PfSense no DHCP on VLANs for UniFi WiFi controller
-
You have to tag the VLANs on Port 5 the Uplink Switch to CPU:
-
You don't actually have to assign the VLANs in the switch. If it's in port mode it will just pass all tagged or untagged traffic to every port. However that's an unusual setup.
Are you seeing any traffic on any of those VLANs?
-
Don't see any traffic on them. I figured that leaving it in Port Mode would work fine and skip the step of tagging. I just want all the traffic to appear on the LAN ports. Better to use 802.1q mode for some reason?
-
It should work both ways but using .1q mode and tagging at the switch is far more tested. Almost everyone uses that.
Do you see any tagged traffic if you run a pcap on LAN?
-
Maybe I'm missing something obvious. Still no joy:
-
That should work. VLAN 11 should be available on port 1. But it should also have worked in port vlan mode so perhaps something is misconfigured at the client?
-
It's something... When I tag a port on the downstream switch with that VLAN (11) and connect a PC, it doesn't get an address. (169. etc.) There's not much to screw up in the controller WRT setting up networks.
-
@Happydog You can't tag a port and have a system see the network -- if you are plugging into a switch port you need that VLAN untagged.
-
right. In any case, made it a simple test setup. Just a switch and an AP and a PC on the LAN1 port. Looks like setups I have on 1100s except the WAN interface is separate (mvneta0) on the 2100 and they work fine. On the 6100s The VLANs are just assigned to a physical port. Setting a port profile to a VLAN in Unifi gives that VLAN IP address to the connected device. Can't see much else to screw it up.
-
So how exactly are you testing?
I assume untagged clients work on the LAN directly?
-
Testing on a WiFi network (shows the client connected but no IP address) and a PC connected to a port with a VLAN profile. Same thing. Has to be something simple. The LAN works properly on both.
-
@Happydog It doesn't appear to be a pfSense issue.
-
@Happydog is there a UniFi router in their config? Iāve seen it where the network there is set to use a UniFi router which wasnāt connected yet as the old router was still in place.
-
No. Netgate 2100, UniFi PoE8 switch, UniFi AP and a PC (used to access the 2100; I bundle one with each Netgate). The problem must be somewhere in the Netgate setup. But there isn't much there in this basic config. DHCP Server is OK.
-
-
@Happydog Again - I don't see anything wrong with your 2100's configuration. It has to be on the Unifi.
-
Feel the same. Pretty simple setup and I've done a few. What are the settings in Pfsense to configure one of the LAN ports as a particular VLAN only? Just so I get it right.
-
@Happydog to isolate a port: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html
-
Just a thought ....
Did you try to disable DHCP snooping on the unifi.
I can't really decide if the below is for a switch or if it's also in the AP.
Maybe try it .....From:
https://evanmccann.net/blog/2021/11/unifi-advanced-wi-fi-settings
-
Testing by connecting to a WiFi network on a VLAN network. That shows the client connecting but no IP address. Also connected a PC to a tagged port. Again no IP address.
