cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1667
Views
0
Helpful
5
Replies

Unable to access the internet on guest VAP using WAP125 AP

kiekar
Level 1
Level 1

Hello,

I recently bought a WAP125 AP for my home/business setup to segregate my wifi network to a secure, guest and eventually an IoT network using VLANs.

 

My current setup is as follows. One cable from my pfSense box, igb2 port to port one on the TP-Link TL-SF105E switch then port 2 from switch to the wap125 AP.

 

I have both VLAN interfaces setup on pfSense VL10_wifi (192.168.10.0/24) and VL20_guest (192.168.20.0/24) with DHCP Servers setup for both VLAN interfaces, all open rule for both interfaces

 

Switch is setup as:

VLAN ID 10 has port 1 tagged and port 2 untagged. PVID has port 1 set to id 10 and port 2 set to id 10

VLAN ID 20 has port 1 tagged and port 2 tagged.

 

AP WAP125 setup:

                IPv4 static config: 192.168.10.2, gateway 192.168.10.1, DNS 192.168.10.1

                Radio 1: VLAN ID 1, SSID1

                             VLAN ID 20, SSID1_Guest

                Radio 2: VLAN ID 1, SSID2

                             VLAN ID 20, SSID2_Guest

 

On VLAN 10 I have no issues to access the internet. All devices receive an IP address from the DHCP server on the pfSense box. For VLAN 20, I’m unable to access the internet however the devices do get an IP address.

Is the problem caused by the tagged/untaged of radio 1 and 2 VLAN 20? Any help would be much appreciated.

 

Thanks,

1 Accepted Solution

Accepted Solutions

Sujoy Paria
Cisco Employee
Cisco Employee

Hi,

First, please check whether you are able to get the Internet access once you directly connect a PC/Laptop on pfSense VL20_guest (192.168.20.0/24) interface. In case that is working fine and you are not able to access the Internet upon connecting a Laptop on the VLAN 20 (DHCP Enabled) in TP-Link Switch then please verify whether the necessary route has been added on the pfsense and the TP-Link Switch (default route) to provide the Internet access. And in case the Internet is working fine on both the VLANs individually on the Switch but not on the VLAN20 SSID then you need to cross-verify the VLAN tagging on the AP connected port, you may change the tagging and check.

Note: As you have mentioned that you are able to configure VLAN tagging on the Switch port so it will be a manageable Switch where you can add the IP address / route detail.

View solution in original post

5 Replies 5

luis_cordova
VIP Alumni
VIP Alumni

Hi @kiekar ,

 

Only to discard:

do you Include the network of vlan20 in the NAT configuration?

 

Regards

Jaderson Pessoa
VIP Alumni
VIP Alumni
Hello,

Check on pfsense:
tab system > routing > static route, if there is a route for this vlan 20.
tab firewall > nat > outbound > check if there is a nat outbound to this network.

Best regards.
Jaderson Pessoa
*** Rate All Helpful Responses ***

Sujoy Paria
Cisco Employee
Cisco Employee

Hi,

First, please check whether you are able to get the Internet access once you directly connect a PC/Laptop on pfSense VL20_guest (192.168.20.0/24) interface. In case that is working fine and you are not able to access the Internet upon connecting a Laptop on the VLAN 20 (DHCP Enabled) in TP-Link Switch then please verify whether the necessary route has been added on the pfsense and the TP-Link Switch (default route) to provide the Internet access. And in case the Internet is working fine on both the VLANs individually on the Switch but not on the VLAN20 SSID then you need to cross-verify the VLAN tagging on the AP connected port, you may change the tagging and check.

Note: As you have mentioned that you are able to configure VLAN tagging on the Switch port so it will be a manageable Switch where you can add the IP address / route detail.

 

Hello and thank you for all your replies.

It turns out it was a rule issue with the vlan 10 interface. I'm now able to access the internet on both interfaces however I'm still testing to make sure.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: