link, more than I do TP-Link, to handle VLANs properly.
http://ca.dlink.com/products/access-points/wireless-ac1200-simultaneous-dual-band-poe-access-point/ -
Thanks for the suggestions… I have just did a factory reset and for the time I will just use the TL-Link as a simple AP until I move over to something else.
-
there is bunch of discussion in another thread heard about the tplink switches and a hack to remove the vlan 1 nonsense.
But I would suggest you get a different switch the dsg1100 from dlink is same price point and handles vlans correctly.
I have lack of confidence that the tp-link AP handles vlans correctly either. I would suggest another AP, the unifi line handles vlans correctly. And very reasonable priced.
The issue is not with the switch (which is a Netgear GS108E) which working fine, it seems to be an issue with the TL-Link AP and it's poor understanding of VLANS.
-
The issue is not with the switch (which is a Netgear GS108E) which working fine, it seems to be an issue with the TL-Link AP and it's poor understanding of VLANS.
While your issue may be about the AP, the overall point is that TP-Link should be avoided when VLANs are going to be used. As I mentioned, they don't seem to understand them. Regardless, when you get an AP that properly supports VLANs, you will still have to configure the switch with trunk ports for both pfSense and the AP.
-
You have to set up a trunk port on the switch to connect to the AP and also pfSense. This will allow it to carry all VLANs. You then configure pfSense with VLANs. However, I have that same AP and it doesn't handle VLANs/SSIDs well. TP-Link doesn't seem to understand the concept of VLANs and how they're supposed to be logically separate. As I result, traffic from the native LAN will be mixed in with the VLAN. After much frustration, I gave up on the idea of VLANs & multiple SSIDs on it.
BTW, I had a lot of discussion with first level support about this issue and that person insisted it was normal. It was only the person at 2nd level support who understood the problem, but there was no fix forthcoming.
What I was able to do was to more or less replicated port 1 that is the trunk back to the OPT1 and did the same on port 2 with the TL-Link AP connected. At first, everything was moving along well, VLAN 15 (My wireless access to the net) gave out an address and the same is true with VLAN 50 (which are my streaming devices). I was able to see the SSIDs so it looked like a win. I have been banging around with the firewall rules because not a single rule seems to be working. For instance, I am able to get a receive an address and I am able to ping each of the gateway of each interface, but as for as pinging other devices, it is a no go. I am also not able to route through the WAN, so no internet for me right now.
-
Lets see your rules..
-
-
You are passing all traffic from the Guest network. If your Layer 2 is good, you have good DHCP, good DNS, and have good outbound NAT it should be working.
-
Thanks for all of the pointers from everyone. I decided to forgo the VLAN multi SSID feature of the TL-Link AP and move it over to the LAN. I do have a Ubiquiti NanoStation loco M2 that I thought that I would swap with the TL-Link, but until I can understand the VLAN process, I will save that for another time.
