1 vlan over 2 switches
-
Hi all, any pointers to my problem?
Ok where to begin,
What I'm trying to do is have a single vlan say vlan10, subnet 192.168.2.0/24, which is used for wifi on both managed switches. So I can have say an access point upstairs and one downstairs with the same ssid and auto connect to them but still be on the same subnet.
Can successfully setup one vlan10 on one managed switch but cant seem to get the other one to work as in be on the same subnet.
My setup is as followed.
Pfsense -- switch A -- switch B
Switch A has port 1 and 8 for vlan10 with port 1 marked as T and connects to lan in pfsense and port 8 as U. 8 has been pivd with 10, all up and running.
Now what the hell do I do with switch B lol
-
You configure everything to pass that VLAN. That is pfSense, both switches and the AP. Also, you will likely want to configure a trunk ports on both switches. Depending on the switches and your requirements, you could configure the switches to pass that VLAN only to the required ports. I have no idea what "T" and "U" mean, as I don't know what switches you have.
To keep things simple, enable the VLAN on pfSense and AP, and just enable trunk ports on all the switch ports the VLAN passes through.
-
@JKnott said in 1 vlan over 2 switches:
have no idea what "T" and "U" mean, as I don't know what switches you have.
That would normally mean Tagged and Untagged ;)
Pretty much every switch ever would use T and U to represent that - hehehe
T - Tagged member
U - Untagged memberWhat else could they mean in context of vlans? ;)
-
Yep, I just find it frustrating when people provide little info about what they're doing and expect us to just know.
-
Very true - its like trying to be a dentist and all they give you to work with is a toothpick.
-
YMMD @johnpoz
My office workmates must think I'm browsing something like 9gag here and not the pfSense forum cause I laughed so hard.
-Rico
-
By office workmates, do you mean the dog and the wife and kids - or they saw you laughing via video conference? Pretty much every one is work from home these days that can do their job via computer ;)
Are you actually in an office? What part of the world? We just had a meeting yesterday and we are locked out of the office til atleast june.. Well they said atleast may, but looks like june from everything I am reading.
-
We have some Hardware/Server stuff to do here in the office, so some IT mates are around.
In Germany we are allowed to go to the workplace if the work can't be done from the homeoffice, of course we need to follow distance rules and so on.-Rico
-
Ah ok - yeah you have to do what you have to do...
-
Guessing by the replies you know I have netgear switches.
Made a pretty little picture of what I've done
So T is tagged and U is untagged
Not 100% its correct as sometimes I get ' cant get an ip ' on my phone when connecting from the downstairs ap to the upstairs ap. When I can connect tho then I am connected in the right subnet.
Both ap's are just old bt routers that I had lying around with dhcp turned off, both have the same ssid and password.
Any other info you need then just ask.
Many thanks
-
No not sure what you have - is best if you spell out exact make and models of your devices. What AP for example? Do they support vlans even.. If you have a tplink one it prob doesn't do it right for example and leaks info between because they don't allow removal of vlan 1, etc. etc..
While that looks correct for vlan 2, what about other vlans how are they marked on the port.. For example if you also have vlan 1 Untagged on your AP ports... You got a real problem.
You need to show us the setup for all the vlans your trying to do. Do you only want specific vlan on your AP, or do you want to run multiple vlans based on SSID to them, etc.
-
@michael178212 said in 1 vlan over 2 switches:
Guessing by the replies you know I have netgear switches.
You guessed wrong. I had no idea what hardware you have
-
aps dont support vlans but both switches do. Just trying to extend wifi coverage and have both aps in the same subnet so get the same ip which ever ap I connect to.
Upstairs switch is a netgear GS308E
Downstairs is a netgear GS108Ev3
Both aps are just bt homehub routers with dhcp turned off.Both support vlans.
Only other vlan that I got is a vlan for unraid as I found it was easier to stick it on a seperate subnet with me the only person that can access it.
Ports 1 are tagged and used as trunk between both switches
Port 2 is tagged and goes into pfsense
Port 7 is to unraid
Ports 8 are to the apsHope this helps
-
@michael178212 said in 1 vlan over 2 switches:
Ports 8 are to the aps
And the only vlan you have on those ports is the vlan 2.. You have to remove any other Untagged vlans from those ports if you want your AP to just be vlan 2
-
@michael178212 said in 1 vlan over 2 switches:
aps dont support vlans
Real APs do. However, in your case, you'll need to configure an access port on the switch, configured for the appropriate VLAN, which you will connect your "AP" to. You will not be able to support multiple SSIDs.
Configuring an AP for multiple SSIDs is quite common. For example, many businesses have SSIDs for employees and guests. The employee SSID connects to the company network, but guests can only connect to the Internet.
-
Yeah I run 4 SSIDs on my APs, all in different vlans.. 1 untagged, and 3 tagged.
-
@johnpoz said in 1 vlan over 2 switches:
And the only vlan you have on those ports is the vlan 2.
I haven't tried it, but I'd expect any AP that doesn't support VLANs to just pass the tagged frames, which some devices could then be configured to use. This is no different than passing VLANs through a dumb switch. However, the proper way is to use an AP that supports VLANs and multiple SSIDs (avoid TP-Link).
-
So basically all I was trying to do was to have a single port on both switches dedicated to vlan2 and then give vlan2 internet access, So no matter what I plugged into either one of those dedicated ports i would have a subnet of 10.10.10.0/24 and have internet access
So my thinking was if I can do that then surely I can then use 2 old bt homehub routers with their dhcp turned off and use their wifi signal to connect to and be on subnet of 10.10.10.0/24 as long as both ssids and passwords are the same.
But if i need a ap that can handle vlans then I best get looking haha
-
No you don't need an AP that supports vlans.. To do what your wanting to do. If all the devices connecting to the wifi of this AP are going to be in 1 vlan, ie vlan 2.. They can be dumb as rocks and will work.
You are connecting them to this port via one of their lan ports right, not a wan port of the AP.. Using an old wifi router as just an accesspoint (that doesn't specifically support AP mode) means you turn off its dhcp server, give it an IP on the network your going to connect to, and then connect it to said network via one of its lan ports.
-
@michael178212 said in 1 vlan over 2 switches:
But if i need a ap that can handle vlans then I best get looking haha
As I mentioned, should you go that route, avoid TP-Link. Some of their gear doesn't work properly with VLANs. This applies to both APs and managed switches.
-
Thanks guys, got it all well sort of working now.
Both switches that I've assigned a port to vlan2 work so what gets plug into it is on vlan2 and has the subnet 10.10.10.1/24 which is what I wanted. Only problem I have which I find a tad weird is if i connect to the wifi ap downstairs first then I connect, if I walk upstairs then my phone connects to the wifi ap upstairs as i was hoping for and works but the weird part is if I'm upstairs and disconnect my phone from the wifi and then reconnect then I can't connect and dont get assigned an ip but If I go downstairs I can connect
As the vlan side of it is working the I'm Putting it down to the fact I'm using bt routers as aps and not proper aps.
-
Did you change the PVID of the ports that you moved to new vlan... You would hope the switch would auto do that, but you might have to change do it by hand... Make sure whatever vlan you put a port in that is untagged, that you change the pvid of that port to the vlan you assign untagged.
-
Downstairs switch
port 1 is tagged ( trunk between both switchs )
Port 2 is tagged and goes to pfsense.
Port 8 is untagged, goes to the wifi
All other ports are left untaggedUpstairs switch
Port 1 is tagged ( trunk )
Port 8 is untagged and goes to wifi
Port 7 is untagged and is for unraid
All other ports are left untaggedOnly ports that have a pvid are ports 8 on both switch which have are pvid 2 and port 7 of the upstairs switch which has a pvid of 20
If this helps
Downstairs switch
Port 1 - 2 - 8 are in vlan2. Ports 1 and 2 are tagged, port 8 untagged and has pvid2
Ports 1 and 2 are tagged and are in vlan20
Upstairs switch
Ports 1 and 8 are in vlan2 port 1 tagged and 8 untagged with 8 having pvid2
Ports 1 and 7 are in vlan20 with port 1 being tagged and 7 untagged and has pvid20
-
@michael178212 said in 1 vlan over 2 switches:
if I'm upstairs and disconnect my phone from the wifi and then reconnect then I can't connect and dont get assigned an ip
When you say can't connect - you mean you can not auth and connect to the wifi, or you actually connect to the wifi but just don't get an IP and end up with 169.254.x.x as your IP?
If you can not actually auth and associate to the wifi, then no you wouldn't get an IP.
-
My phones tries to connect as it says connecting but just dosnt connect both passwords are the same and ssids along with same WPA encryption. After a few attempts it gives me a 'cant get ip' message and ask me to reboot router.
Would this work.
Make another vlan Id from the downstairs switch. Connect another ethernet cable from the wifi router to the switch and then just trunk my up to the other wifi router upstairs?
So it'll go like this
Downstairs switch
Vlan2 ports 2 and 8, 2 being tagged and going into pfsense and 8 being untagged and going into wifi router with pvid2 ( as that's setup in pfsense )
Make a new vlan so let's call this one vlan50
Vlan50 has ports 7 and 1. 1 being trunk and tagged and 7 being tagged and goes into a spare port of the wifi routerUpstairs switch
Make a new vlan, vlan50
Ports 1 and 8 in vlan50 with 1 be tagged ( trunk ) and 8 being untagged and going into wifi router ?
Didnt think itll be this hard
-
Or am I just over complicating things and the actual setup of the vlans are correct and it can just be somthing to do with the wifi routers
-
@michael178212 said in 1 vlan over 2 switches:
gives me a 'cant get ip' message and ask me to reboot router.
When you do that look on pfsense - do you see a discover for IP or request... Pfsense can not hand out an IP if doesn't see the discover or request...
-
In system logs under dhcp I'm getting dhcp requests and dhcpacks but have had a few of this messages
uid lease 10.10.10.103 for client a8:db:03:e4:a9:5a is duplicate on 10.10.10.0/24
Am I right in thinking that this is basically saying. You cant give that mac address ( my phones mac address ) that ip as it already has an ip ( static 10.10.10.10) ? If so then this would stop the ip from being released wont it or am I completely wrong lol?
-
Now I'm home, I've looked at the logs again and I do have some dhcp discoverys, offers, requests and acks but still have that duplicate message. So what I ll try is disconnect the downstairs wifi router and see what the logs say.
-
@michael178212 said in 1 vlan over 2 switches:
a8:db:03:e4:a9:5a
Who owns this mac - what device is it? Look up shows its a Samsung device
https://hwaddress.com/oui-iab/A8-DB-03/ -
Sorry yeah it's a samsung phone.. just tried how I said I would and with just one ( upstairs wifi router ) connected, my phone will connect to the wifi and on the right subnet but without internet. Tried changing dns, that didnt work so not a dns issue.
