Having issue with proper VLAN setup on SG3100 - need some advice.
-
And did you read those? They have zero to do with whatever your issue is.
Your port 3 (vlan 10) is untagged on pfsense. But you have tagged on whatever switch/AP that is?
How would that work? You can for sure set a port on your switch as vlan 10 untagged connected to pfsense, and then tagged it say going to your AP..
What might help is if you actually draw up how you have things connected and to what.
If you are connected to port 3 on pfsense, all your traffic is untagged. And outbound traffic from that port to your switch0 whatever thing there connected to lan 1 would be in vlan 1 on your TP link thing..
Any traffic leaving your tplink on lan 1 that is suppose to be vlan 10 would be tagged - how would pfsense know what to do with that?
-
Thanks for the reply John. I think I may have messed up the tagging. Here is the diagram you requested:
Let me know if you are unclear on what I am trying to do. -
Yeah you have your tag vs untagged messed up.
If have vlan 10 on port 3 of pfsense untagged. Then the port that connects to pfsense from the 2530 would be untagged.
Now if you want to tag that to send it to your AP that is fine.. Are you sending other vlans to the AP over that port? If not no reason to tag it there either.
The only time that tagging is required is when there is going to be more than 1 network/vlan on the wire. if there is only 1 vlan/network - there is no requirement to tag.
-
It's a public/private wifi thing. VLAN 10 is the public wifi.
-
Doesn't matter what it is ;)
If your not tagging it on pfsense on port 3, whatever is plugging into port 3 would not be tagged.
I run multiple tags to my APs.. 1 vlan is native untagged, and 3 others are tagged.
Your drawing doesn't show any other vlans going to the AP is the only reason I ask..
And not sure what your trying to convey with the term "tagged to Untagged" - makes no sense, and will fail.
When device connected to another device, say pfsense to switch or switch to AP.. vlan is either tagged on both, or not tagged on both.. You can not set it tagged on 1 port, and untagged on device connecting to that ports interface.
-
Thanks for explaining it so concisely, your last post made perfect sense to me. I will try it tomorrow and report back. Thanks again.
-
If a wire is going to carry more than 1 vlan, only 1 vlan can be untagged. All other vlans have to be tagged on both sides of the wire..
If wire is going to only carry 1 network, then it could be tagged or untagged. Depends on your preference.. But you can not do untagged on 1 side and tagged on the other end of the wire.
Any questions, just ask - happy to help..
-
OK here's the story so far... I have VLAN 1, which is the default lan subnet, going to the private side of my WAP - it is UNTAGGED. The public side, which originates on port 3 of the Pfsense is all TAGGED (VLAN 10) in Interfaces and in the Switch menu. Port 3 goes into the HP 2530 switch -> port 39 which is TAGGED VLAN 10. Port 37 & 41 feed the WAP's and they are both TAGGED VLAN 10 as well. The TP-Link Archer C7 running ddwrt is also TAGGED VLAN 10 on the appropriate ports. From the diagnostic on the TP-Link Archer C7 I can ping the public gateway 192.168.1.10 but no DHCP so no connection from client. Is this right or am I still messing it up somehow?
-
Had you verified you have the DHCP server enabled on the VLAN interfaces?
-
Yep.
