DHCP on VLAN
-
I have a fairly complicated setup:
Multi-WAN doing a load balancing in pfSense
5 Vlans setup on one interface and 1 DMZ setup on another interface
Vlan 1 being used for Management w/o DHCP Server
Vlan 24 for intranet Wifi w DHCP Server
Vlan 30 for intranet w/o DHCP Server
Vlan 50 for Public Wifi w DHCP Server
Vlan 100 for Ubiquiti ToughSwitch and APs, w DHCP Server
Now, the Vlan goes to a Cisco SG500X switch in port 1, trunk mode, Vlan 1UP, 24T, 30T, 50T, 100T
port 35, trunk mode, Vlan 1T, 24T, 30T, 50T, 100UP, goes to Ubiquti ToughSwitch
In Ubiquiti ToughSwitch, Vlan 1, 24, 30, 50 all tagged and 100 untagged
ToughSwitch goes to UAPs with Vlan 24, 30, 50Now, my problem is, I'm not able to ping any of the APs
I'm not able to SSH to any of the APs
It's like being isolatedIn my firewall settings, I allowed all traffics but still no luck
Can anyone give me some lights here please? -
I'm not able to get an IP from DHCP server if I set a port in 100UP access
-
port 35, trunk mode, Vlan 1T, 24T, 30T, 50T, 100UP, goes to Ubiquti ToughSwitch
In Ubiquiti ToughSwitch, Vlan 1, 24, 30, 50 all tagged and 100 untaggedPretty sure you can't tag VLAN ID 1. (My Brocade ICXs won't even take tagged/untagged port commands on VLAN 1).
Do yourself a favor and just create another VLAN ID and use it in place of VLAN 1 and tag all your traffic. Forget VLAN ID 1 exists. Don't use it. If you have specific devices that require management on untagged and tag SSIDs, use the switchport to do that, but not on VLAN ID 1.
-
But even if I set a port in cisco as access and just V100, it is not able to get IP from pf
-
Then things are not how you think they are.
If you have a pfSense interface assigned to eth0_vlan100 with DHCP enabled going to a switchport configured for tagged trafic on VLAN 100, devices connected to switchports configured for untagged vlan 100 will get DHCP.
-
Do I need to setup DHCP relay or DHCP server in cisco switch?
Thanks -
Not if it's on the same layer 2 segment as the interface running the DHCP server, no. And if it was, DHCP would work.
Again, with you tagging VLAN1 to the toughswitch, I have no idea what your network is going to do. Apparently it's going to behave in unpredictable ways as you're finding out.
I don't understand why you are choosing to try to tag VLAN 1 and untag VLAN 100 across that trunk port. That makes no sense to me.
You are also dismissing my advice to get off VLAN 1 and tag EVERYTHING between pfSense and the Cisco and the Cisco and the toughswitch… There is absolutely no reason to have untagged traffic between switches. Every vendor seems to handle mixing tagged and untagged traffic on a port differently. You are setting yourself up for major headaches that can be easily avoided by getting off VLAN 1 and tagging everything across your trunk ports.
-
It's a layer 3 switch
I've removed all the Vlan 1 tagging
I'm able to discover the Ubiquiti TouchSwitch now
But still no luck with the APs -
Is it a layer 3 switch as layer 3 or a layer 3 switch but only being used as layer 2?
You'll have to tell us how your network exists now. Diagram?
How are the switchports going to the APs configured?
ToughSwitch goes to UAPs with Vlan 24, 30, 50
How do you expect them to get DHCP on VLAN 100 if they are only on VLANs 24, 30, and 50?
What does ubiquiti require for the APs to be initially configured? I usually have to put my new APs (not ubiquiti) on an untagged port on my management VLAN until they get the config from the controller. They get firmware, restart a couple times, then I move them to an tagged port in their final install location and everyone's happy.
-
It's a layer 3 switch as layer 3
Current setup like this
Thank you very much
I'm new to VLAN and Layer 3 Switches
Previously we only have Layer 2 Switches and it runs without any issues
After we change out 2 Layer 2 Switches and replaced with 2 Layer 3 Switches stacked together, I'm no longer able to see those APs from pfSense -
That still doesn't tell us how the ports to the UAPs are configured. Is it 24T, 30T, 50T, 100T or 24T, 30T, 50T, 100U. The initial configuration might require some untagged interfaces on 100, but, IMHO, your goal should be to get the access points' management VLAN set to 100 and have the switchports from the toughswitch to the UAPs as 24T, 30T, 50T, 100T. Not sure what Ubiquiti recommends.
-
UAPs are 24T, 30T, 50T, 100UP
The initial configurations are already done without Layer 3 switch
What makes the APs unseen is replacing Layer 2 switches with Layer 3 switch
Not sure if I need to setup more on pfSense and then DHCP relay on Layer 3 switch? -
If you're not using layer 3 functions of your switch, it's not a layer 3 switch. If you are, then you need to do all sorts of things differently. If you are not configuring virtual interfaces and assigning interface IP addresses in the switch, it's just layer 2.
