Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PFSense 2.0.1 + HP Switch 2626 + Meraki MR12 (VLAN)

    Installation and Upgrades
    2
    4
    4389
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      krisken last edited by

      Dear,

      I want to connect a Meraki MR12 access point to my pfsense 2.0.1 router using my HP Procurve 2626 switch.

      I've set up 3 SSID's on the Meraki AP, each with another vlan and another subnet:

      • private wifi - VLAN 1001 - 10.101.0.0/24
      • public wifi - VLAN 1002 - 10.102.0.0/24
      • trusted wifi - VLAN 1003 - 10.103.0.0/24

      I've set up everything but when i connect to the meraki MR12 device, i don't get an IP address (but DHCP is running, when i do connect using a ethernet cable, i get a 10.0.0.0/24 IP, and that's correct).

      Could someone take a look at the screenshots and tell me what i do wrong?  It's my second time that i have to work with vlans, so it's really possible that i've made a mistake…

      On the HP procurve 2626, there are 4 wired connections:
      port 1 = VDSL Modem
      port 24 = Meraki
      port 25 = unmanaged gigabit switch
      port 26 = pfsense

      Screenshots
      1. Meraki
      Overview : http://kris.derocker.name/pfsense/merakivlans/meraki.jpg

      2. HP Procurve 2626
      Status : http://kris.derocker.name/pfsense/merakivlans/hp2626-status.jpg
      Vlans : http://kris.derocker.name/pfsense/merakivlans/hp2626-vlan01.jpg
      Vlans : http://kris.derocker.name/pfsense/merakivlans/hp2626-vlan02.jpg

      3. PFSense
      Dashboard : http://kris.derocker.name/pfsense/merakivlans/pfsense-dashboard.jpg
      Assign networkports : http://kris.derocker.name/pfsense/merakivlans/pfsense-assignnetworkports.jpg
      Assign interfaces vlan : http://kris.derocker.name/pfsense/merakivlans/pfsense-assigninterfacesvlan.jpg

      Pfsense wifi private
      DHCP server : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifiprivate-dhcpserver.jpg
      Firewall rules : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifiprivate-fwrules.jpg
      Interface : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifiprivate-interface.jpg

      Pfsense wifi public
      DHCP server : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifipublic-dhcpserver.jpg
      Firewall rules : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifipublic-fwrules.jpg
      Interface : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifipublic-interface.jpg

      Pfsense wifi trusted
      DHCP server : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifitrusted-dhcpserver.jpg
      Firewall rules : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifitrusted-fwrules.jpg
      Interface : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifitrusted-interface.jpg

      1 Reply Last reply Reply Quote 0
      • D
        dreamslacker last edited by

        If I read the Meraki Manual correctly, Meraki APs need to have internet access.  Hence, your Meraki device must have it's own IP on the port it is connected to and it must be able to obtain an IP address and access the internet accordingly.

        The Meraki does not support VLAN tagging on it's own 'WAN' port for obtaining an IP.
        You need to set the switch to automatically tag the Meraki's packets (which are untagged) upon entering the switch, thus it will be forwarded to the LAN segment on pfSense.

        Hence, you should set Port 24 on the switch to be Untagged on VLAN 10.  This allows the Meraki to obtain an IP address on pfSense LAN and gain internet access.

        The very fact that a computer with VLAN tagging set on it's NIC can obtain an IP shows that the fault does not lie with pfSense or the switch configuration but it is something specific to the Meraki device.

        To be sure of this, try the following:

        Have a computer connected to Port 24.  Set the NIC so that you have 3 virtual interfaces with VLANs 1001, 1002 & 1003.
        The 3 virtual interfaces should each obtain a unique IP automatically thus proving that DHCP and VLANs are working on pfSense and also that VLAN trunking is correctly configured on the Procurve.
        Furthermore, if VLAN 10 is set to be untagged on Port 24, the non-virtual adapter (you might need to configure a virtual adapter with VLAN 1 to enable the untagged interface) on the PC should also obtain an IP in the LAN subnet of pfSense as well.  This will help verify that the switch is correct tagging untagged packets on ingress for Port 24.

        1 Reply Last reply Reply Quote 0
        • K
          krisken last edited by

          I think that the setup of the Meraki MR12 is correct.  I can see my public IP address (and the internal one) in the Meraki Cloud Controller : http://kris.derocker.name/pfsense/merakivlans/meraki-config.jpg.

          So when i make changes to the config, they will reach the Meraki MR12.

          1 Reply Last reply Reply Quote 0
          • K
            krisken last edited by

            Update:

            Today i've got an IP from VLAN1002 (public wifi) from the PFSense router : 10.102.0.100.
            Screenshot:http://kris.derocker.name/pfsense/merakivlans/pfsense-dhcpoffervlan1002.jpg
            But : no IP on the other SSID's and no internet activity…

            1 Reply Last reply Reply Quote 0
            • First post
              Last post