Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    trouble with multiple VLANs on TP-Link sg108E easy smart switch; Ubiquiti UAP-AC-Pro and Pfsense

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    3 Posts 3 Posters 699 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      detox
      last edited by

      I do not know if this is the right place for this question. So here is goes........
      My Pfsense box is configured on LAN with: (these are not actual IP's)
      primary network 192.168.1.1/24 for dept A staff in building
      VLAN10 (192.168.2.1/24) for dept B staff in building
      VLAN20 (192.138.3.1/24 for Dept A Guests
      VLAN30 (192.168.4.1/24 for Dept B Guests
      PfSense has all firewall rules set correctly for access to web

      I have 8 port sg108E TP-Link switch configured:

      port 1 = uplink to Pfsense (VLAN1) untagged
      port 2 = VLAN1 untagged (native for primary net)
      port 3 = VLAN1 untagged (native for primary net)
      port 4 = VLAN1 untagged (native for primary net)

      VLAN10
      port 1 = uplink to Pfsense (VLAN1) tagged
      port 5 = VLAN10 tagged (has unifi AP)
      port 6 = VLAN10 untagged
      port 7 = VLAN10 untagged
      port 8 = VLAN10 untagged

      Unifi AP has 4 wireless networks:
      dept a staff no VLAN
      dept b staff VLAN10
      dept a guest VLAN20
      dept b guest VLAN30

      The AP works fine for dept a staff (no vlan)
      dept b staff (vlan10)

      But, I cannot get connection for the two guest VLANS

      What am I missing?

      Thanks for any hints

      JKnottJ 1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You don't show that you are also tagging VLANs 20 and 30 on ports 1 and 5.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott @detox
          last edited by

          @detox

          If I'm reading your description right, you've got only VLAN 10 going to the AP. You need a trunk port that carries all VLANs. Also, I don't see how you could get staff to work on the AP, as you don't seem to have a connection for the native LAN to the AP.

          BTW, some TP-Link switches have problems with VLANs and I believe the fault may allow the native LAN to get through where it's not supposed to. This may be how the staff LAN is getting through.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.