Alrighty. YAVPP: Yet another vlan problem person… I’ve followed “How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsese” pretty much click-for-click (as close as version and setup differences allow for, anyway) and I can’t get a DHCP lease on any of my tagged ports.
My setup:
-
Config that I’ve had for some time and is known as good:
- LAN interface is bridge0
- bridge0 contains em0 and em1
- em0 connects to a UniFi US-48
- em1 connects to a UniFi AP-AC-Lite
- US-48 connects by SFP+ to UniFi US-16-XG
-
New VLAN config where I’m not getting DHCP leases:
- Created “storage” VLAN11 - parent interface is bridge0 [LAN]
- added “storage”
- enabled “storage”
- Set static ip of 192.168.11.1 on “storage”
- assigned “storage” “vlan11 on bridge0 (storage)”
- created an “any/any” all protocol IPV4+6 firewall rule for “storage”
- Enabled DHCP on interface “storage” with range of 192.168.11.100 to 254
- In the “Networks” section of the UniFi management interface, I created “StorageVLAN” with vlan tag 11
- on the US-16-XG I set the switch profile on SFP+ port 2 to “StorageVLAN”
- On the computer connected to SFP+ port 2, I disabled and re-enabled the NIC.
-
Troubleshooting steps includes various combos of the following:
- I’ve disabled all firewall rules that I created that weren’t some kind of “any/any” rule.
- Destroyed my VLAN11 setup and re-created it
- Set my VLAN parent as em0
- In UniFi management, created and used a new “Switch Ports” profile making my VLAN the “Native Network” for port SFP+ 2
- Added my vlan as a member of bridge0
- Fully updated pfsense, destroyed and re-created vlan11 as vlan50.
- Verified the the switch port connected to pfsense is set to ‘all’ and the SFP+ port between switches are also set to ‘all’