2100 no WIFI but LAN

swemattias

After a few years using pfSense I thought it was time to support the devs, so I bougth a Netgate 2100.
I have configured it pretty much as my current VM pfSense is set up.
I hooked it up today and LAN gets DHCP and can use the internet, but WIFI client does not, I should say they are their seperate VLAN.
I do have DHCP servers on both networks.

What have I missed or even missconfigured?
Should I put my xml file here or how do we proceed?

akuma1x

Since you're using the 2100, and it has a built-in switch, you have to do some re-configuring to get your VLAN stuff working.

Here's the instructions:
Netgate SG-2100 Configuring the Switch Ports

Hope that helps!

stephenw10

Yup, coming from a standard device it's probably a switch/vlan config issue.

If the above link does not help please post screenshots of your wifi interface config and the VLAN and switch setup.

Steve

swemattias

@stephenw10 Been some research on my own and it is a missing or faulty switch config.
Found a great yt guide that Netgate made.
I will post images when I’m back on the computer.

swemattias

I see now that I havn't told you what I want to do.

So on my 2100 WAN in ofc...
On port 1 I want LAN and a VLAN.20.

Or like this, where Port 1 and 2 should be able to talk to each other.
Port 1 with tagged vlan.20 for home use, and Port 2 with untagged lan.
vlan.20 needs services on LAN.

stephenw10

Ok so you would need to set up the VLAN in Interfaces > Assihments > VLANs as valn 20 on mvneta1.
Then configure the switch to dot1q mode and add VLAN 20 with ports 1 and 5 tagged to trunk it between the internal port and port 1.

Steve

swemattias

@stephenw10 Awesome! Thank you!

But to be a hmpf... could you please check my image and how to build that? I thought that why not utilize more ports on the built-in switch?

This is what I am going to test.

Port 1, VLAN Group 1
Members: 1, 20t

Port 2, VLAN Group 2
Members: 1, 20t

Port 5
Members: 1, 20t

stephenw10

Sure you can trunk VLAN 20 to more ports if you have something connected to them that can use it.

Can you post screenshots of your setup? We can review it if it's not working as expected.

Steve

swemattias

@stephenw10 During the coming week I will install the SG 2100.
I have been configuring it and atm I have:
Port 1, VLAN20, 10.20.1.0/24
Port 2, LAN, 10.1.1.0/24

I have moved all network equipment that today is on the LAN, to use DHCP. Most of them will change to VLAN20. (Here I am thinking of using a Pool so they will have their "own" area of the IPs).

The big issue is my Dell server and all VMs and LXCs, two NICs are today for my pfSense VM. One is for the actual server LAN connection.
During last week I moved all VMs and LXCs to the third NIC/Bridge. I do think it will be an easy move for those the coming week.

The big issue I had during last weeks installment was that the networks was not able to reach internet due to that my internal DNS was placed on the non active pfSense LAN.
I made a mistake in the DHCP setup just to give the networks my internal DNS.

Now I taking it easy, really going through all my setup so nothing will go wrong when I install the SG2100 this week.

swemattias

So SG2100 installed and doing what it is supposed to do... but...
To get everything up and running I decided to ditch the 802.1q function and make the switch a dumb switch.
I need to rad up on the pfSense switch part more and how Unifi handles everything on a lower level. I learned today that Unifi requires a untagged mangament network. Oh well.

stephenw10

You can still pass untagged traffic through the switch at the same time as trunking VLANs.

swemattias

@stephenw10 I know but as I said that is not what I need to do atm. I will read up on it in the future. Thanks!