My pfSense router (192.168.1.1) has a VLAN rules configured as below:
I’ve gone into my managed TP-Link TL-SG3424P switch (192.168.1.254) and configured port 10 to use the VLAN69 ID:
Now, I have DHCP enabled on this VLAN starting @ 192.168.69.100 ending in 192.168.69.200. When I connect a cable to port 10 on the switch, I don’t get any ip address at all. Just an APIPA address.
I followed Tom’s how to setup a VLAN in pfSense video and it seems all I have to do is connect a cable to port 10 and it will get assigned an IP for my VLAN, but it’s not working and I don’t know why.
Try allow all protocols instead of just UDP.
Made the change but same thing. No IP address is getting pushed down via DHCP.
EDIT: I may not have the TP-Link configured correctly. I found this which matches my model of switch, just don’t know enough about networks to really make much sense out of what it’s saying.
How to configure 802.1Q VLAN on L2 Managed switches using the old GUI? | TP-Link
I’m assuming I would connect the LAN cable from pfSense to Port 1 on my switch then assign Port 1 on the switch as the TRUNK port?
What’s pfSense running on?
Which interface(s) on the pfSense box is(are) connected to the TP Link?
It looks to me like you need to “tag” vlan 69 (good choice btw) on the port that connects your pfSense box to the TP Link and then “untag” vlan 69 on the port you want to connect the device to. Cisco refer to trunk ports and access ports so you might see those terms. A trunk port carries all vlans, an access port only has one.
I’ve not got a bloody clue how you do that on a TP Link sorry.
I just followed the link, sorry…
Trunk the port from pfSense to switch
Change the port with the device to access and the PVID to 69
Thank you for taking the time to help out!
I tried trunking port 1 on my switch to the LAN interface on my pfSense box and it seems that when I do this, no device connected to the switch can access the internet for some reason.
I think I’m getting stuck on the tag/untag/egresse etc stuffs as I can’t seem to wrap my head around such a thing. I guess I’ll have to do some studying on what this stuff means and does.
I think you might get some mileage from setting the port that pfsense connects via to “general” with a pvid of 1.
Some (most / all ) gear will allow you to say “this is a trunk port so accept all vlans BUT if something arrives untagged then treat it as x” others allow you to say “This is an access port on vlan x but accept any tagged packets from other vlans as well.”. They are nearly the same thing but not quite.
If it does work that general with a pvid of 1 means that the port is untagged on 1 and tagged on 69 then that will probably sort it.
This should actually be all you need. So long as the DHCP Server is enabled for that VLAN in pfSense. I’m assuming your LAN port in pfSense is the parent for VLAN69, and that is what is directly connected to your switch?
Also, not a big deal but in your VLAN rules if you were looking to lock down that first rule to allow DNS only to the pfSense, you want VLAN69 Address, not VLAN69 net. VLAN69 net will apply the rule to 192.168.69.0/24 (I’m assuming it’s /24) instead of the VLAN69 interface address.
So, I’m not sure if I’m understanding this correctly since the TP-Link documentation is in some pretty broken english making it extremely difficult to follow as a noob…
Port 1 on switch needs to be set to TRUNK with PVID 1
Port 10 which is my VLAN needs to be set to ACCESS with PVID 69
All other ports should be set to GENERAL with PVID 1
This is my understanding of their terrible documentation. Does this make sense to anyone else?
That’s how I think you should have it, either that or P1 should be “general” pvid1 (not totally sure what general is vs trunk + pvid)
I’m hoping this helps someone assist me with this VLAN. Everything I’ve tried has not worked out well for me. I’m confident that my pfSense is configured correctly for the VLAN as at one point in time, I was able to get a VLAN ip Only problem was, it caused my other ports to stop getting ips, so I’m not sure what’s going on there.
Just a little note about the diagram. The TP-Link Archer c9 is a wireless router that I have in my network for wireless devices. It has DHCP turned off as pfSense handles DHCP.
When I started off with pfSense and my Netgear switch I had lots of issues with the switch. What I noticed was I had to set up my pfsense with the vlans, then setup the switch with the vlans, then connect the two. When I tried to configure pfsense with the switch connected with the default config, I would have issues.
You can try it this way and see if it gets you any further along.
After much MUCH trial and error, I finally managed to figure it out. Just in time too, as my wife and kids were ready to throttle me for having the network down for so long.
All in all I can say that if I ever have to do this again in my lifetime, it will be too soon!
Curious to know what the solution was ??
Instead of setting port 1 on switch as trunk, I set it as general with pvid of 1 and tagged it. I then had to set port 10 as general as well and pvid of 69 untagged. I then left all other ports as access and it’s working. I don’t understand why this works, but it does lol