Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DHCP issue in VLAN

I have a router on a stick setup i guess

Multi-WAN doing a load balancing in pfSense
5 Vlans setup on one interface and 1 DMZ setup on another interface
Vlan 1 being used for Management w/o DHCP Server
Vlan 24 for intranet Wifi w DHCP Server
Vlan 30 for intranet w/o DHCP Server
Vlan 50 for Public Wifi w DHCP Server
Vlan 100 for Ubiquiti ToughSwitch and APs, w DHCP Server
Now, the Vlan goes to a Cisco SG500X switch in port 1, trunk mode, Vlan 1UP, 24T, 30T, 50T, 100T
port 35, trunk mode, Vlan 1T, 24T, 30T, 50T, 100UP, goes to Ubiquti ToughSwitch
In Ubiquiti ToughSwitch, Vlan 1, 24, 30, 50 all tagged and 100 untagged
ToughSwitch goes to UAPs with Vlan 24, 30, 50

Now, my problem is, I'm not able to ping any of the APs
I'm not able to SSH to any of the APs
It's like being isolated

In my firewall settings, I allowed all traffics but still no luck
Can anyone give me some lights here please?

THANKS!

  • LAN Switching and Routing
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

PLEASE USE THE IP ADDRESSES

PLEASE USE THE IP ADDRESSES AS YOU WANT

########## Config on SG-500 ########################
interface vlan 1
 ip address 192.168.5.2 255.255.255.0 (PFsense_FWAL_subnet)
 no ip address dhcp 
 ip dhcp relay enable 
 bridge multicast forward-all add gi1/1/1,gi1/1/44,gi2/1/36 
!
interface vlan 24
 name "Internal Wifi" 
 ip address 192.168.3.1 255.255.255.0 (Wifi)
 ip dhcp relay enable 
 bridge multicast forward-all add gi1/1/44,gi2/1/36 
!
interface vlan 30
 name DMZ 
 ip address 192.168.4.1 255.255.255.0 (DMZ)
 ip dhcp relay enable 
 bridge multicast forward-all add gi1/1/44,gi2/1/36 
!
interface vlan 50
 name All 
 ip address 192.168.2.10 255.255.255.0 (ALL)
 bridge multicast forward-all add gi1/1/44,gi2/1/36 
!
interface vlan 100
 name Management 
 ip address 192.168.6.1 255.255.255.0 (For AP)
 ip dhcp relay enable 
 bridge multicast forward-all add gi1/1/1,gi1/1/44,gi2/1/36 
!
interface vlan 200
 name vMotion (Vmotion)
 ip address 192.168.7.1 255.255.255.0 (v
 bridge multicast forward-all add gi1/1/44,gi2/1/36 
!
interface gigabitethernet1/1/1
switchport mode access
switchport access vlan 1
description (Connect-to-pfsense-FWAL)
!
interface gigabitethernet1/1/2
switcport mode trunk
switchport trunk allowed vlan add 24,30,100,200 
description (Coonect-to-UBI-Switch)
!
ip routing
!
ip route 0.0.0.0 0.0.0.0 192.168.5.1 (PF-sense-IP)
#######################################################

############## Config on PFsense ######################

Add routes for all the subnets 

192.168.2.0 255.255.255.0 192.168.5.2-->(Switch IP)
192.168.3.0 255.255.255.0 192.168.5.2-->(Switch IP)
192.168.4.0 255.255.255.0 192.168.5.2-->(Switch IP)
192.168.5.0 255.255.255.0 192.168.5.2-->(Switch IP)
192.168.6.0 255.255.255.0 192.168.5.2-->(Switch IP)
192.168.7.0 255.255.255.0 192.168.5.2-->(Switch IP)


#######################################################

############## Config on UBIswitch ####################


interface gigabitethernet x/x/x
switcport mode trunk
switchport trunk allowed vlan add 24,30,100,200 
description (Coonect-to-cisco-SG500)
!
int gi x/x
switchport mode access
switchport access vlan 100
description (Connect-APS)
!
int gi x/x
switchport mode access
switchport access vlan 100
description (Connect-APS)

########################################################

12 REPLIES
New Member

(L3-V100)FW<---trunk(tag-L2

(L3-V100)FW<---trunk(tag-L2-V100)--->cisco<--trunk(tag-L2-V100)-->ubiswi-->access-port-V100 to AP

Please check you config as above

 

New Member

tag v100 and untag v1?

tag v100 and untag v1?

New Member

The problem is that my AP

The problem is that my AP needs to have access to Vlan 24, 30, 50 too

Do I need to setup DHCP relay or server in SG500X?

New Member

If you are doing L3 routing

If you are doing L3 routing on FW correctly, then it should work without any problem.

Please do the trace route from your AP

 

I would say that your problem

I would say that your problem lies with the SG500x.  If I'm not mistaken, these switches don't support VTP, and I don't know anything about Ubiquiti switches.  The symptom appears to be that you have vlan trunking issues.

Perhaps by chance you were able to get vlans trunked down transparently to the SG500x...  Have you confirmed that the Ubiquiti switch sees these vlans?  I don't know how you'd do that, but this wreaks of an L2 issue.

 

Please rate if helpful.

New Member

Current setup like thisThank

Current setup like this


Thank you very much
I'm new to VLAN and Layer 3 Switches
Previously we only have Layer 2 Switches and it runs without any issues
After we change out 2 Layer 2 Switches and replaced with 2 Layer 3 Switches stacked together, I'm no longer able to see those APs from pfSense

New Member

Please see attached.

Please see attached.

New Member

I'm sorryI don't quite

I'm sorry

I don't quite understand
I'm a newbie in VLAN

Can you be more specific please?

Thank you very much

New Member

I am presuming that you have

I am presuming that you have created all L3 vlans on pfsense firewall, and if that is the case, then Please follow this link: 

https://www.highlnk.com/2014/06/configuring-vlans-on-pfsense/

Please check the VLAN and FIREWALL settings.

If you can send some snapshot from your pfsense firewall it would be great to find the issue.

 

747
Views
0
Helpful
12
Replies
This widget could not be displayed.