pfSense as DHCP Server using tagged VLANs and default Wifi

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
mickintx
DD-WRT Novice


Joined: 09 Jan 2023
Posts: 3

PostPosted: Mon Jan 09, 2023 16:15    Post subject: pfSense as DHCP Server using tagged VLANs and default Wifi Reply with quote
I have a bit of an issue I can't quite figure out. I have setup pfSense as my firewall and main DHCP server with tagged VLANs 3, 4, 5, and 6.

I have 3 bridges and 3 VWAPs setup on DD-WRT with VLANs 4, 5, and 6 bridged to those Virtual WAPs.

When I connect to the main wifi wl0 or wl1, I get the VLAN 3 IP instead of my LAN IP assigned. So, I created a bridge (br4) and assigned VLAN3 to it. I just need VLAN3 to be wired, so I didn't bridge it originally.

Now when I try to connect to the wl0 or wl1 I don't connect. I suppose that DD-WRT isn't seeing the LAN DHCP coming from pfSense. Not sure how to set this up so I can connect to the LAN Wifi and get the LAN IP address assigned.

Running DD-WRT v3.0-r51184 std (01/06/23)
Kernel Version
Linux 4.4.302-st28

On Asus RT-AC56U hardware.

DD-WRT setup with
- AP Only
- VLANs tagged for 3, 4, 5, 6
- Wifi N Base (MacWifi)
- Wifi N VWAPs( MacFifi-Media, MacWifi-IoT, MacWifi-Guest)
- Wifi AC Base (MacWifi-AC)
- Wifi AC VWAPs( MacWifi-Media-AC, MacWifi-IoT-AC, MacWifi-Guest-AC)
- 3 additional bridges (br1, br2, br3) setup as follows:
br0 no eth1 eth2 vlan1 vlan2 vlan3
br1 no vlan4 wl0.1 wl1.1
br2 no vlan5 wl0.2 wl1.2
br3 no vlan6 wl0.3 wl1.3
On the SwithConfig Tab (I use port 3) I have VLANs added and checked on port 3, without VLAN1 checked.

With the above setup, I get a VLAN3 IP when connected to base wifi.

- Attempted to do the following
br0 no eth1 eth2 vlan1 vlan2
br1 no vlan4 wl0.1 wl1.1
br2 no vlan5 wl0.2 wl1.2
br3 no vlan6 wl0.3 wl1.3
br4 no vlan3
On this setup, I check VLAN1 on port 3 as well.
With this setup, I do not connect to base at all.

I know this is a lot to think through, but any help, ideas to try is appreciated.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Jan 09, 2023 17:01    Post subject: Reply with quote
So your Asus is setup as a Wireless Access Point (WAP) and port 3 is your trunk port?

Please show a screenshot of your Switch Config tab and Networking tab.

I once made a setup like this, I attach my personal notes, you only have to take note of the setup for the secondary router which is also Broadcom Northstar so should work the same.
Note how I setup a WAP Smile

You should also enable the trunk for VLAN1 (not for VLAN2, better not use the WAN port) but as this is tagged you have to make sure it is also tagged on your Pfsense.

DDWRT does support having an untagged VLAN on the trunk but not via the GUI, if you really need that you have to do that manually (swconfig)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
mickintx
DD-WRT Novice


Joined: 09 Jan 2023
Posts: 3

PostPosted: Mon Jan 09, 2023 17:16    Post subject: Reply with quote
Here is my Switch Config screenshots.

VLAN_config_1 is my setup without having VLAN 1 included.

VLAN_config-2 is my setup with VLAN 1 included in the tagged port.
mickintx
DD-WRT Novice


Joined: 09 Jan 2023
Posts: 3

PostPosted: Mon Jan 09, 2023 17:56    Post subject: Reply with quote
Ok, after reading through your setup, I think I actually have everything setup right. I don't see a way (yet) in pfSense to tag the main LAN network with a vlan tag. So maybe I simply can't get that to work from my APs. I'm sure I could just assign VLANs to a different outgoing port, then connect that to the trunk port (tagged) on the Routers, and put the LAN port from pfsense to the WAN port on the router, maybe that would work.

Anyway, something for me to investigate. I appreciate the uploaded doc, and the helpful hints.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Jan 09, 2023 18:06    Post subject: Reply with quote
Unfortunately I cannot help you with PFsense.

It is possible to add VLAN1 untagged to the trunk port but that has to be done with swconfig (=manually) and that is something which is variable between routers so no one size fits all.

On my notes I used swconfig for my Main router as that does not support the GUI.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum