Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Guest Wifi with Netgate XG-7100 and Ubiquiti AP *without* switch

    Scheduled Pinned Locked Moved
    L2/Switching/VLANs
    4
    5
    715
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stb
      last edited by

      Hi all,

      I am using a Netgate XG-7100 as firewall and a Ubiquiti AP-SHD as access point. The basic setup of the XG-7100 is done and works fine, also the access point works with the main SSID. The UAP-SHD is connected directly to port 8 of the XG-7100 with the PoE injector in between, but no switch.

      Now I want to create a guest wifi network which is isolated from the main SSID using VLANs. This is where I currently struggle.

      In Unifi Controller I tagged the guest wifi network with VLAN 200, and also in pfSense I set up what I believe to be a sensible configuration, however when clients connect to the guest wifi, they do not see the gateway nor do they get an IP assigned from the DHCP server.

      I'm hoping for some help here to show me my misunderstandings.

      The XG-7100 uses VLANs to separate WAN from LAN on the same lagg0. So I created an interface with VLAN 200 and put it on port 8 (tagged), but also put VLAN 4091 (LAN) on port 8 (untagged). The Port VID is 4091.

      7_1539598284764_pfsense-switch-vlans-lan.png 6_1539598284764_pfsense-switch-vlans-guests.png 5_1539598284764_pfsense-switch-vlans.png 4_1539598284764_pfsense-switch-ports.png 3_1539598284764_pfsense-services-dhcpserver.png 2_1539598284764_pfsense-interfaces-vlans.png 1_1539598284764_pfsense-interfaces-guests.png 0_1539598284762_pfsense-interfaces-assignments.png

      I would be very grateful for any pointers into the direction where I'm missing something.

      Greetings,
      Stefan

      1 Reply Last reply Reply Quote 0
      • A
        akuma1x
        last edited by

        I think this video might have what you are looking to do.

        https://www.youtube.com/watch?v=DL4vMLgBrYI

        Jeff

        1 Reply Last reply Reply Quote 0
        • I
          IT_Dept
          last edited by

          Hello Stefan,

          the ETH1-ETH8 ports of the Netgate XG-7100 appliance are members of a Marvell switch. That switch is uplinked to the pfSense appliance through two internal ports, numbered 9 and 10 respectively. You can see that in one of your screenshots, under "Interfaces / Switch / Ports".

          You should edit your port group number 3 (VLAN 200: Guests), and add these two internal uplink ports as a tagged members of your Guest VLAN. That is, the port config for your Guests VLAN should be 8t,9t,10t.

          Regards

          S D 2 Replies Last reply Reply Quote 2
          • S
            stb @IT_Dept
            last edited by

            @it_dept
            Thanks a lot. In the meantime I figured that one out also, but you are spot on and that was why it didn't work. I gave your posting a +1, not sure whether the forum here allows to mark a post as "solution".

            1 Reply Last reply Reply Quote 0
            • D
              dreamrae @IT_Dept
              last edited by

              @it_dept thank you. I've been up for a couple days without sleep trying to figure this one out. The entire site with APs is back online.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post