1 vlan over 2 switches

michael178212

Hi all, any pointers to my problem?

Ok where to begin,

What I'm trying to do is have a single vlan say vlan10, subnet 192.168.2.0/24, which is used for wifi on both managed switches. So I can have say an access point upstairs and one downstairs with the same ssid and auto connect to them but still be on the same subnet.

Can successfully setup one vlan10 on one managed switch but cant seem to get the other one to work as in be on the same subnet.

My setup is as followed.

Pfsense -- switch A -- switch B

Switch A has port 1 and 8 for vlan10 with port 1 marked as T and connects to lan in pfsense and port 8 as U. 8 has been pivd with 10, all up and running.

Now what the hell do I do with switch B lol

JKnott

@michael178212

You configure everything to pass that VLAN. That is pfSense, both switches and the AP. Also, you will likely want to configure a trunk ports on both switches. Depending on the switches and your requirements, you could configure the switches to pass that VLAN only to the required ports. I have no idea what "T" and "U" mean, as I don't know what switches you have.

To keep things simple, enable the VLAN on pfSense and AP, and just enable trunk ports on all the switch ports the VLAN passes through.

johnpoz

@JKnott said in 1 vlan over 2 switches:

have no idea what "T" and "U" mean, as I don't know what switches you have.

That would normally mean Tagged and Untagged ;)

Pretty much every switch ever would use T and U to represent that - hehehe
T - Tagged member
U - Untagged member

What else could they mean in context of vlans? ;)

JKnott

@johnpoz

Yep, I just find it frustrating when people provide little info about what they're doing and expect us to just know.

johnpoz

Very true - its like trying to be a dentist and all they give you to work with is a toothpick.

Rico

YMMD @johnpoz
My office workmates must think I'm browsing something like 9gag here and not the pfSense forum cause I laughed so hard.

-Rico

johnpoz

By office workmates, do you mean the dog and the wife and kids - or they saw you laughing via video conference? Pretty much every one is work from home these days that can do their job via computer ;)

Are you actually in an office? What part of the world? We just had a meeting yesterday and we are locked out of the office til atleast june.. Well they said atleast may, but looks like june from everything I am reading.

Rico

We have some Hardware/Server stuff to do here in the office, so some IT mates are around.
In Germany we are allowed to go to the workplace if the work can't be done from the homeoffice, of course we need to follow distance rules and so on.

-Rico

johnpoz

Ah ok - yeah you have to do what you have to do...

michael178212

Guessing by the replies you know I have netgear switches.

Made a pretty little picture of what I've done

So T is tagged and U is untagged

Not 100% its correct as sometimes I get ' cant get an ip ' on my phone when connecting from the downstairs ap to the upstairs ap. When I can connect tho then I am connected in the right subnet.

Both ap's are just old bt routers that I had lying around with dhcp turned off, both have the same ssid and password.

Any other info you need then just ask.

Many thanks

johnpoz

No not sure what you have - is best if you spell out exact make and models of your devices. What AP for example? Do they support vlans even.. If you have a tplink one it prob doesn't do it right for example and leaks info between because they don't allow removal of vlan 1, etc. etc..

While that looks correct for vlan 2, what about other vlans how are they marked on the port.. For example if you also have vlan 1 Untagged on your AP ports... You got a real problem.

You need to show us the setup for all the vlans your trying to do. Do you only want specific vlan on your AP, or do you want to run multiple vlans based on SSID to them, etc.

JKnott

@michael178212 said in 1 vlan over 2 switches:

Guessing by the replies you know I have netgear switches.

You guessed wrong. I had no idea what hardware you have

michael178212

aps dont support vlans but both switches do. Just trying to extend wifi coverage and have both aps in the same subnet so get the same ip which ever ap I connect to.

Upstairs switch is a netgear GS308E
Downstairs is a netgear GS108Ev3
Both aps are just bt homehub routers with dhcp turned off.

Both support vlans.

Only other vlan that I got is a vlan for unraid as I found it was easier to stick it on a seperate subnet with me the only person that can access it.

Ports 1 are tagged and used as trunk between both switches
Port 2 is tagged and goes into pfsense
Port 7 is to unraid
Ports 8 are to the aps

Hope this helps

johnpoz

@michael178212 said in 1 vlan over 2 switches:

Ports 8 are to the aps

And the only vlan you have on those ports is the vlan 2.. You have to remove any other Untagged vlans from those ports if you want your AP to just be vlan 2

JKnott

@michael178212 said in 1 vlan over 2 switches:

aps dont support vlans

Real APs do. However, in your case, you'll need to configure an access port on the switch, configured for the appropriate VLAN, which you will connect your "AP" to. You will not be able to support multiple SSIDs.

Configuring an AP for multiple SSIDs is quite common. For example, many businesses have SSIDs for employees and guests. The employee SSID connects to the company network, but guests can only connect to the Internet.

johnpoz

Yeah I run 4 SSIDs on my APs, all in different vlans.. 1 untagged, and 3 tagged.

JKnott

@johnpoz said in 1 vlan over 2 switches:

And the only vlan you have on those ports is the vlan 2.

I haven't tried it, but I'd expect any AP that doesn't support VLANs to just pass the tagged frames, which some devices could then be configured to use. This is no different than passing VLANs through a dumb switch. However, the proper way is to use an AP that supports VLANs and multiple SSIDs (avoid TP-Link).

michael178212

So basically all I was trying to do was to have a single port on both switches dedicated to vlan2 and then give vlan2 internet access, So no matter what I plugged into either one of those dedicated ports i would have a subnet of 10.10.10.0/24 and have internet access

So my thinking was if I can do that then surely I can then use 2 old bt homehub routers with their dhcp turned off and use their wifi signal to connect to and be on subnet of 10.10.10.0/24 as long as both ssids and passwords are the same.

But if i need a ap that can handle vlans then I best get looking haha

johnpoz

No you don't need an AP that supports vlans.. To do what your wanting to do. If all the devices connecting to the wifi of this AP are going to be in 1 vlan, ie vlan 2.. They can be dumb as rocks and will work.

You are connecting them to this port via one of their lan ports right, not a wan port of the AP.. Using an old wifi router as just an accesspoint (that doesn't specifically support AP mode) means you turn off its dhcp server, give it an IP on the network your going to connect to, and then connect it to said network via one of its lan ports.

JKnott

@michael178212 said in 1 vlan over 2 switches:

But if i need a ap that can handle vlans then I best get looking haha

As I mentioned, should you go that route, avoid TP-Link. Some of their gear doesn't work properly with VLANs. This applies to both APs and managed switches.