Setting Up Multiple Wireless SSIDs w/ 1 Access Point

pfsushi · Jul 23, 2018, 5:26 PM

I should have been more clear.. I've connected ETH1 to my laptop in order to "Share" it out via VirtualBox

So it's within the VM environment. Amazingly it works with the default SSIDs. That traffic and interface shows up.. works great.

It's this VLAN thing. Which got me thinking that Tomato isn't tagging that traffic or something and it doesn't even pass anything to pfSense.

I'm in the midst of trying to figure out why. The VID is set and the Tag option is checked. Looks great but any other device that sees this Guest network, can connect (so the AP is fine with it) but no Internet. And no IP of what it should be as configured within the pfSense interface.

If I connect to say.. Tomato24 (default SSID no VLAN).. it's awesome. No problem. pfSense sees that interface and away it goes.

Derelict · Jul 23, 2018, 5:30 PM

I am going to be pretty much unable to help you with getting the VLAN tags passing through the AP and virtual environment. I don't use Tomato or Virtualbox. Sorry.

If the pfSense interface is assigned to something like VLAN 10 on igb0, the interface is enabled and numbered, and the DHCP server is active, then all it is waiting for is traffic to arrive there tagged for VLAN 10.

pfsushi · Jul 23, 2018, 5:49 PM

I've seen VLAN 10 mentioned somewhere in another tutorial.

Makes me think you are correct from the get-go. The AP isn't tagging the traffic appropriately because it's not connecting to pfSense and DHCP, etc etc

I think you've helped a lot actually. It's not pfSense.

It's how traffic is being tagged and how it's not going where it should to get an address from pfSense which sees the Interface and has the service enabled.

Gotta be this AP VLAN configuration for an additional SSID.

pfsushi · Jul 23, 2018, 7:33 PM

For whatever reason.. I unchecked the Port 1 on my VLAN 1 ... and because of that, the wireless traffic passing now gets assigned correctly in pfSense.

Simply unchecked Port 1 for VLAN 1 and assigned that VLAN 3 to Port 1.

I would have thought you could send all traffic thru a single port and simply tag the frames? Maybe not in this case but I do not proclaim to understand the deep technical nuances of networking. Just the basics. Which is why I survived and now I've got 3 separate SSIDs all getting their own IP ranges and going thru pfSense!

Thanks for the help. Your comment really got me thinking.

pfsushi · Jul 23, 2018, 9:03 PM

Ah son of a ....

All I solved was by putting VLAN 3 on Port 1, the traffic works perfect but now the other SSIDs do not because there is no physical ETH connection coming out of Ports 2-4 to the pfSense box.

I thought by "tagging" the traffic, all traffic could come out of Port 1 but somehow be segmented because it was tagged and would match up on a VLAN created in pfSense.

If this does work in theory, it might not work with Advanced Tomato on my Asus RT-AC68U box. There might be some bug that isn't allowing traffic to be appropriately tagged.

Meaning, while I can create several VLANS and associate them with various Virtual Wireless networks, I can't get anything connecting to the AP to do anything with it except connect to whatever is listed on Port 1

Derelict · Jul 23, 2018, 9:04 PM

Yes you can put multiple tagged VLANs on one physical interface. That's sort of the whole point.

pfsushi · Jul 23, 2018, 9:30 PM

That's what I thought!

So it's gotta be going back to your original point.. your AP isn't tagging your traffic appropriately so when it says VLAN3 has a VID of 3 which matches the pfSense of VLAN 3 ...

My AP isn't doing it right. I can see all the APs SSIDs. I can connect but not all of them will give me DHCP because that traffic beyond whatever says is connected on Port 1 to my pfSense box isn't getting tagged beyond the default.

I think you were right on the first time and my issue is Tomato and VLAN tagging with this specific model router.

Could be that VirtualBox's NIC doesn't support VLAN tagging either. Given this isn't an actual physical box.. with a support NIC... it may be VBox doesn't support VLAN tagging thus it's configured correctly but won't work because of a non-supported configuration. I'll have to go search to see if VBox has any issues with VLAN tagging.

pfsushi · Jul 23, 2018, 9:34 PM

Hmmm...

https://askubuntu.com/questions/628781/vlan-is-not-working-in-virtual-box

"don't use the Intel PRO/1000 family of adaptors, because they will strip the VLAN tags. Instead, either use the Paravirtualized Network adaptor old default of AMD PCNet FAST III, neither of which seem to have this restriction."

I am indeed using the default Intel PRO/1000 default in my VBox setup.

I'll switch in my VBox settings for my pfSense host and see what gives.

pfsushi · Jul 24, 2018, 3:48 PM

I've come to the conclusion that VirtualBox/VMWare Player do not truly support VLAN tagging.

I can get a pretty good lab going using VBox but if I create additional SSIDs, and tag them.. the show up in pfSense but the traffic doesn't route properly.

It's not a pfSense issue. It's not an Advanced Tomato or my router.

Virtualization using these 2 products and the associated selection of virtual adapters just does not support proper tagging.

johnpoz · Jul 24, 2018, 3:54 PM

You understand both of those are free products for "simple" use or end users to play with right. If you want to play with vlan tags than use say esxi - also FREE..

pfsushi · Jul 24, 2018, 3:58 PM

Yes I understand that.. I didn't know if it would work or not.

I think esxi is beyond the specs of my simple laptop setup. But I'll look into it.