Do you need GVRP? If the WAP is assigning the VLAN then it would seem all you would need is a trunk with both VLANS as tagged members between the WAP and the switch and the switch and firewall. I have multiple VLANs running across a two HP switches to a pfSense appliance setup this way. I don't have the wireless as you have but I don't see how it would be different.
Gordon Cook [email protected] Message: 1 Date: Wed, 15 Aug 2012 21:16:20 -0400 From: Drew Lehman <[email protected]> To: [email protected], pfSense support and discussion <[email protected]> Subject: Re: [pfSense] VLAN Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed > Probably, yes, although you still need rules, based on your description. > How have you configured the switchport that the pfSense box is plugged > into? > Also, the SSID name has nothing to do with the VLAN tag... do you have > a 'smart' WiFi AP that has been configured to put that "Guest" SSID on > the same VLAN as you've set up elsewhere? > > -Adam Thompson > [email protected] > I have the switch configured with GVRP and auto for the ports for now. This should associate the VLANs based on the ID. The WAP has virtual SSIDs that can be assigned to various VLANs. I assigned the guest VLAN to 100 and setup a VLAN of 100 on the pfsense and assigned it to the LAN port. I then created a network for that VLAN and assigned a DHCP server to that network. However, when I connect to the wireless guest, I don't get a DHCP address. ------------------------------ Message: 2 Date: Thu, 16 Aug 2012 09:35:59 +0200 From: Matthias May <[email protected]> To: pfSense support and discussion <[email protected]> Subject: Re: [pfSense] VLAN Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On 16.08.2012 03:16, Drew Lehman wrote: >> Probably, yes, although you still need rules, based on your description. >> How have you configured the switchport that the pfSense box is >> plugged into? >> Also, the SSID name has nothing to do with the VLAN tag... do you >> have a 'smart' WiFi AP that has been configured to put that "Guest" >> SSID on the same VLAN as you've set up elsewhere? >> >> -Adam Thompson >> [email protected] >> > I have the switch configured with GVRP and auto for the ports for now. > This should associate the VLANs based on the ID. The WAP has virtual > SSIDs that can be assigned to various VLANs. I assigned the guest > VLAN to 100 and setup a VLAN of 100 on the pfsense and assigned it to > the LAN port. I then created a network for that VLAN and assigned a > DHCP server to that network. However, when I connect to the wireless > guest, I don't get a DHCP address. > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list Did you also create firewall rules actually allowing traffic on the newly assigned VLAN interface? ------------------------------ Message: 3 Date: Thu, 16 Aug 2012 11:29:08 +0000 From: Chuck Mariotti <[email protected]> To: pfSense support and discussion <[email protected]> Subject: Re: [pfSense] VLAN Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" >-----Original Message----- >From: [email protected] [mailto:[email protected]] >On Behalf Of Drew Lehman >Sent: August-14-12 11:50 PM >To: [email protected] >Subject: [pfSense] VLAN > >I'm trying to do a guest wireless using a VLAN. I have pfsense 2.01 and a HP >switch 2910AL. I setup the VLAN on my LAN (192.168.10.x) port and have it set >>to offer DHCP (192.168.11.x). I thought i was off that >192.168.11.1 was an offered start address for the DHCP. I set >192.168.11.1 as the gateway address for the VLAN. I setup a VLAN on the >switch with the same VLAN number and the WAP has a guest SSID using the same >>VLAN number. Did I set this up correctly on the pfsense side? >_______________________________________________ >List mailing list >[email protected] >http://lists.pfsense.org/mailman/listinfo/list Try setting a wireless client with a manual static IP address to verify if you can see the pfSense box and/or get outside... to eliminate it being just DHCP as the issue. ------------------------------ _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list End of List Digest, Vol 12, Issue 16 ************************************ _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
