VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots

sethelyon

Hi everyone! Hope you find this post well. Im having difficulties setting up a 2nd wireless network on my home lab. Here's my environment.

Connected to WAN as PPPoE
Router: pfSense 2.4.4
Switch: EdgeSwitch8XP
AP: UniFi AC LR.

I've already setup the basic vlan configuration on pfsense and switch but still no luck. I've opened up the firewalls just to rule out any misconfigs.

LAN is 192.168.0.1
VLAN: 30 (set up in my devices)
VLAN 30 is 192.168.30.1
DHCP is enabled on both LAN and VLAN 30
Clients on VLAN 30 somehow gets the right IP but unable to connect to the internet.

Below is screenshots that I hope would help rule out any misconfigs I've done.

VLAN 30 Configuration:

pfSense Interface

VLAN 30 Interface

VLAN 30 DHCP Server settings

pfSense LAN Firewall Rules

pfSense VLAN 30 Firewall Rules

EdgeSwitch VLAN tagging

UniFi Network adding VLAN 30

Unifi Wireless Network adding VLAN 30

Client getting IP but no internet

LAN WiFi is perfectly working. I'm getting the IP range set by DHCP, but on VLAN30 Wiresless network, it's getting the IP range but no internet.

Grimson

Your using a VPN, probably setup by following some crap guide that tells you to switch outbound NAT to manual? If yes, check your outbound NAT rules and add one for your new VLAN.

sethelyon

Hi Grimson! I did setup VPN and followed a guide. :(

Anyway, I've put a screenshot on my outbound rules. Correct me if Im wrong but it is still set on auto right? If not, should I add my VLAN 30 on Mappings?

here's a screenshot.

Grimson

Show the actual outbound NAT rules then. Edit: also do some basic connectivity tests:
https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html#client-tests

sethelyon

Hi Grimson, apologies if Im doing some mistake here but is this what you're asking for?

Grimson

Outbound rules look OK. Although I'm wondering why 192.168.11.0/24 shows twice, are you using the same IP space for two different OpenVPN tunnels?

And the results of the connectivity test?

sethelyon

@grimson said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

Outbound rules look OK. Although I'm wondering why 192.168.11.0/24 shows twice, are you using the same IP space for two different OpenVPN tunnels?

And the results of the connectivity test?

Client (my iphone)

IP:192.168.30.10
Subnet mask: 255.255.255.0
Router/Gateway: 192.168.30.1
DNS: 192.168.30.1

I'm only using one OpenVPN tunnel right now. It could be that when I was following a guide, I double send some data and ignored it when it worked the 2nd time. Could retrace where the mess i left. :(

Connectivty test for client's ip address to LAN, VLAN30 and WAN.

Only VLAN30 has a reply when pinged.

Grimson

I linked you to the client tests, so test from a client on VLAN30.

sethelyon

@grimson said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

I linked you to the client tests, so test from a client on VLAN30.

My bad.

Connected my laptop on my wireless VLAN30 which provided me these credentials

IPv4 Address. . . . . . . . . . . : 192.168.30.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.30.1

Pinged my LAN IP, RTO
Pinged WAN IP, RTO
Pinged WAN Gateway, RTO
Pinged 8.8.8.8, RTO
and lastly pinged www.google.com, RTO.

I can only ping 192.168.30.1 which also redirects me to pfSense.
I appreciate the time and help you're doing Grimson. Thank you for the patience. :D

Grimson

Any floating rules? Any errors during the filter reload progress? Output of Diagnostics -> Routes?

sethelyon

@grimson said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

Any floating rules? Any errors during the filter reload progress? Output of Diagnostics -> Routes?

No floating rules. It's taking some time to load though.

stephenw10

Which ports on the switch are connected to what?

I expect to see two ports tagged with VLAN30 there. Packets are tagged to pfSense and tagged to the AP. I'm not really sure how DHCP is working there without that.

Steve

johnpoz

Why are you showing port 1 on your switch as T for vlan 1?

Why are things showing as grayed out on port 1?

Here is how it works.. Vlan 1 should be untagged since that is your management port for your AP right.. your LAN..

So pfsense -- 1U,30T -- switch -- 1U,30T -- AP

You would have 2 trunked ports here.. 1 that goes to pfsense, and another that goes to AP.. Per thread on unifi.. Might be old but setting trunked allows all vlans and vlan 1 would be untagged. etc

Grimson

@johnpoz said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

Why are you showing port 1 on your switch as T for vlan 1?

Why are things showing as grayed out on port 1?

He has set port 1 as a trunk port with native VLAN on ID 1, so that should be OK.

Port 8 has VLAN ID 1 as untagged and 30 as tagged, so as long as he has pfSense and the AP each on one of these two ports it should work.

Though I haven't worked much with Unifi switches, so I could be wrong there.

But as he can ping from his VLAN to pfSense and back, and can reach the WebUI from a client on that VLAN it looks good to me.

Sadly he hasn't really answered two of the three questions I asked him last.

johnpoz

Yeah but sure looks like it shows T on the vlan 1... And U for 30 on port 1.. Which sure wouldn't be right.. If that is where pfsense or AP is connected too.. We just had this discussion - not very normal to tag vlan 1.

Once you click trunked maybe doesn't matter - but its kind of BS info its giving you then.

Grimson

@johnpoz said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

Once you click trunked maybe doesn't matter - but its kind of BS info its giving you then.

Guess why I keep away from Unifi switches

sethelyon

@sethelyon said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

@grimson said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

Any floating rules? Any errors during the filter reload progress? Output of Diagnostics -> Routes?

No floating rules. It's taking some time to load though.

Port 1 is the trunk port and is grayed out so no matter what the letter stands for as long as it is on trunk port it doesnt matter. But beats the purpose of changing it. Very confusing.

@Grimson I appreciate the help sir. Here's the screenshot of Diagnostics > Route. I blacked out my public IP.

@johnpoz I though that putting Untagged on port 8 VLAN ID 1 and tagging VLAN ID 30 on port 8 should do the trick, it does. It gives the correct IP but no internet connection. Yeah, confusing about the grayed port when it is enabled as a trunk port. Changes are not valid if it is grayed. i tried doing it away (even the grayed tagging) still doesnt work.

Im so lost why it is not working. :(

I am so sorry for the late reply because I had to deal with some medical issues. I appreciate everyone for taking in the time for helping.

sethelyon

Here's some graph that happening now.

my iPhone is currently connect to VLAN 30 and has the right IP but no internet.
laptop is connected to LAN WIFI which is working as expected.

Created a new vlan with a different AP (old dlink ap) and it worked. But is it on a different vlan and untagging that port works.

So the issue may come to when I have 2 vlans on a single port (port 8). Which I dont know if the switch is to blame which gave the right IP.

johnpoz

So do your non vlan have internet? And its just the vlan that doesnt?

johnpoz

@sethelyon said in VLAN getting IP but no internet (pfSense, EdgeSwitch8XP, UniFi AC LR) with screenshots:

I can only ping 192.168.30.1 which also redirects me to pfSense.

What does this mean exactly - redirects you to pfsense?

Are you running proxy? Any other packages?