VLAN Tagging problem

[Fingers]

I have set up a VLAN on my pfsense box with VLANID 10, and in the firewall rules I have passed all traffic. It is connected to port 1 of my TPlink TL-SG108E Managed Network Switch. In port 2 I have connected a Linksys lapac1750 business AP, enabled VLAN, and set up a second network with the VLANID 10. I have tagged port 2 in the managed switch, and all I get is 'connected with no internet'. My main default network is working perfectly. Am I missing something obvious, or am I totally messed up? I'm sure I've tried every combination, but does port 1 also need to be tagged at the same time?
I have spent over 10 hours trying to get this to work, if someone can help I would be ever so grateful.

Thank you.

 

[MichaelCG]

Where ever you want VLAN10 to be passed, you must either enable tagging and add VLAN10, or set the default VLAN for the port to 10. Which you do depends on what you are trying to accomplish. But without tagging the interface plugged into the firewall...the firewall itself will never see the VLAN10 traffic/tags.

It sounds like you have a "regular" network that already exists and is untagged...and then you are adding on a new network of VLAN10 that you wish to keep isolated from the regular network.

Switch
- Port1 - Firewall - Native VLAN (what ever your native VLAN is from your regular network) + VLAN10
- Port2 - AP - VLAN10

 

[Fingers]

Yes I have a regular home vdsl network. Modem to pfsense firewall. That goes into the switch then that feeds the linksys AP and some local wired devices and a homeplug. All I want to do is add a wireless guest network thats isolated on the network.
I'm sure I've tried it as you said but I'll try it again.

Thanks

 

[Fingers]

Hmm, I cannot see how I can assign 2 different VLAN's to a single port with the switch. It only offers one choice, either native (1) or any other that i choose. So If I just select 10, I lose my regular network.

 

[abailey]

So port 1 goes to your router and port 2 goes to your WAP right? VLAN1 is your default (and primary) VLAN and VLAN 10 is your visitor network right?
If so then port1 should be untagged in VLAN1 and Tagged in VLAN10. PVID should be VLAN1.
Port 2 should also be untagged in VLAN1 and Tagged in VLAN10. PVID should also be VLAN1.

Personally I don't use default VLANs at home because it can get real messy (especially when devices have different VLAN id's for their default). But the above instructions should work if you have configured your router and WAP correctly.

 

[Fingers]

@abailey
Yes you have the set up exactly right. I have tried what you said and it still doesn't work. I'm wondering if the intel NIC doesn't support it but I assumed it would be ok.
The Linksys lapac1750 AP has the default network set as vlan1 and have the WiFi network running with no issue. I then created a guest network with its own SSID and password and assigned it 10.
The TPlink router has a default VLAN 1 untagged for all ports that cannot be deleted or edited. So I then created a 10 profile and untagged ports 1 & 2. I didn't touch the PVID and all are set to 1.

It's so frustrating!

 

[abailey]

Do you have a laptop or desktop you can test with? I would wire them to your switch and make sure the port they are connected to is untagged in VLAN10. If they work like that then you will know the WAP is the problem. If not then it is a switch or router problem.

 

[Fingers]

I plugged a desktop into it and that didnt connect either. Looks like the tplink switch is garbage!

 

[abailey]

I plugged a desktop into it and that didnt connect either. Looks like the tplink switch is garbage!

Possibly. I have 6 TP-link switches in my house, two of them being the TL-SG108E. I run multiple VLANs on them with no problem. Are you sure you have the pfSense configured correctly? Do you get a DHCP address on the computer from the router?

 

[Fingers]

Possibly. I have 6 TP-link switches in my house, two of them being the TL-SG108E. I run multiple VLANs on them with no problem. Are you sure you have the pfSense configured correctly? Do you get a DHCP address on the computer from the router?

I did but not with them both untagged as you said. I am going to reset the switch and delete the VLAN interface and start again when I get home from work. I will try one more time as my wife is going nuts because of the sheer man hours this simple task has taken up. It has really gone past the point of bothering with now, it's more I'm on a mission to succeed

I'll report back when I've set it up again.

Thanks

 

[Fingers]

The only way I can get a DHCP address is when port 1 is tagged and port 2 is untagged with both ports PVID1. I have a mobile phone as a test unit that is connected to: 192.168.2.100 When I tap on the wifi signal it just says, 'Internet may not be available'.

Edit:

I can also have port 1&2 tagged as you said, and it still gets a DHCP address and still dispalys the same 'Internet may not be available' message

I have my VLAN interface set up identical to my LAN, inc firewall rules. And the VLAN is set in the wireless SSID section of the Linksys webif.

I am totally at a loss.

 

[Fingers]

OMG...I feel so dumb! I just discovered I had made a typo in the outbound NAT rule for passing the VLAN to WAN.

So sorry to have wasted your time, with the two ports tagged and the rule corrected, it connected instantly.


Thanks again for your patience with a Noob