Help with DCHP and VLANS

  • Hello,

    First post here and I am a new pfsense user. I have spent all morning reading and searching and no joy. So here's the basics:

    NetGear SG-1100 to a UNFI 8 Port 60W Switch to a Unifi AC Pro AP.

    Running pfsense 2.4.4 (I tried updating it and it keeps failing)

    I have LAN set up with DCHP on /24

    I have 3 VLANS

    VLAN 20 IOT /24
    VLAN 40 Gaming /28
    VLAN 50 Guest /26

    I can ping the VLAN DHCP servers from the LAN. But when I connect to the VLAN via WIFI. My devices aren't getting an IP address. Not sure if this is a pfsense issue or a Unifi issue. (and yes I'm posting in both Forums).

  • You don't need to run /28 and /26 subnet masks on those two VLANs. You should change them to /24. Is there a reason that you didn't set to a /24 to begin with? If you're just trying to limit the amount of machines that are able to join that network, you could simply lower the DHCP range to a more comfortable number, say 20 addresses max.

    Also, to make VLANs work properly, you have to get your tagging correct on your switch ports. So, whatever network ports your "gaming" computers/consoles are connected to on the switch, you have to tag as VLAN 40. Whatever network ports your "guest" computers or wifi are connected to on the switch, you have to tag as VLAN 50. Then, on the switch port going back to the pfsense box, you have to add both tags.

    Do you know where to find the VLAN settings on the switch? I apologize, I don't run Unifi switches, so I can't help you there.

    With all that setup, it should then work properly. Did you setup any tags on the switch ports?


  • Thanks for replying,

    as to why I went with CIDR instead of just limitng the DHCP range? No real reason, feeling frisky I guess :).

    I have my VLANs tagged properly as per Unifi's instructions and the multiple youtube vidoes I've watched on the matter. According to all the documentation, this should be working. I'm strongly suspecting it's the switch that's being difficult. That or the VLAN tags aren't registering properly.

  • @sudburymatt You need to attach some screenshots then of your switch settings, and your firewall rules for these 2 VLANs on the pfsense box. You did make firewall rules on pfsense for the VLANs, right? That is required...


    Also, do you have your wifi setup correctly with the proper VLAN settings? What wifi do you have, unifi gear maybe?


  • Here are the screen shots of my configs....I'm really at a loss here. Everything I've read says that this should be working.
    2020-05-14 (5).png 2020-05-14 (4).png 2020-05-14 (3).png 2020-05-14 (2).png


    It's definately a DHCP issue. For some reason it's not issuing an IP address but will communicate that the gateway is available.

    2020-05-14 (6).png

  • Do you have the DHCP servers turned on for the VLAN interfaces?

    It's under Services -> DHCP Server. All of your active interfaces should be listed there. All you have to do is turn the DHCP servers on, specify a range (start and stop) of addresses, and it should all just work.


  • @akuma1x

    Thanks for replying. Yes, I have DHCP enabled. Which is why I’m so confused. DHCP is working just fine for the main LAN. It’s the VLANs that aren’t working.


    Problem solved. After more searching and endless reading, I found this post:

    turns out I had to tag the ports. All of the tutorials left this part out.


Log in to reply