Cannot Get IP ON Guest Network If VLAN Enabled

twistedpair · August 18, 2019, 2:12am

Our network setup consists of a NetGate PFsense hardware firewall, UniFi Swith, and UniFi APs. We have a domain controller providing active directory, dns, dhcp on our main network. We have the Guest network enabled for wireless devices with the PFSense providing dhcp & dns on the guest network.

The IP scheme of the main network is 192.168.20.xxx. The IP scheme of the guest network is 192.168.200.xxx.

I created a VLAN for the guest network traffic however if its enabled and I add the VLAN ID to the guest wireless network in UniFi none of the devices on the guest network can get an IP.

I have other similar setups working just fine when the PFSense is doing everything even on the main network but haven’t done one like this with domain controller doing the main.

My switch ports are set to all. The DHCP server appears to be enabled for the VLAN network.

Any ideas what might be wrong with my setup or what to check to resolve this issue?

Thanks for your help in advance.

LTS_Tom · August 18, 2019, 12:54pm

Do you have the UniFi port set to “ALL” where it connects to the pfsense?

twistedpair · August 18, 2019, 3:45pm

My switch ports are set to all. Is that what you’re referring to or is this some other location I need to look?

faust · August 18, 2019, 5:52pm

If I understand it right… You have pfSense set up for the VLANs, and the AP set up for VLANs, and have the Switch set to ALL on All the Ports.

If that’s correct, your issue is in the switch. The only ports that should be set to ALL is the Trunk Port, and any port you want to have on the same trunk port network.

twistedpair · August 18, 2019, 10:36pm

Maybe I am not explaining it correct. The AP has multiple networks: A main wireless network and a Guest network (VLAN tag). They are both running through the same AP.

faust · August 19, 2019, 3:14am

You need to VLAN them both with different tag numbers, then run those tags on the switch, and manage with pfSense.

twistedpair · August 19, 2019, 4:36am

These are both running on same switch. I have a similar setup working just fine with pfsense and unifi switch + ap. For some reason though I can’t figure out what’s different since this one does have a windows domain controller involved.

FCifelli · August 21, 2019, 12:21am

I use this setup with pfSense and my domain controller is also the DHCP server. Have you enabled and configured the DHCP Relay in pfSense? If those Guests are going to use DNS on your domain controller, then you have to create a pfSense rule between the VLANs to allow DNS traffic. If you don’t want them using your domain controller at all, then make sure your DHCP server supplys DNS servers such as 1.1.1.1 or 8.8.8.8.

twistedpair · August 21, 2019, 3:25am

I had it configured to not use the domain controller dns for the vlan using instead 1.1.1.1 and 1.0.0.1 with the pfsense dns server.