Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Having issue with proper VLAN setup on SG3100 - need some advice.

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    15 Posts 3 Posters 1.7k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • myriadM Offline
      myriad @myriad
      last edited by

      Hey Mods. I think I should have posted this thread in L2/Switching/VLANs. Can you please move it? Thanks.

      1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator @myriad
        last edited by johnpoz

        And did you read those? They have zero to do with whatever your issue is.

        Your port 3 (vlan 10) is untagged on pfsense. But you have tagged on whatever switch/AP that is?

        tagged.png

        How would that work? You can for sure set a port on your switch as vlan 10 untagged connected to pfsense, and then tagged it say going to your AP..

        What might help is if you actually draw up how you have things connected and to what.

        If you are connected to port 3 on pfsense, all your traffic is untagged. And outbound traffic from that port to your switch0 whatever thing there connected to lan 1 would be in vlan 1 on your TP link thing..

        Any traffic leaving your tplink on lan 1 that is suppose to be vlan 10 would be tagged - how would pfsense know what to do with that?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

        1 Reply Last reply Reply Quote 0
        • myriadM Offline
          myriad
          last edited by myriad

          Thanks for the reply John. I think I may have messed up the tagging. Here is the diagram you requested:
          VLAN to WAP.jpeg
          Let me know if you are unclear on what I am trying to do.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator @myriad
            last edited by

            Yeah you have your tag vs untagged messed up.

            If have vlan 10 on port 3 of pfsense untagged. Then the port that connects to pfsense from the 2530 would be untagged.

            Now if you want to tag that to send it to your AP that is fine.. Are you sending other vlans to the AP over that port? If not no reason to tag it there either.

            The only time that tagging is required is when there is going to be more than 1 network/vlan on the wire. if there is only 1 vlan/network - there is no requirement to tag.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

            1 Reply Last reply Reply Quote 0
            • myriadM Offline
              myriad
              last edited by

              It's a public/private wifi thing. VLAN 10 is the public wifi.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ Online
                johnpoz LAYER 8 Global Moderator @myriad
                last edited by

                Doesn't matter what it is ;)

                If your not tagging it on pfsense on port 3, whatever is plugging into port 3 would not be tagged.

                I run multiple tags to my APs.. 1 vlan is native untagged, and 3 others are tagged.

                Your drawing doesn't show any other vlans going to the AP is the only reason I ask..

                And not sure what your trying to convey with the term "tagged to Untagged" - makes no sense, and will fail.

                When device connected to another device, say pfsense to switch or switch to AP.. vlan is either tagged on both, or not tagged on both.. You can not set it tagged on 1 port, and untagged on device connecting to that ports interface.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                1 Reply Last reply Reply Quote 0
                • myriadM Offline
                  myriad
                  last edited by

                  Thanks for explaining it so concisely, your last post made perfect sense to me. I will try it tomorrow and report back. Thanks again.

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ Online
                    johnpoz LAYER 8 Global Moderator @myriad
                    last edited by

                    If a wire is going to carry more than 1 vlan, only 1 vlan can be untagged. All other vlans have to be tagged on both sides of the wire..

                    If wire is going to only carry 1 network, then it could be tagged or untagged. Depends on your preference.. But you can not do untagged on 1 side and tagged on the other end of the wire.

                    Any questions, just ask - happy to help..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                    1 Reply Last reply Reply Quote 1
                    • myriadM Offline
                      myriad
                      last edited by

                      OK here's the story so far... I have VLAN 1, which is the default lan subnet, going to the private side of my WAP - it is UNTAGGED. The public side, which originates on port 3 of the Pfsense is all TAGGED (VLAN 10) in Interfaces and in the Switch menu. Port 3 goes into the HP 2530 switch -> port 39 which is TAGGED VLAN 10. Port 37 & 41 feed the WAP's and they are both TAGGED VLAN 10 as well. The TP-Link Archer C7 running ddwrt is also TAGGED VLAN 10 on the appropriate ports. From the diagnostic on the TP-Link Archer C7 I can ping the public gateway 192.168.1.10 but no DHCP so no connection from client. Is this right or am I still messing it up somehow?

                      S 1 Reply Last reply Reply Quote 0
                      • S Offline
                        SteveITS Galactic Empire @myriad
                        last edited by

                        Had you verified you have the DHCP server enabled on the VLAN interfaces?

                        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                        Upvote 👍 helpful posts!

                        1 Reply Last reply Reply Quote 0
                        • myriadM Offline
                          myriad
                          last edited by

                          Yep. dhcp.png

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.