Not getting proper DHCP IP based on VLAN
-
Netgear WAX620 with SSID on VLAN40 gets VLAN1 IPs. Clearly I messed up something in the configs in spite of me attempting to fix over the last 3 days.....please correct me.
AP -> Bottom switch -> Top switch ->pfSense
All connections have VLAN40 tagged and I think I have configured pfSense properly but again I know I've missed something. Any help would be greatly appreciated.Overall connectivity
Top Switch config
Bottom Switch config
Packet capture from WAX620
Request
Offer
pfSense configuration
-
SOLVED
No where have i seen i needed to tag both ports 1 and 5 but that's what it took to issue IPs on VLAN40. Ignore the others, i have not fixed them yet.
-
@squarej Well if VLAN 40 is tagged on the recipient devices... then you need it tagged on 1.
All VLANs must be tagged on port 5 on your 2100 to get access from the pfSense.
Additionally much of you internet traffic is UDP -- you only pass TCP you will be keeping things like video and VOIP from working reliably.
VLAN30 will not connect to the pfSense as it is not TAGGED on port 5. Neither will VLAN 20.
As for the instructions... it's right there on step 19:
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html
-
R rcoleman-netgate moved this topic from L2/Switching/VLANs on
-
Funny, we must have been typing at the same time.
Thank you for the link. I had found mention of needing to add 5 tagged but what's weird is I haven't seen anything that says I need to also add 1 tagged. I tried all variations: 1, 1t, 5, 5t, 1 & 5, 1t & 5, 1 & 5t and the only one that works is 1t & 5t.
Perhaps its due to a less than optimally configured switch in the mix.
Thanks for pointing out the firewall rule * other tagging issues, all have been updated once I started to get the proper IPs and life is good.
Thank you
-
@squarej said in Not getting proper DHCP IP based on VLAN:
I haven't seen anything that says I need to also add 1 tagged
That's in your end device... a switch or AP if it is on a VLAN it has to be tagged on it's landing spot. You won't find that in our Docs, that's 1000% independent of pfSense.
-
@squarej why would you be trying to tag vlan 1?
Vlan 1 is a switches default vlan that native and untagged. If you want a vlan tagged for some use - then use a different vlan ID other than 1..
-
@johnpoz said in Not getting proper DHCP IP based on VLAN:
why would you be trying to tag vlan 1?
They were tagging switchport 1 as a VLAN (in this case VLAN 10).
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
@rcoleman-netgate said in Not getting proper DHCP IP based on VLAN:
They were tagging switchport 1 as a VLAN (in this case VLAN 10).
No that is not what they show.
They also show tagged vlan 1, with a PVID as 1..
Tagging vlan 1 is going to be problematic - you shouldn't be tagging vlan 1, this is switches default untagged/native vlan ID.. If your tagging it - your doing it wrong ;)
-
@johnpoz ahh well, that. OK. I was looking at the one that was only port 1 and 5... ¯_(ツ)_/¯
-
VLAN1 untagged on every port would be fine. What's definietly not fine is having more than one VLAN untagged on any port such as VLAN20 is there.
