- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: GS110EMX Trying to pass VLAN tag from wifi AP alongside other vlan
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So I have a Unifi AP serving 3 SSIDs- normal traffic, an IOT vlan, and a Guest vlan. The AP is connected over a single cable to the GS110EMX into port 5 and the GS110EMX is connected to a PFsense router. I also have 4 CCTV IP cameras- 3 are feeding to an unmanaged POE switch, and one that connects directly to the GS110EMX. The POE plugs into ports 3 and the other cam into port 4 on the GS110EMX.
The AP is configured to tag packets for IOT as 2 and guest as 3. So the GS110EMX recives the packets on port 5 already tagged or some as no tag.
I'm trying to create a vlan on the switch for the CCTV cameras. I've assigned ports 3 and 4 to vlan 4.
Here is the basics of my vlan setup:
VLAN 1: 1 (U); 2 (U); 5 (U); 6 (U); 7 (U); 8 (U); 9 (U)
VLAN 4: 1 (T); 3 (U); 4 (U)
This setup results in the vlan 4 working fine, but I lose any wifi traffic that is tagged. When no vlan is enabled on the switch, all traffic from the AP passes through the switch to the router with the tag intact and is assigned to the correct vlan by the router. When I create vlan 4 on the swtich, the wifi traffic that is tagged no longer is passed to the router. The wifi traffic that isn't tagged passes through just fine.
I don't know much about vlans, I'm still learning. As an experiment, I tried to create vlans on the switch for each of the wifi vlans, like so:
VLAN 1: 1 (U); 2 (U); 5 (U); 6 (U); 7 (U); 8 (U); 9 (U)
VLAN 2: 1 (T); 5 (U)
VLAN 3: 1 (T); 5 (U)
VLAN 4: 1 (T); 3 (U); 4 (U)
In this case, it does seem that the packets tagged 2 and 3 are passed from the switch and sent to the router. The router logs show a dhcp request for devices in the 2 and 3 vlan, but the dhcp requests just time out and no addresses are assigned. I'm not sure why the tagged wifi traffic gets routed and recieves an address just fine with passing through the switch, but when I set up vlans, the router can't do anything with them.
Hope this makes sense and TIA!
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think I may have figured it out- After playing around with it again, I changed port 5 to be tagged for the vlans, like this:
VLAN 1: 1 (U); 2 (U); 5 (U); 6 (U); 7 (U); 8 (U); 9 (U)
VLAN 2: 1 (T); 5 (T)
VLAN 3: 1 (T); 5 (T)
VLAN 4: 1 (T); 3 (U); 4 (U)
This way, the vlans are tagged and the trunk is tagged. This setup now appears to be successfully routing all the traffic and Pfsense is handling DHCP requests correctly.
I'll follow up if I find any issues.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: GS110EMX Trying to pass VLAN tag from wifi AP alongside other vlan
Each VLAN is by definiton a dedicated broadcast doamin. Don't know what is connected there, but what is the idea of having port 5 an untagged member of at least three different VLANs? This can't work ...
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: GS110EMX Trying to pass VLAN tag from wifi AP alongside other vlan
Yeah, that setup doesn't make sense to me but I was trying to play around to see if I could figure out how to get tagged traffic from the AP to route. In my head it seems like all incoming tagged traffic should just pass through the native vlan unchanged, and then vlan 4 would work independently of it. Clearly I'm missing something though.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: GS110EMX Trying to pass VLAN tag from wifi AP alongside other vlan
The traffic to the Pfsense must be handled similar to the Access Point - the first VLAN can be done Untagged, all other SSIDs resp. IP subnets must be done tagged. On the firewall, you have to configure the additional subnets, again tagged on the interface, and configure dedicated IP subnets including DHCP server, NAT rules, ...
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: GS110EMX Trying to pass VLAN tag from wifi AP alongside other vlan
@schumaku wrote:The traffic to the Pfsense must be handled similar to the Access Point - the first VLAN can be done Untagged, all other SSIDs resp. IP subnets must be done tagged.
Isn't that the same as what I had described? I did it this way to try to accomplish that- port 5 is a member of the first vlan to allow untagged traffic to pass, and then created a vlan 2 for traffic tagged 2 to pass from port five to the trunk, and then again for vlan 3. Because 3 types of packets will be coming into port 5 (untagged, tagged 2, and tagged 3), I set up a vlan to support each tag.
VLAN 1: 1 (U); 2 (U); 5 (U); 6 (U); 7 (U); 8 (U); 9 (U)
VLAN 2: 1 (T); 5 (U)
VLAN 3: 1 (T); 5 (U)
VLAN 4: 1 (T); 3 (U); 4 (U)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think I may have figured it out- After playing around with it again, I changed port 5 to be tagged for the vlans, like this:
VLAN 1: 1 (U); 2 (U); 5 (U); 6 (U); 7 (U); 8 (U); 9 (U)
VLAN 2: 1 (T); 5 (T)
VLAN 3: 1 (T); 5 (T)
VLAN 4: 1 (T); 3 (U); 4 (U)
This way, the vlans are tagged and the trunk is tagged. This setup now appears to be successfully routing all the traffic and Pfsense is handling DHCP requests correctly.
I'll follow up if I find any issues.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content