VLAN Not working / No Internet
-
For whatever reason this VLAN I created is not behaving as it should.
I cannot access the internet, I cannot ping any devices.
What am I missing?
-
@uberlousanis When you post screenshots, include the header. No way to be sure what interface that rule is actually on.
Did you put it on the vlan interface?You just posted your dhcp image as I was typing. You included the header there. Do the same for firewall rules in the future.
Try going back to ISC dhcp. A lot of issues with KEA. -
@uberlousanis yeah - headers are very helpful in firewall rules so know what interface they are on. But not seeing any hits on that any any rule you posted see the 0/0 in states.. So maybe its on the wrong interface?
Or maybe your tag setup on your switching interfaces are not right.. Does the client get an IP from that dhcp pool?
-
I reuploaded the screengrabs with headers.
I believe all the rules are in the correct interfaces. As of now there is only one device on that VLAN and it has a static IP outside of the DHCP pool.
Regarding the DHCP, I switched from ISC because of the EOL messages I was getting, I'll have to look into that further.
-
@uberlousanis And can that device ping anything?
Start at the pfSense interface, then anything on the internet.
You should set it to dhcp to test with, just to confirm it's connected correctly.
You might have a switch problem and getting a dhcp lease would prove that easily. -
@Jarhead DHCP is not working for the VLAN, below are screengrabs of my switch config for the VLAN.
I have this similar configurations working perfectly at other sites. The Controller device is configured to use VLAN 100 on it's NIC.
-
@uberlousanis Unify.... ugh.
Do you want it to be tagged?? Why not just do it the correct way and untag the port it's connected to?
Which port is the "trunk"? It should be the only port with vlan 1 untagged and vlan 100 tagged. Then you would set any port you want the vlan 100 on with the PVID to 100 and untagged with 100.
Tagging every port with a vlan should work but you're asking for trouble.
Trunk ports will be tagged, access ports untagged.You should also consider getting away from vlan 1 all together. You can use any vlan id you want. Example, I use 442 for my LAN after my car, Oldsmobile 442.
-
@Jarhead UniFi trunks all ports by default. Or so their documentation says. I went ahead and untagged the port and excluded VLAN 1 and DHCP still doesn't work, but I can ping the other device on this subnet when using a static IP. I wanted the ports tagged so that we don't need to track which port the device is conected to. Progress is being made, but I still don't see why it's not working like on other sites where I have a similar configuration.
-
@uberlousanis You untagged the port, did you also take the vlan off the devices nic?
-
@uberlousanis Yes, so far it's working with static IPs.
