I can't access AP with VLANs
-
Hi,
I have this setup:
Pfsense port 3 (192.168.3.1) -> AP (192.168.3.2) -> VLAN 10 (Wifi - 192.168.4.1/24), VLAN 20 (Wifi Guests - 192.168.5.1/24).
Everything is working well, but I can't access to the AP portal (setup wireless, accounts, etc) when I'm connected to vlan10 or vlan20. What I have to do?
Thanks.
-
so pfsense is not involved with the vlans ? your AP is managing the vlans ?
==> check your AP manual on how to allow administrative access on the vlans
-
I did this:
AP:
1. Static ip: 192.168.3.2
2. Gateway: 192.168.3.1
3. DHCP disabled
4. VLAN 10 assign to SSID "Wifi". VLAN 20 assign to SSID "Wifi Guests".Pfsense:
1. Interface AP (port in pfsense): 192.168.3.1/24. DHCP disabled
2. Interfaces > Vlans: Add vlans 10 and 20 linked with Interface AP
3. Assign interfaces "vlan10 to Wifi" and "vlan20 to Wifi guest". Dhcp enabled (192.168.4.1/24 - wifi, 192.168.5.1/24 wifi guest).
4. Firewall: The same rule for 3 interfaces AP, Wifi and Wifi guest -> proto: ipv4; source: interface (ap, wifi, wifi guest) net; destination, port, gateway: *I connect to "Wifi" network, and I get the IP 192.138.4.2 and I have internet. But I want to access to the AP portal (192.168.3.2).
Thanks!
-
Can pfSense ping 192.168.3.2?
From what I can tell, either the AP only allows access to the config page from 192.168.3.0/24 or the switchport isn't properly dealing with tagged and untagged traffic mixed.
-
This is my setup:
Modem is in bridge mode.
PfSense has 4 interfaces: igb0 to 3.
Interfaces:-
WAN: PPPOE0(igb0)
-
LAN: igb1. Address: 192.168.2.1/24. DHCP Enabled.
-
AP: igb2. Address: 192.168.3.1/24. DHCP Disabled. Acces Point: 192.168.3.2.
-
AP_WiFi: VLAN 10 on igb2 (Wifi). Address: 192.168.4.1/24. DHCP Enabled.
-
AP_Guests: VLAN 20 on igb2 (Wifi_Guests). Address: 192.168.5.1/24. DHCP Enabled.
-
DMZ: igb3. Address: 192.168.6.1/24. DHCP Enabled.
Problem: If I'm not in subnet 192.168.3.1/24 I can't accest to the AP portal (192.168.3.2). What can I do?.
I can't ping from 192.168.2.2 (my laptop) to 192.168.3.2 (ap portal) and I don't know why… I'm checking firewall rules.
What do you think about the design? Is it correct?.
-
-
do the wireless SSID's work ? Can the wireless clients connect to lan devices ? are your firewall rules correct ?
if all above = YES
==> did you fill in the gateway ip (192.168.3.1) into the AP webgui/configuration ?
-
so pfsense is not involved with the vlans ? your AP is managing the vlans ?
==> check your AP manual on how to allow administrative access on the vlans
Does the AP support vlans?
-
I do not like mixing tagged and untagged traffic on a port.
However I know Ubiquiti's can be easier to manage if you just leave the management interface untagged. You have not mentioned what AP you are using, I don't think.
It all looks right. You should probably post up your firewall rules for AP and Wifi.
If those are correct, I would look at the AP administration config to see if the AP itself is limiting access to the admin pages from other networks.
-
OK, I'm sorry guys…
I did everything again and I found this option: "Allow remote access - Remote access allows you to manage the AP from the Internet or from a different LAN. To enable remote access, the gateway device needs to be properly configured, such as opening a port for the corresponding IP address of the AP."
I didn't check that option the first time. Now It's running well ;)
Thanks! At least, I checked my design with you. I hope this will be useful for other users. Now I have to focus on rules ;)
