This is so stupid simple and I cannot for the life of me get this VLAN setup to work. I'm sure I'm missing this one little detail.
I have watched Lawrence Systems videos on this topic and still can not get it to work. I'm thinking it's gotta be my switch configuration.
All I want is a Guest network on the UniFi APs that VLAN's to pfSense and routes out to the internet, but cannot access the rest of the network. I do not need a captive portal.
The network is as follows:
UniFi APs (2 WiFis, one private untagged, one guest on VLAN 2) connected to --> TP-Link TL-SG1024de (all ports untagged) connected to --> pfSense (VLAN 2 configured) WAN connected to --> Internet I have screenshots to share here:
I have setup the VLAN in pfSense as 192.168.50.0/24 and assigned it a DHCP pool that appears to work. It is piggybacking on the LAN interface with the rest of the network. I have firewall rules in place to prevent VLAN2 from talking to LAN computers.
On the switch, I left all ports untagged, assuming that UniFi would put a tag on the packet, it would end up in pfSense, and pfSense would see that tag and handle it accordingly. I think my mistake is here.
I can create the Guest wifi on UniFi and it provisions all of the APs just fine. But the devices that join that WiFi never get an IP address, so they are not talking to the pfSense device.
Any advice is welcome. I have no idea what I'm doing wrong.
No comments:
Post a Comment