VLAN DHCP Issue
-
Using a VLAN for a guest wireless network, but there is no internet access on the wireless and it fails to assign an IP address to devices connecting; I'm not certain if this is an issue with the VLAN, its IP, or DHCP. Any help regarding this issue is much appreciated.
-
Impossible to help you without details. You basically came to the mechanic and stated your car is broke..
What AP are you using - how do you have it connected to yoru network.. Does your switch support vlans, how do you have the switch connected, etc. etc.
-
Sorry for the late response,
I am using a Dell unmanaged switch, pfSense, and Unifi WAP. The network goes WAN -> Router (pfSense 2.4.3) -> Switch -> WAP.
The same switch is being used on other networks with similar configs. with no issue.
-
If you want to pass vlan traffic over a switch, then the switch needs to support vlans.. Or your not really isolating anything.. It might that the switch does not strip the tags but it is not a Correct solution. And is not secure at all.. So defeats the whole purpose of a "guest" network and isolation of your guests from your normal network once it hits switch that does not isolate traffic based n the tag or lack of tag.
Get yourself a vlan capable switch - even if you connect it like this..
pfsense
|
vlan switch -- AP
|
DumbswitchA 5 or 8 port gig switch that supports vlan can be had for $30ish... This is the CORRECT way to do what your asking!!
Now you can run any networks you want on your WAP based on vlans, and even your normal lan network which would be untagged.
-
@johnpoz said in VLAN DHCP Issue:
If you want to pass vlan traffic over a switch, then the switch needs to support vlans..
If you want to configure VLANs, you need a managed switch. Unmanaged switches pass VLANs just fine.
A 5 or 8 port gig switch that supports vlan can be had for $30ish..
Avoid TP-Link. They don't handle VLANs properly.
-
@jknott said in VLAN DHCP Issue:
Unmanaged switches pass VLANs just fine.
Yeah we have been over than and over that.. They might not strip the tags - but they don't isolate either... So broadcast traffic is going to go everywhere no matter what vlan tag you put on it..
Which is the whole problem with the cheap tp-link switches not allowing you to remove vlan 1 from ports. Also dumb switches can not set a pvid so now all your end devices have to tag the traffic for you to route it correctly.. If your not going going to use a vlan capable switch you might as well just run all your networks on the same layer 2.. Tags become pretty pointless be your switch strips them or not.. if the switch does not actually understand them and isolate the traffic based on them.
You would be doing everyone a HUGE favor, especially the new users to vlans that don't understand them anyway don't even mention that dumb switches pass vlans..
The ONLY advice that should be given is that if you want to do vlans you need vlan capable switch - PERIOD!! Anyone that fully understands how the tags work and what that actually means wouldn't be here asking pre 101 networking questions in the first place..
Interfaces are not switchports, and you don't do vlans over dumb switches...
Yes you can drive in that nail with the back of the screw driver, or you can pound in that screw with your hammer... Doesn't freaking mean they are the correct tools for the job at hand..
-
@johnpoz said in VLAN DHCP Issue:
Yeah we have been over than and over that.. They might not strip the tags - but they don't isolate either... So broadcast traffic is going to go everywhere no matter what vlan tag you put on it..
How much broadcast traffic will there be on a small network, that it causes a problem? For example here, my only need for a VLAN is to support guest WiFi (which I wasn't able to do thanks to TP-Link and their access point which doesn't properly support VLANs). Will there be much more traffic if I didn't have a VLAN and all WiFi used the same SSID? Also, with IPv6, which I run on my network, there's no such thing as broadcasts, so that issue is going away. On the other hand, claiming a managed switch is needed just to pass VLANs is just plain wrong. I am not against a managed switch and encourage use of them, but I don't like people spreading false info. Before claiming an unmanaged switch can't be used, you really should understand the context. There really are some where a managed switch won't make much of a difference. As for isolation, how many people, other than guys like us, are even capable of configuring an interface to access VLANs? That is assuming the computer is even capable of it. My ThinkPad isn't. Will someone using the guest WiFi be able to snoop on local traffic? There are certainly reasons for managed switches, but there are also many situations where they don't buy much.