Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    I can't access AP with VLANs

    General pfSense Questions
    4
    9
    1531
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kipTry last edited by

      Hi,

      I have this setup:

      Pfsense port 3 (192.168.3.1) -> AP (192.168.3.2) -> VLAN 10 (Wifi - 192.168.4.1/24), VLAN 20 (Wifi Guests - 192.168.5.1/24).

      Everything is working well, but I can't access to the AP portal (setup wireless, accounts, etc) when I'm connected to vlan10 or vlan20. What I have to do?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • H
        heper last edited by

        so pfsense is not involved with the vlans ? your AP is managing the vlans ?

        ==> check your AP manual on how to allow administrative access on the vlans

        1 Reply Last reply Reply Quote 0
        • K
          kipTry last edited by

          I did this:
          AP:
          1. Static ip: 192.168.3.2
          2. Gateway: 192.168.3.1
          3. DHCP disabled
          4. VLAN 10 assign to SSID "Wifi". VLAN 20 assign to SSID "Wifi Guests".

          Pfsense:
          1. Interface AP (port in pfsense): 192.168.3.1/24. DHCP disabled
          2. Interfaces > Vlans: Add vlans 10 and 20 linked with Interface AP
          3. Assign interfaces "vlan10 to Wifi" and "vlan20 to Wifi guest". Dhcp enabled (192.168.4.1/24 - wifi, 192.168.5.1/24 wifi guest).
          4. Firewall: The same rule for 3 interfaces AP, Wifi and Wifi guest -> proto: ipv4; source: interface (ap, wifi, wifi guest) net; destination, port, gateway: *

          I connect to "Wifi" network, and I get the IP 192.138.4.2 and I have internet. But I want to access to the AP portal (192.168.3.2).

          Thanks!

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Can pfSense ping 192.168.3.2?

            From what I can tell, either the AP only allows access to the config page from 192.168.3.0/24 or the switchport isn't properly dealing with tagged and untagged traffic mixed.

            1 Reply Last reply Reply Quote 0
            • K
              kipTry last edited by

              This is my setup:

              Modem is in bridge mode.
              PfSense has 4 interfaces: igb0 to 3.
              Interfaces:

              • WAN: PPPOE0(igb0)

              • LAN: igb1. Address: 192.168.2.1/24. DHCP Enabled.

              • AP: igb2. Address: 192.168.3.1/24. DHCP Disabled. Acces Point: 192.168.3.2.

              • AP_WiFi: VLAN 10 on igb2 (Wifi). Address: 192.168.4.1/24. DHCP Enabled.

              • AP_Guests: VLAN 20 on igb2 (Wifi_Guests). Address: 192.168.5.1/24. DHCP Enabled.

              • DMZ: igb3. Address: 192.168.6.1/24.  DHCP Enabled.

              Problem: If I'm not in subnet 192.168.3.1/24 I can't accest to the AP portal (192.168.3.2). What can I do?.

              I can't ping from 192.168.2.2 (my laptop) to 192.168.3.2 (ap portal) and I don't know why… I'm checking firewall rules.

              What do you think about the design? Is it correct?.

              1 Reply Last reply Reply Quote 0
              • H
                heper last edited by

                do the wireless SSID's work ? Can the wireless clients connect to lan devices ? are your firewall rules correct ?

                if all above = YES

                ==> did you fill in the gateway ip (192.168.3.1) into the AP webgui/configuration ?

                1 Reply Last reply Reply Quote 0
                • F
                  firewalluser last edited by

                  @heper:

                  so pfsense is not involved with the vlans ? your AP is managing the vlans ?

                  ==> check your AP manual on how to allow administrative access on the vlans

                  Does the AP support vlans?

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    I do not like mixing tagged and untagged traffic on a port.

                    However I know Ubiquiti's can be easier to manage if you just leave the management interface untagged.  You have not mentioned what AP you are using, I don't think.

                    It all looks right.  You should probably post up your firewall rules for AP and Wifi.

                    If those are correct, I would look at the AP administration config to see if the AP itself is limiting access to the admin pages from other networks.

                    1 Reply Last reply Reply Quote 0
                    • K
                      kipTry last edited by

                      OK, I'm sorry guys…

                      I did everything again and I found this option: "Allow remote access - Remote access allows you to manage the AP from the Internet or from a different LAN. To enable remote access, the gateway device needs to be properly configured, such as opening a port for the corresponding IP address of the AP."

                      I didn't check that option the first time. Now It's running well ;)

                      Thanks! At least, I checked my design with you. I hope this will be useful for other users. Now I have to focus on rules ;)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense Plus
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy