Unifi AP with VLAN not working in pfSense (no DHCP, no internet if static ip)
I’m playing around to segment my home network. I want to separate my camaras, nas, guests, IOT into different networks and create rules for which device can access what.
I came out on this video https://www.youtube.com/watch?v=DL4vMLgBrYI but still it doesn’t work.
I have a pfSense router and a Unifi AC Lite. I will explain what I’ve done so far.
default lan on 192.168.1.1/24
TABLET lan on 192.168.6.1/24 → VLAN 6 on igb1 (LAN)
DHCP for TABLETS is enabled
On the Unifi I created a new SSID with VLAN6
I can connect via wifi with the AP but I won’t get an ip address (169…).
When I give it a static ip address, it gives me no connection error but I still cannot surf.
I setup another VLAN for my cameras. This is connected via UTP on a smart switch and it’s working fine. If I connect with the Unifi wifi without VLAN, it works. But I can’t connect with SSID VLAN6. I think it must be a DHCP fault but everything seems fine to me.
Since I’m a new user I can only post one screenshot. I have five so I hope I can post them later. Maybe someone could help me out what I’m doing wrong.
Besides a smart managed switch such as the Unifi US-8-60W, you would need to assign the proper VLAN to the wireless AP. If I remember correctly, you can only have 4 SSID per AP.
You have your pfSense set up correctly but now you have to allow that data to be sent and understood by your managed switch which then passes the proper VLAN to the proper switch Port. In you case, you will need to allow multiple VLAN ID’s to be access by your Access Point.
So once you have a managed switch set your different VLANs up under Networks (Photo 1). Then set your particular Wireless VLANs up under Wireless Networks (Photo 2). Then select your AP and make sure your WLANs are set to receive the VLANs under the settings for the VLANs you want to be accessible via WiFi (Photo 3). Lastly, if you have a Unifi Switch, go into your Profile settings and create one with named something like Wifi and then assign the Port that your AP is connected to for that Profile (which should include all your desired Wifi VLAN’s.)
Since it was not working with the setup I had, I eliminated the switches and connected the AP directly to a unused port on my pfSense. Just to verify pfSense and the AP are communicate with VLAN6.
I linked VLAN6 with igb2 (OPT1) and assigned it to interface TABLETS. I also added the network settings for VLAN6 as Arron mentioned. With this setup, I can connect with ssid TABLETS and do everything without any problem.
So, the setup I had before and which was not working is the following:
pfSense - dumb switch - smart switch - AP
Is the dumb switch in between the problem why it wouldn’t work or could it be a setting in the smart switch which is not correct?
Dumb switch could certainly be the problem, also you need to send all the VLAN traffic to the AP as it is expecting all traffic and it will internally will extract the data from VLAN 6
As long as the dumb switch is receiving all VLANs to all ports, you should still be able to connect. Your smart managed switch will need to be the one that specifies what VLANs go where in addition to your Unifi being set correctly.
I think the dumb switch is indeed receiving and transmitting all VLANs. I have a camera in another VLAN4 which is connected to the same smart switch, and this VLAN4 is working fine.
pfSense - dumb switch - smart switch - camera : works
pfSense - dumb switch - smart switch - AP : won’t work
It guess it should be a fault setting in the smart switch. As Tom mentioned above: “you need to send all the VLAN traffic to the AP as it is expecting all traffic and it will internally will extract the data from VLAN 6”. I think the mistake lies in the configuration of this port in de smart switch. From what I recall I configured the port to the AP as only VLAN6. I will check it out and come back when I have found a solution. Hopefully
