01-16-2021 05:36 PM - edited 01-16-2021 05:37 PM
I managed to get my hands on an old Catalyst so I'm attempting to use an old UniFi AP for my IOT network, along with a guest network but I can't figure out how to properly configure the switch.
I have a PFSense install connected to a ge port on the switch, with the AP connected to one of the fe ports on the switch.
I have 3 vlans, 10(IOT), 20(Guest), and 99(Management).
From what I've read, I need to configure the port to be a trunk port, but that doesn't seem to work.
So I set fe0/2 and ge0/2 to trunk (switchport mode trunk)
And then I set them to allow all vlans (switchport trunk allowed vlan all)
I even set encapsulation to be dot1q (switchport trunk encapsulation dot1q)
I'm pretty sure I'm missing something, or entirely miss the point of trunking?
Solved! Go to Solution.
01-17-2021 11:26 PM
Having read the complete discussion again I agree that both fa0/2 and G0/2 should be configured as trunks. The immediate problem is that G0/2 is configured as an access port. Once G0/2 is configured as a trunk then the switch part should be ok. If it still does not work then it would be either an issue with pfSense or with the WAP.
01-16-2021 05:45 PM
Sounds like a pretty straightforward router-on-a-stick topology.
Have you configured your VLANs properly on the pfSense appliance?
What are you unable to do/connect to?
01-16-2021 06:42 PM
I'm unable to connect to the VLANs at all and the AP isn't handing out IPs. I think I have the router set up correctly, I've got 4 subnets total: LAN which is connected to my actual switch, no VLANs or anything complicated. Firewall rules allow LAN traffic everywhere
VLAN 10, 20 which is restricted
VLAN 99 which allows traffic everywhere.
DHCP server is set up for each subnet
This was working when I wasn't using VLANs on the Catalyst, I just had OPT1 instead of VLANs.
01-16-2021 06:51 PM
Sounds like a potential pfSense misconfiguation which would make this an inappropriate forum...
Lawrence Systems on YouTube has some thorough pfSense VLAN setup guides.
The switch configuration sounds correct, meaning the way you've implemented trunking on the pfSense and WAP links should be passing traffic from all VLANs configured on the Catalyst.
01-16-2021 11:01 PM
Hello,
can you post the output of:
show vlan
from the Catalyst switch ?
01-17-2021 11:14 AM - edited 01-17-2021 11:52 AM
cisco>show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/2
10 IOT active
20 LCHR active
99 MGMT active
100 BLACKHOLE active Fa0/1, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gi0/1
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
99 enet 100099 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
I imagine I'm supposed to see ports assigned to the VLANs but for some reason I'm not despite the command: switchport trunk allowed vlan all for f0/2 and g0/2
01-17-2021 11:17 AM
The output of show vlan is helpful and shows that no ports are assigned to the vlans that you want to use. For those ports that will have network hosts connected to them they should be configured as access ports (not trunk ports) and assigned to the appropriate vlan.
01-17-2021 06:59 AM - edited 01-17-2021 07:00 AM
Hello
Is the psfence running the L3 addressing for the vlan 10,90,99
Have you created the L2 vlans on the switch for vlan 10,90,99
Do you have a trunk on the switch that's connecting to the psfence
What device is servicing dhcp
The AP can connect to he switch via a access port or trunk depending on if you want it to advertise ssid for a singe vlan of multiple vlans
01-17-2021 11:14 AM
show vlan is a good way to start figuring this out. I would also ask for the output of these commands from the Catalyst switch
show interface trunk
show interface status
01-17-2021 11:50 AM
cisco>show interface trunk Port Mode Encapsulation Status Native vlan Fa0/2 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/2 1-99,101-4094 Port Vlans allowed and active in management domain Fa0/2 1,10,20,99 Port Vlans in spanning tree forwarding state and not pruned Fa0/2 1,10,20,99
cisco>show interface status Port Name Status Vlan Duplex Speed Type Fa0/1 disabled 100 auto auto 10/100BaseTX Fa0/2 connected trunk a-full a-100 10/100BaseTX Fa0/3 disabled 100 auto auto 10/100BaseTX Fa0/4 disabled 100 auto auto 10/100BaseTX Fa0/5 disabled 100 auto auto 10/100BaseTX Fa0/6 disabled 100 auto auto 10/100BaseTX Fa0/7 disabled 100 auto auto 10/100BaseTX Fa0/8 disabled 100 auto auto 10/100BaseTX Fa0/9 disabled 100 auto auto 10/100BaseTX Fa0/10 disabled 100 auto auto 10/100BaseTX Fa0/11 disabled 100 auto auto 10/100BaseTX Fa0/12 disabled 100 auto auto 10/100BaseTX Fa0/13 disabled 100 auto auto 10/100BaseTX Fa0/14 disabled 100 auto auto 10/100BaseTX Fa0/15 disabled 100 auto auto 10/100BaseTX Fa0/16 disabled 100 auto auto 10/100BaseTX Fa0/17 disabled 100 auto auto 10/100BaseTX Fa0/18 disabled 100 auto auto 10/100BaseTX Fa0/19 disabled 100 auto auto 10/100BaseTX Fa0/20 disabled 100 auto auto 10/100BaseTX Fa0/21 disabled 100 auto auto 10/100BaseTX Fa0/22 disabled 100 auto auto 10/100BaseTX Port Name Status Vlan Duplex Speed Type Fa0/23 disabled 100 auto auto 10/100BaseTX Fa0/24 disabled 100 auto auto 10/100BaseTX Gi0/1 disabled 100 auto auto Not Present Gi0/2 connected 1 a-full a-1000 10/100/1000BaseTX SFP
gi0/2 looks like it's not a trunk. Can you only have 1 trunk port? My understanding if I want multiple VLANs on a port, it should be a trunk port, but it looks like the trunk mode was removed for some reason
01-17-2021 11:16 AM
Yeah, I found this video confirming all the steps I did were correct.
01-17-2021 12:08 PM
@ApathiaLol wrote:gi0/2 looks like it's not a trunk. Can you only have 1 trunk port? My understanding if I want multiple VLANs on a port, it should be a trunk port, but it looks like the trunk mode was removed for some reason
Gi0/2, your pfSense link, needs to be trunked. That's a misconfiguration.
01-17-2021 12:18 PM
Does Fi0/2 need to be trunked too?
01-17-2021 12:26 PM
@ApathiaLol wrote:Does Fi0/2 need to be trunked too?
The AP link can be trunked to carry all VLANs, yes. Not necessarily need to be. There are additional port configuration options to carry more than one but not all VLANs. (With even further additional configuration possible from there).
But for the topology you've indicated you're designing, short answer: yes. Both Fa0/2 and Gi0/2 should be trunked in order to properly pass traffic all the way up the 'stick' to the pfSense appliance which is performing your inter-VLAN routing.
01-17-2021 08:35 PM
We need information about what device is connected on which port.
The output of show interface status shows that only 2 ports have a connected device. fa0/2 is connected to something (but what ??) and is configured as a trunk. G0/2 is configured as an access port in vlan 1 (what is connected here??)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide