Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots

    Scheduled Pinned Locked Moved Hardware
    31 Posts 5 Posters 6.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      So do your non vlan have internet? And its just the vlan that doesnt?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      S 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @sethelyon
        last edited by

        @sethelyon said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

        I can only ping 192.168.30.1 which also redirects me to pfSense.

        What does this mean exactly - redirects you to pfsense?

        Are you running proxy? Any other packages?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • S
          sethelyon @johnpoz
          last edited by

          @johnpoz said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

          So do your non vlan have internet? And its just the vlan that doesnt?

          Non VLAN has internet, just that this VLAN 30 doesn't have internet.

          Made a new test where I created a new vlan with a different AP (old dlink ap) and it worked. But is it on a different vlan and untagging that port (different port) works.

          So the issue may come to when I have 2 vlans on a single port (port 8). Which I dont know if the switch is to blame which gave the right IP anyway.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            I don't have unifi switch... But I have their AP and been using them for long time...

            Simple enough test to check on pfsense via tcpdump if your seeing the tags or not.. If you can say you can ping the vlan IP of pfsense then it should be working.

            And you say you can not even ping teh lan IP? You sure there is not something stepping on your vlan IP? 30.1

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            S 1 Reply Last reply Reply Quote 0
            • S
              sethelyon @johnpoz
              last edited by

              @johnpoz said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

              I don't have unifi switch... But I have their AP and been using them for long time...

              Simple enough test to check on pfsense via tcpdump if your seeing the tags or not.. If you can say you can ping the vlan IP of pfsense then it should be working.

              And you say you can not even ping teh lan IP? You sure there is not something stepping on your vlan IP? 30.1

              can't ping the IP LAN. I'm on the investigation to check if there's any installed packages that is stepping on my VLAN 30. Because there's a few like avahi, suricata, squid which I didn't put in the first place. (home lab with some guys testing it as well).

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                @sethelyon said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

                suricata, squid

                Dude!! You need to mention this from the get go... Turn these off!! For troubleshooting.

                You should be able to ping the lan IP.. Your saying you can access pfsense web gui from the vlan?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                S 1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Yeah that is very confusing having those ports still marked tagged and untagged but not applying that setting. Weird. Guess I learned something today. 😉
                  Anyway the fact you are getting an IP in the correct subnet and can ping the pfSense interface tells me the VLAN is configured correctly.

                  Can you ping 192.168.0.1 from a client on the guest VLAN?

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • S
                    sethelyon @johnpoz
                    last edited by

                    @johnpoz said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

                    @sethelyon said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

                    suricata, squid

                    Dude!! You need to mention this from the get go... Turn these off!! For troubleshooting.

                    You should be able to ping the lan IP.. Your saying you can access pfsense web gui from the vlan?

                    I am so sorry I didn't mention that, extended apologies to everyone who's still on board.

                    Yes, I can access pfsense web gui on from the VLAN but no pings elsewhere.

                    @stephenw10, got the wrong switch apparently :(
                    VLAN30 guest cant ping LAN IP. so frustrating.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      @sethelyon said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

                      VLAN30 guest cant ping LAN IP

                      You made this vlan a GUEST in unifi?

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        sethelyon @johnpoz
                        last edited by

                        @johnpoz said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

                        @sethelyon said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

                        VLAN30 guest cant ping LAN IP

                        You made this vlan a GUEST in unifi?

                        Heavens no, I was planning to but no it is not that's why @stephenw10 mentioned that if it was a guest vlan and I was subconsciously thought that it's supposed to be a guest vlan.

                        but for this issue, no it is not a guest vlan. I have opened the firewall rules to see any-any.

                        S 1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by johnpoz

                          Well then you should be able to ping the lan IP of pfsense..

                          Do a sniff on pfsense interface.. Do you see the tag when you ping?

                          [2.4.4-RELEASE][admin@sg4860.local.lan]/root: tcpdump -i igb2 -e

                          09:49:25.972570 00:08:a2:0c:e6:20 (oui Unknown) > 68:54:fd:47:87:32 (oui Unknown), ethertype 802.1Q (0x8100), length 99: vlan 4, p 0, ethertype IPv4, 52.46.136.77.https > Alexa.local.lan.47812: Flags [P.], seq 1:42, ack 41, win 1076, length 41
                          09:49:25.977447 68:54:fd:47:87:32 (oui Unknown) > 00:08:a2:0c:e6:20 (oui Unknown), ethertype 802.1Q (0x8100), length 60: vlan 4, p 0, ethertype IPv4, Alexa.local.lan.47812 > 52.46.136.77.https: Flags [.], ack 42, win 1734, length 0
                          09:49:26.581007 68:54:fd:47:87:32 (oui Unknown) > 00:08:a2:0c:e6:20 (oui Unknown), ethertype 802.1Q (0x8100), length 103: vlan 4, p 0, ethertype IPv4, Alexa.local.lan.39887 > ec2-34-200-196-96.compute-1.amazonaws.com.https: Flags [P.], seq 2206533354:2206533387, ack 2533339789, win 1686, options [nop,nop,TS val 153474635 ecr 1486154430], length 33
                          

                          Where igb2 is my physical interface that vlans are sitting on... See the traffic marked with vlan 4

                          You sure your rule on vlan 30 is any any, its not say set to TCP? Yeah just looked back and looks fine... Please disable your IPS and proxy to test..

                          Your not seeing anything blocked in the firewall? Enable logging on your allow rule on vlan 30

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Do you see blocked traffic in the pfSense firewall log?

                            It seems like your client has the wrong default route or no default route. It looks to have the right gateway though. Hmm...

                            1 Reply Last reply Reply Quote 0
                            • S
                              Spoolio @sethelyon
                              last edited by

                              @sethelyon
                              I just worked through something similar--the tutorial I was following forgot to add the DNS on the new VLAN interface, which resulted in clients showing no internet. I got clued (after a solid 2 hrs of peaking through settings in unifi and pfsense) in when I typed 1.1.1.1 into my browser to stimulate traffic to sniff and it worked. I felt super smart.
                              If you can't laugh at yourself...

                              J

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.