Trying to setup Guest VLAN but not working
-
First off, do you have DHCP running on the VLAN? Also, you say you have an untagged port on VLAN 80, which connects to the AP. this is not the way it's normally done. You use a trunk port to the AP, which would carry both main and VLAN traffic to the AP. The AP is then configured to use VLAN 80 for the guest Wifi.
-
Hi @JKnott
Thanks for getting back to me, I have DHCP setup on the GuestVLAN interface which I have included a screenshot below showing the setup for this.
All other settings are left blank. Also, on the switch I have enabled Port Trunk on Port 22 which is the AP. I have also included screenshots of this. For context I have included a list of the relevant ports.
Port 5 - Apple TV I want on the Guest VLAN
Port 22 - Ubiquiti AP
Port 2 - LAN Port on PfSense
Port 17 - Another port I want on GuestVLAN for testing
If you require any more info just let me know.
-
One thing I like to do is use port mirroring, where you can pass all traffic from 1 port to another, where you connect a computer running Wireshark. This allows you to see exactly what's happening. You should see the DHCP sequence with that. If you don't see it or some portion, that will provided clues as to where the problem is. I expect your switch should support that.
BTW, I have a Cisco switch on my LAN, which I can configure for port mirroring and have done so several times. I also have a 5 port managed switch, configured for mirroring, which I can insert into any Ethernet connection. Works well.
-
Hi @JKnott
, I sent you a private message, it may be best if we get this sorted on chat as it may be quicker. -
I generally don't use chat here. Also, it's better to keep things in the thread so others can help or learn.
-
Ok no problem, I can't see anywhere how to setup port mirroring on my switch. Although I do know that none of my devices are getting a DHCP lease and even when assigning a static IP of 192.168.0.20 I still cannot access the internet.
Therefore I do believe there is an issue with it being able to communicate to the PfSense DHCP Server.
-
Well, it's not that difficult. You enable the DHCP server on the VLAN interface. Then configure the switch to pass the VLAN through a trunk port to the AP, which must be configured for the same VLAN. Generally, you'd have one SSID for the main LAN and another for the VLAN. You can test by configuring a switch port on VLAN 80, plugging in a computer and seeing if it gets DHCP. You might also be able to configure a computer to use a VLAN and use it to check that trunk port.
I'm not familiar with your switch, so I can't advise you on it. Perhaps someone else here can. However, I have never seen a managed switch that didn't support port mirroring. Even my crappy 5 port TP-Link switch does.
-
DHCP is already enabled on the VLAN interface. I have configured port 17 on the switch to VLAN 80 on Untagged and set the VLID to 80. However, the computer does not get a DHCP when plugging into this port. What should I have port 2 set to? Port 2 is my LAN on pfSense. I thought this would be Tagged for both VLAN 80 and VLAN 1, however when doing this it knocks off my entire LAN and cannot access any other devices or the internet. I currently have it set to Tagged on VLAN 80 and Untagged on VLAN 1 and this seems to allow my VLAN 1 to work but nothing on VLAN 80
Hope that makes sense.
-
Have you checked your switch manual? Sections 9.2 & 9.3 seem to cover what you're trying to do.
-
@JKnott Yes I read through the instructions and everything I have done seems to be right. I do feel the issue lies with the PfSense setup.
-
I don't know how, if you've set up DHCP. It just works. Configuring DHCP on a VLAN is no different than on an Ethernet port. Do you have a computer you can configure for VLAN 80? If so, just plug it into the LAN side of the pfSense box and see what happens.
