VLAN on T1700G-28TQ not working

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

VLAN on T1700G-28TQ not working

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VLAN on T1700G-28TQ not working
VLAN on T1700G-28TQ not working
2020-07-23 03:42:56
Model: T1700G-28TQ  
Hardware Version: V3
Firmware Version: 3.0.0 Build 20190108 Rel.62365(s)

Hi all,

So got this switch and all appears to be going fine except VLAN. Setting up a VLAN using the UI seems simple enough, select L2 Features, select VLAN, select 802.1Q VLAN, select Add and select the port you wish use. Enter a VLAN ID, VLAN name and select save. Select Port Config, select port and set the PVID. Is there anything else that needs to be done?

I just can't get this thing to talk to my pfsense router. The switch just doesn't want to forward the packets on the selected port to the router. What am I missing?

 

Here is the simple topography. Group A is on the primary network. Group B will be on their own private network via the Wireless Access Point. Group B needs internet access and that is all. The Wireless access point plugs into the port I have configured for VLAN on the T1700G-28TQ switch. A VLAN interface has been configured on the PFsense router with the IPV4 subnet configuration and a DHCP server on this interface for IP address allocation.

The issue appears to be that packets on the VLAN port don't seem to go past the switch. I cannot get the packets to go to the PFsense router.



 

  0      
  0      
#1
Options
7 Reply
Re:VLAN on T1700G-28TQ not working
2020-07-23 07:36:34

@FFH4500 

 

Hi,
 

Is the port connected to the switch on the router tagged with the two VLANs for Group A and Group B?

Did you include the uplink port (connected to the router) on the switch in the two VLANs as well?

 

On the switch, the uplink port (connected to the router) should be in the two VLANs and tagged. The group A and group B are in different VLANs, untagged.

Hope that helps. Cheers!

  0  
  0  
#2
Options
Re:VLAN on T1700G-28TQ not working
2020-07-23 16:53:27 - last edited 2020-07-23 17:39:24

 

FFH4500 wrote

Group A is on the primary network. Group B will be on their own private network via the Wireless Access Point. 

 

Which VLANs do you use? Is your »primary network« on the pfsense tagged with VLAN ID 1? If so, don't use it, choose another VLAN ID. pfsense has some, ehm, »interesting« VLAN concept with its vnics and vswitch.

 

What's more, if you run pfsense in a virtual environment you might need to use VLAN 4095 to have pfsense keep 802.1q tags set by the pfsense virtual machine on a portgroup.

 

I suggest to not use the router's and switch's Default VLAN 1 at all, but use two VLAN IDs > 1 and < 4095. You can find many posts on the Internet about the correct setup of pfsense as a VLAN-aware router depending of the platform/environment it runs on.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#3
Options
Re:VLAN on T1700G-28TQ not working
2020-07-23 21:21:59

@Yannie I can ping the PFsense router now, that does stand to reason the Uplink should be in the VLAN. *Facepalm*

 

  0  
  0  
#4
Options
Re:VLAN on T1700G-28TQ not working
2020-07-23 21:22:36

@R1D2 No the VLAN ID is 20. smiley

  0  
  0  
#5
Options
Re:VLAN on T1700G-28TQ not working
2020-07-23 23:01:18

@Yannie 

 

So I have the VLAN working but in this configuration, the VLAN (Group B) can still access all the data and resources from the primary network (Group A).

I can't control this at the PFsence router because the switch is prior to it. So all traffic on port 8, VLAN 20 needs to be blocked from access VLAN 1 but still access the PFsense router for internet.

Appreciate the help thus far! smiley

  0  
  0  
#7
Options
Re:VLAN on T1700G-28TQ not working
2020-07-24 00:14:08 - last edited 2020-07-24 00:24:55

 

FFH4500 wrote

 

So I have the VLAN working but in this configuration, the VLAN (Group B) can still access all the data and resources from the primary network (Group A).

 

Then you have either Group B ports in both, Group B and A VLAN or the pfsense does LAN-to-LAN routing between the two VLANs B and A. Or you did assign IPs from Group B and A networks to VIFs in the switch which implicitly turns on Inter-VLAN routing (unless IPv4 routing has been turned off globally).

 

I can't control this at the PFsence router because the switch is prior to it. So all traffic on port 8, VLAN 20 needs to be blocked from access VLAN 1 but still access the PFsense router for internet.

 

Of course you can control this in the router's firewall. LAN-to-LAN resp. Inter-VLAN routing must be disabled. If the VLANs are terminated in the router, Internet access (LAN-to-WAN) still works for both networks A and B if it is enabled in the firewall. The routing path for both Groups is controlled by setting the default gateway for clients via DHCP to either Group B's or Group A's IP address of the router.

 

See this post (scroll down to method 2) for a setup of a Private (Group A) and a Guest (Group B) network. If you can translate OpenWrt syntax to pfsense syntax/settings, it shows how to set up two truly isolated LANs on the router, the switch and even the AP (yes, I did understand already that you don't need both VLANs on the wireless router).

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#8
Options
Re:VLAN on T1700G-28TQ not working
2020-07-24 00:43:17

@R1D2 

 

Thank you, 802.1x in global config was enabled. Disabled it and VLAN is working as expected. 

 

Thank you so much for your help!!!

  0  
  0  
#9
Options