VLAN Help Requested - pfSense w/managed switch & AP

[snbf7889]

I am having VLAN trouble and cannot make it work. Other wired devices are running through the switch fine. Switch and AP are brand new, pfSense build has been solid for a year.

pfSense box >>> Zyxel GS1900-8HP >>> TP-LINK EAP225v3

The goal is a "Secured" VLAN (10) for computers and laptops (needs to be mix of WiFi & wired), "IoT" VLAN (20) for things that need to see the internet only (thermostats, doorbell, etc.), & "TV" VLAN (30) for several Fire TVs and ROKU TVs (all WiFi).

Wireless devices are connecting to the AP but I am messed up on the VLAN setup on either the pfSense box or switch. After messing with it for hours I think the issue is in the Zyxel tagged/untagged or trunking configuration. My 2nd guess is in the firewall rules. Multiple times I had wireless devices connecting but with "no internet". I believe the AP is working correctly and not causing the issues and the TPLink software, while basic, has been easy to use.

Thanks

***I have more screenshots but it will only let me post 5***

 

[umarmung]

You want to trunk, i.e. tag VLAN 10, 20, 30 to the AP. Therefore, in your each "VLAN Port" membership table for 10, 20, 30 respectively, you need to set port 1 and 2 to Tagged. You should already have done something similar on the pfSense box for the trunk to the Zyxel.

Your AP should have something like "use tag" for each SSID allowing you to input a VLAN per SSID.

Then from that point anything relevant to VLANs can be done on the router at IP level. I do not know the details of pFsense, but it should by default route from LAN to WAN and have inter-vlan traffic enabled, if it is like most routers - so should just work.

 

[coxhaus]

You should not have all your VLANS untagged. The only VLAN which should be untagged is the default VLAN. I always assign a network to each VLAN.