VLANs - pfSense, UAP-AC-Pro, Dell PowerConnect 2808

I’ve checked out multiple tutorials from both Lawrence Systems and Crosstalk Solutions, and I have hit a wall.

I have WAN coming into pfSense and LAN set to a 10.10.1.0/24 network with VLANs 10, 20, and 69. The interfaces and DHCP servers (ranges .10 - .245) have all been setup.

In unifi, I have created wireless networks with the respective VLANs as well as one for the LAN. When connecting to the LAN wireless network, everything works fine. However, when connecting to any of the VLAN wireless networks, all clients fail to configure with an IP address. In the Unifi Controller, I can see outbound traffic, but nothing inbound to the client(s). Even if I set a static IP for a client, there is no internet connection.

In the Dell PowerConnect, I have pfSense connected on Port 1 with Untagged LAN and Tagged with all VLANs. I then have the same settings on Port 8 connecting to the UAP-AP-Pro.

Example of client trying to connect:

Been years since I have looked at the PowerConnect switch, but it sounds like that is where the issue is. If I recall correctly the default way those handle VLAN’s is to drop any traffic not properly defined. That is assuming you have the VLANs properly configured in pfsense & unifi https://youtu.be/b2w1Ywt081o

Would plugging the AP directly into the NIC of pfSense be a decent solution to diagnose the issue?

I’ve also gone through that video more times than I can count.

Yes, that would rule out if it was the Dell Switch.

Just tested, still not getting a valid connection.

I’ll be removing all extra network and VLANs for further testing.

If I’m not using a Unifi switch, do I still have to create the “VLAN only” network, or is the Wi-Fi network enough? I tried both, just checking.

If you are only using the AP’s you just need to specify the VLANs there.

Do you happen to have another Linux machine. I have setup my pi to test vlans on a switch. I am thinking if it works for pi should work for Debian derives distros.

It’s only one file. I turned it on for a pi in my rack running pihole. It allows me to know all vlans are working a quick check if I need it. Only needed it once when I accidentally plugged something in wrong port. THis quick check made me realize what I did.

I have a spare RPi 4 and multiple Linux machines I could test on. I’ll look into that.

I appreciate the help

1 Like

It appears that the DHCP server is working, but the client is not receiving the offers. I have allowed all traffic on LAN/VLAN, so I am not sure whats keeping it from happening.

I think I need some clarification. Is your AP connected and setup on your UniFi controller? Also do you have a trunk port going from pfsense to your AP?

I have port em0 with LAN and VLAN 10 going to switch port 1. In the dell configuration, all 8 ports are auto untagged with VLAN 1, then I have manually tagged with VLAN 10. Then port 8 has also been tagged with VLAN 10, which goes to the Unifi AP.

Within the Unifi Controller, the UAP-AC-Pro has been configured to have a wireless network with VLAN 10. When connecting to this wireless network, it authenticates, but any device (even when given a static IP), is unable to successfully connect. Some sort of route is broken.

I have also attempted plugging the AP directly into the NIC, bypassing the switch altogether. This did not fix the issue.

I am also currently in the process of reinstalling pfSense onto a new SSD I just got. I will update after reinstallation.

From my experience using openwrt, you need to identify the vlan ID for the device to actually look for vlan packets. And usually a firewall zone for the vlan ID as well, that’s a mirror of LAN.

This sounds a LOT like the problem I was going to post. On your devices on the vlan, are you getting IPs in the 169.254.x.x/255.255.0.0 range? That’s what I’m getting, meaning the DHCP seems to be failing.

I’m using an ESXI hyperV on an old Dell Poweredge 710, with pfSense in a VM, along with a Unifi Switch and AP. No VMs can get IPs in range of the DHCP.

On my Windows 10 laptop, that was the end result when DHCP failed.

I ended up reinstalling pfSense and reconfiguring my network. Even though I used the same exact settings, it ended up working.