Posted: Mon Jan 09, 2023 16:15 Post subject: pfSense as DHCP Server using tagged VLANs and default Wifi
I have a bit of an issue I can't quite figure out. I have setup pfSense as my firewall and main DHCP server with tagged VLANs 3, 4, 5, and 6.
I have 3 bridges and 3 VWAPs setup on DD-WRT with VLANs 4, 5, and 6 bridged to those Virtual WAPs.
When I connect to the main wifi wl0 or wl1, I get the VLAN 3 IP instead of my LAN IP assigned. So, I created a bridge (br4) and assigned VLAN3 to it. I just need VLAN3 to be wired, so I didn't bridge it originally.
Now when I try to connect to the wl0 or wl1 I don't connect. I suppose that DD-WRT isn't seeing the LAN DHCP coming from pfSense. Not sure how to set this up so I can connect to the LAN Wifi and get the LAN IP address assigned.
Running DD-WRT v3.0-r51184 std (01/06/23)
Kernel Version
Linux 4.4.302-st28
On Asus RT-AC56U hardware.
DD-WRT setup with
- AP Only
- VLANs tagged for 3, 4, 5, 6
- Wifi N Base (MacWifi)
- Wifi N VWAPs( MacFifi-Media, MacWifi-IoT, MacWifi-Guest)
- Wifi AC Base (MacWifi-AC)
- Wifi AC VWAPs( MacWifi-Media-AC, MacWifi-IoT-AC, MacWifi-Guest-AC)
- 3 additional bridges (br1, br2, br3) setup as follows:
br0 no eth1 eth2 vlan1 vlan2 vlan3
br1 no vlan4 wl0.1 wl1.1
br2 no vlan5 wl0.2 wl1.2
br3 no vlan6 wl0.3 wl1.3
On the SwithConfig Tab (I use port 3) I have VLANs added and checked on port 3, without VLAN1 checked.
With the above setup, I get a VLAN3 IP when connected to base wifi.
- Attempted to do the following
br0 no eth1 eth2 vlan1 vlan2
br1 no vlan4 wl0.1 wl1.1
br2 no vlan5 wl0.2 wl1.2
br3 no vlan6 wl0.3 wl1.3
br4 no vlan3
On this setup, I check VLAN1 on port 3 as well.
With this setup, I do not connect to base at all.
I know this is a lot to think through, but any help, ideas to try is appreciated.
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Mon Jan 09, 2023 17:01 Post subject:
So your Asus is setup as a Wireless Access Point (WAP) and port 3 is your trunk port?
Please show a screenshot of your Switch Config tab and Networking tab.
I once made a setup like this, I attach my personal notes, you only have to take note of the setup for the secondary router which is also Broadcom Northstar so should work the same.
Note how I setup a WAP
You should also enable the trunk for VLAN1 (not for VLAN2, better not use the WAN port) but as this is tagged you have to make sure it is also tagged on your Pfsense.
Ok, after reading through your setup, I think I actually have everything setup right. I don't see a way (yet) in pfSense to tag the main LAN network with a vlan tag. So maybe I simply can't get that to work from my APs. I'm sure I could just assign VLANs to a different outgoing port, then connect that to the trunk port (tagged) on the Routers, and put the LAN port from pfsense to the WAN port on the router, maybe that would work.
Anyway, something for me to investigate. I appreciate the uploaded doc, and the helpful hints.
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Mon Jan 09, 2023 18:06 Post subject:
Unfortunately I cannot help you with PFsense.
It is possible to add VLAN1 untagged to the trunk port but that has to be done with swconfig (=manually) and that is something which is variable between routers so no one size fits all.