TP-Link T1600G-28PS with TP-Link EAP225 WAP and 3 SSIDs each using their own VLAN - 1 works 2 don't
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Equipment:
TP-Link T1600G-28PS Switch
Version 1
Firmware V. 1.0.1 Build 20160411 Rel.34676(s)
IP 10.10.0.40
TP-Link EAP225 WAP
Version 3.1
Firmware EAP225(US)_V3_2.5.0 Build 20190404
IP 10.10.0.50
pfSense Router/Firewall
Version 2.4.4 running on bare metal
IP 10.10.0.1
This is wired to port 1 on the switch
What I am trying to acheive:
- 1 WAP with 3 SSIDs
- SSID for family access (seperate VLAN) 2.4GHz only
- SSID for Guests (seperate VLAN) 2.4GHz only
- SSID for IoT devices (seperate VLAN) 2.4GHz only
- Family needs to be able to access entire LAN
- Guests will have their own printer to access on their own VLAN
Since I only have 1 EAP225 WAP, I have it plugged into port 6 of the T1600G-28PS Switch.
Currently I can access the internet wirelessly using 2 of the SSIDs on the WAP (existing one which has been setup for some time, and the new one I created for IoT). I am baffled as to why I cannot access the Internet on VLAN 30 or 40, but no problem on 50 .
My plan was to setup the VLANs as follows:
- SSID of Family to use VLAN 30
- IP 10.10.30.1
- DHCP Range: 10.10.30.100 - 10.10.30.200
- VLAN Config:
- Port 6 is untagged
- Port 1 is tagged
- IP 10.10.30.1
- SSID of Guest to use VLAN 40
- IP 10.10.40.1
- DHCP Range: 10.10.40.100 - 10.10.40.200
- VLAN Config:
- Port 6 is untagged
- Port 1 is tagged
- IP 10.10.40.1
- SSID of IoT to use VLAN 50
- IP 10.10.50.1
- DHCP Range: 10.10.50.100 - 10.10.50.200
- VLAN Config:
- Port 6 is untagged
- Port 1 is tagged
- IP 10.10.50.1
I then went into the web portal for the WAP and added a new SSID of Family and told it to use VLAN 30. I went into the switch and also created VLAN 30 and set port 6 as UNTAGGED and set port 1 as TAGGED. I also went into pfSense and setup the firewall to allow any protocol. At that point I didn't setup any blocks in the firewall. VLAN 30 was wide open on the LAN. When I connected my laptop to use the Family SSID, I was assigned an IP from 10.10.30.0/24 subnet of 10.10.30.100 however I couldn't ping google.com or visit any websites.
I then went through the same process for the Guest network as I did above in the screenshots by going into the web portal for the WAP and added a new SSID of Guest and told it to use VLAN 40. I went into the switch and also created VLAN 40 and set port 6 as UNTAGGED and set port 1 as TAGGED. I also went into pfSense and setup the firewall to allow any protocol. At that point I didn't setup any blocks in the firewall. VLAN 40 was wide open on the LAN. When I connected my laptop to use the Guest SSID, I was assigned an IP from 10.10.40.0/24 subnet of 10.10.40.100 however I couldn't ping google.com or visit any websites.
Lastly I then went into the web portal for the WAP and added a new SSID of IoT and told it to use VLAN 50. I went into the switch and also created VLAN 50 and set port 6 as UNTAGGED and set port 1 as TAGGED. I also went into pfSense and setup the firewall to allow any protocol. At that point I didn't setup any blocks in the firewall. VLAN 50 was wide open on the LAN. When I connected my laptop to use the Guest SSID, I was assigned an IP from 10.10.50.0/24 subnet of 10.10.50.100 AND THIS TIME I COULD PING GOOGLE.COM AND WAS ABLE TO ACCESS THE INTERNET.
I'm completely confused as to why the IoT SSID on VLAN 50 works when the other 2 do not. All 3 are configured the same. The only difference between them is the VLAN number and the DHCP IP address range. All 3 have the same rules in pfSense where they are wide open. I can't see how pfSense is stopping it.
I also went into pfSense to confirm that I can ping google from the VLAN30_Family interface and it works just fine, but if I ping from my laptop it will not work. it just times out.
