This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I've tried to setup VLANs on two Netgear switches connected via LAG. It's not working properly. I cannot ping devices either connected via wire (port 2) or wirelessly that are on the VLAN 50. I've attached my network setup and hope someone can see the error in my setup.
Ok, I found the issue. It turns out I had a setting, Guest Network, selected in the UniFi controller software. This blocked layer-2 broadcasts/unicast messages between guests on the WLAN. After deselecting this option, I was able to see/ping/access all devices across the VLAN.
As a note, I also applied the settings found in the following netgear post:
correct, ping doesn't work on the same switch (pfsense<->RPi), but only related to port 2 (VLAN 50). I can ping from pfsense to another device on the LAN (VLAN 1?)
The LAG has been functioning for more than a year, but have never setup VLAN's before
So worth checking the pfsense trunk for correct tagging and interface config.
Briefly looked into your document yesterday with the config (wow, wish everybody asking for VLAN assistance in the community would provide this information - good job!) I'd say it's ok. Sorry, missed to mention this yesterday.
Thank for the comment about my diagram. I've done some more testing. I've removed the RPi and put a Macbook Pro wired to port 2 on 10.50.0.1/24. DHCP is working and I can ping PFSENSE, and PFSENSE can ping the Macbook Pro, and I have internet acess. I then connected a Macbook Air to the unifi AP, DHCP issued the address. From the Macbook Air, I have interenet access, however, I cannot ping PFSENSE and PFSENSE cannot ping the Macbook Air. The Macbook Air can see the Macbook Pro, but I cannot ping it, nor will it connect to the file share (both have file sharing enabled).
I then connected my iphone to the AP and ran a scan on the network using Net Analyzer app. It found the Macbook Pro (but couldn't ping it) and the DHCP server (also couldn't ping it). It did not find the Macbook Air which is also connected to the AP. So, devices on the AP are seeing devices on the M4100 switch, but can't connect to them. However, devices on APs do not see other devices on the APs on the same subnet.
I would say there's a problem with the VLAN's across the LAG, but the DHCP server is issuing an IP and the Macbook Air has interenet access. It's strange that devices on the APs can see devices NOT connected to an AP, but not devices connected to the AP. Also, I don't understand why I cannot connect to another device that I can see on the same subnet.
A possible next step would be to remove the LAG and see if just a single connection between switches would resolve the issue
It's strange that devices on the APs can see devices NOT connected to an AP, but not devices connected to the AP. Also, I don't understand why I cannot connect to another device that I can see on the same subnet.
To start with, define two unused ports on the switch connecting the APs to the VLAN 30 and VLAN 50 and run the similar checks with your Mac.
Ok, I found the issue. It turns out I had a setting, Guest Network, selected in the UniFi controller software. This blocked layer-2 broadcasts/unicast messages between guests on the WLAN. After deselecting this option, I was able to see/ping/access all devices across the VLAN.
As a note, I also applied the settings found in the following netgear post:
Great - that's why I suggested to create untagged LAN ports for each VLAN ... so you know if the problem is related to the switch config or to something else.
