PFSense 2.0.1 + HP Switch 2626 + Meraki MR12 (VLAN)
-
Dear,
I want to connect a Meraki MR12 access point to my pfsense 2.0.1 router using my HP Procurve 2626 switch.
I've set up 3 SSID's on the Meraki AP, each with another vlan and another subnet:
- private wifi - VLAN 1001 - 10.101.0.0/24
- public wifi - VLAN 1002 - 10.102.0.0/24
- trusted wifi - VLAN 1003 - 10.103.0.0/24
I've set up everything but when i connect to the meraki MR12 device, i don't get an IP address (but DHCP is running, when i do connect using a ethernet cable, i get a 10.0.0.0/24 IP, and that's correct).
Could someone take a look at the screenshots and tell me what i do wrong? It's my second time that i have to work with vlans, so it's really possible that i've made a mistake…
On the HP procurve 2626, there are 4 wired connections:
port 1 = VDSL Modem
port 24 = Meraki
port 25 = unmanaged gigabit switch
port 26 = pfsenseScreenshots
1. Meraki
Overview : http://kris.derocker.name/pfsense/merakivlans/meraki.jpg2. HP Procurve 2626
Status : http://kris.derocker.name/pfsense/merakivlans/hp2626-status.jpg
Vlans : http://kris.derocker.name/pfsense/merakivlans/hp2626-vlan01.jpg
Vlans : http://kris.derocker.name/pfsense/merakivlans/hp2626-vlan02.jpg3. PFSense
Dashboard : http://kris.derocker.name/pfsense/merakivlans/pfsense-dashboard.jpg
Assign networkports : http://kris.derocker.name/pfsense/merakivlans/pfsense-assignnetworkports.jpg
Assign interfaces vlan : http://kris.derocker.name/pfsense/merakivlans/pfsense-assigninterfacesvlan.jpgPfsense wifi private
DHCP server : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifiprivate-dhcpserver.jpg
Firewall rules : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifiprivate-fwrules.jpg
Interface : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifiprivate-interface.jpgPfsense wifi public
DHCP server : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifipublic-dhcpserver.jpg
Firewall rules : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifipublic-fwrules.jpg
Interface : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifipublic-interface.jpgPfsense wifi trusted
DHCP server : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifitrusted-dhcpserver.jpg
Firewall rules : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifitrusted-fwrules.jpg
Interface : http://kris.derocker.name/pfsense/merakivlans/pfsense-wifitrusted-interface.jpg -
If I read the Meraki Manual correctly, Meraki APs need to have internet access. Hence, your Meraki device must have it's own IP on the port it is connected to and it must be able to obtain an IP address and access the internet accordingly.
The Meraki does not support VLAN tagging on it's own 'WAN' port for obtaining an IP.
You need to set the switch to automatically tag the Meraki's packets (which are untagged) upon entering the switch, thus it will be forwarded to the LAN segment on pfSense.Hence, you should set Port 24 on the switch to be Untagged on VLAN 10. This allows the Meraki to obtain an IP address on pfSense LAN and gain internet access.
The very fact that a computer with VLAN tagging set on it's NIC can obtain an IP shows that the fault does not lie with pfSense or the switch configuration but it is something specific to the Meraki device.
To be sure of this, try the following:
Have a computer connected to Port 24. Set the NIC so that you have 3 virtual interfaces with VLANs 1001, 1002 & 1003.
The 3 virtual interfaces should each obtain a unique IP automatically thus proving that DHCP and VLANs are working on pfSense and also that VLAN trunking is correctly configured on the Procurve.
Furthermore, if VLAN 10 is set to be untagged on Port 24, the non-virtual adapter (you might need to configure a virtual adapter with VLAN 1 to enable the untagged interface) on the PC should also obtain an IP in the LAN subnet of pfSense as well. This will help verify that the switch is correct tagging untagged packets on ingress for Port 24. -
I think that the setup of the Meraki MR12 is correct. I can see my public IP address (and the internal one) in the Meraki Cloud Controller : http://kris.derocker.name/pfsense/merakivlans/meraki-config.jpg.
So when i make changes to the config, they will reach the Meraki MR12.
-
Update:
Today i've got an IP from VLAN1002 (public wifi) from the PFSense router : 10.102.0.100.
Screenshot:http://kris.derocker.name/pfsense/merakivlans/pfsense-dhcpoffervlan1002.jpg
But : no IP on the other SSID's and no internet activity…