Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I cant get VLAN tagging to work any help?

    Routing and Multi WAN
    4
    9
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      berbe01
      last edited by

      My setup:

      WAN > Pfsense > Wireless AP running tomato.

      Here's a picture of my VLANs on tomato

      I want VID 20 to be bound to my "Guest" SSID. So I did that. I set VID 20, tagged port 4 because port 4 is the port from my AP to my pfsense box, and bound BR1 to my guest SSID and set it as the interface for VID 20.
      br0 is for my home wifi network(10.12.1.120-140) and br1 is for my guest wifi users(10.12.2.120-140).

      So according to this picture, all traffic on Guest will go to br1 right? And all traffic on br1 will be encased in VID20.

      I also enabled trunking on my AP.

      Now on Pfsense.

      Heres a picture of my guest interface.

      Here's a picture of my VLAN

      Here's a picture of the DHCP server assigned to the GUEST interface.

      I did a google search, and one page said that I cant have two DHCP servers on one machine. Is that true? Because in this setup I do have two servers running on my pfsense box. One for my LAN interface (10.12.1.120-140) and another dhcp server on the guest interface (10.12.2.120-140).

      Well since a google search told me that that won't work, I set my AP to have a DHCP server hand out the guest IP range instead.

      Now heres the issue.

      How do I know if my guest traffic on my AP is going through to my guest VLAN on pfsense? Because when I look at my DHCP table, I only see one entry for the guest network, and its just the guest interface. I tried to connect to my guest network from my phone and it doesnt list on the DHCP table. I'm assuming this is because my AP is handing out DHCP leases and not pfsense, right?

      Well how do I confirm if the guest traffic is still being routed to my guest VLAN?

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        never used tomato, so no clue if other settings can/need to be set.

        have you tried removing the priority setting on your pfsense interface?

        1 Reply Last reply Reply Quote 0
        • B
          berbe01
          last edited by

          I took off the priority setting and it still doesnt appear to be working.

          The way I'm testing it is by making a captive portal to see if anyone who connects to my guest network gets sent to the portal.

          Well I enabled the portal and rebooted everything, and now when I connect to my guest network, it doesnt present me the login screen. It just says unable to establish a connection.

          But when I set the captive portal to my LAN interface, it shows the login for the portal.

          **edit:

          Even when I disable the captive portal, I'm still unable to get internet using the guest network.

          **more edit:

          It appears that my AP cant communicate with my router when I use a different IP.

          My router hands out 10.12.1.120-140 and my gateway is 10.12.1.1.

          Well when I connect to my guest wifi, it hands out a 10.12.2.120-140 ip, and the gateway is 10.12.2.201. Since they're two different gateways, I'm guessing they can't communicate with eachother?

          *another edit: I was right. I just connected to my guest wifi network and I tried to access my routers config page via my guest wifi connection. Well I can't. Because the DHCP for my guest network assigns 10.12.2.201 when my routers gateway is 10.12.1.1

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            you need to put the tomato in accesspoint-mode & disable routing

            1 Reply Last reply Reply Quote 0
            • B
              berbe01
              last edited by

              How would I go about it on pfsense then?

              I had tomato handing out IP addresses 10.12.2.120-140 because I wasn't sure how to put 2 DHCP interfaces onto one machine and I already had pfsense doing 10.12.1.120-140.

              When I tried to make pfsense do both 10.12.1 and 10.12.2, it would never use the 10.12.2 it only assigned 10.12.1

              1 Reply Last reply Reply Quote 0
              • H
                heper
                last edited by

                Every vlan has its own interface & optional dhcp server. You can set whatever subnet you want.

                1 Reply Last reply Reply Quote 0
                • B
                  berbe01
                  last edited by

                  I started over and it still isn't working.

                  pfsense interfaces:

                  https://i.gyazo.com/2c7c15b622ecfa3ebc289bc2afd4588e.png

                  pfsense VLANs:

                  https://i.gyazo.com/5fb9f5a831d78bd2ad8fda1ee1bb775c.png

                  pfsense DHCP servers:

                  https://i.gyazo.com/eeb849bf7df67123ee1e7cb11cce6530.png

                  https://i.gyazo.com/aaed567e8544acfe092d8d85d34f386e.png

                  AP VLANs:

                  https://i.gyazo.com/32b091ffe222a3323a203c1db86a29d5.png

                  The top one defaults there. I didnt create it. But when I try to change its VID from 1 to anything else, I get locked out of my AP and I have to factory reset it.

                  port 2 is my trunk port. When I enable tagging on port 2 I lose internet access and my AP cant resolve an IP address.

                  AP bridge settings(no longer handing out IP addresses simply a gateway):

                  https://i.gyazo.com/1496f04324638938eca34ba4abfe9e0a.png

                  1 Reply Last reply Reply Quote 0
                  • P
                    pfsensory
                    last edited by

                    The issue might be the vlan ID numbers.  You are using 1 for your test network, but this might cause a conflict with the LAN subnet assigned to the same interface.  Try changing the vlan ID for the test vlan to something else on both PFSense and your access points, and see if that works.  There are lots of networking experts who frequent this forum - one of them might spot other pitfalls in your setup.

                    1 Reply Last reply Reply Quote 0
                    • B
                      blc
                      last edited by

                      In your last setup, you've set the tomato settings to tag VID 30 on port 2, and nothing else.. Where do you define where VID 30 originates? in the SSID settings?

                      Also, did you add rules to that GUEST interface to allow traffic to enter pfsense?

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.