pfSennse,switch replacement from tplink to Zyxel,VLans not working

ArmoredPCs
ArmoredPCs Posts: 11  Freshman Member
First Comment Friend Collector

Hello,

I have a pfSense as firewall-router on customers premise.

Replaced small TP-Link SG-2008 (8 Port) with Zyxel GS1900-24.

Upgraded to Latest Firmware etc,Vlans are not working on the replaced switch, everything was working on tplink thought.

Port 10 is the DVR in VLAN untagged and PVID 200

Port 12 is the Access Point, untagged 1 and tagged 100 to 102

Scenario is that the port 24 is the Uplink, VLAN ID 1 untagged all ports

VLan 100 Guest :all ports excluded,tagged only port 1,12 and 24

VLan 101 Guest :all ports excluded,tagged only port 1,12 and 24

VLan 102 Guest :all ports excluded,tagged only port 1,12 and 24

With this basic setup Vland and devices still are on the 1X.xx.30.0/24 subnet

pfSense doesn't detect traffic from the other VLans

*I will attach images, would be really helpful is someone told me if i miss something or wrong configuration.

same VLANS where working correctly before, checked uplink cable if correct port, rebooted firewall,router etc

Thank you.

Accepted Solution

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,567  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Answer ✓

    Hi @ArmoredPCs,

    Thanks for the MAC table. Thanks for the MAC table. I apologize for replying late I was doing a lab in my office.

    From your MAC table, I noticed the GS1900 only learns your pfSense on VLAN1 but no other VLANs like VLAN200. In my lab, my GS1900 learns my pfSense not only VLAN1 but also 20 and 100. My Client connects to port 18 which is in VLAN100.

    And my PC gets IP from VLAN100.

    Also, there is traffic on VLAN100.

    Could you help to check your pfSense setting and its NIC card setting, like VLAN and priority? Your issue is more likely on pfSense. The switch configuration should be good.

    Zyxel Melen


«1

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,567  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @ArmoredPCs,

    Could you help to check the MAC table if your devices are in the correct VLAN? The path is Menu > Monitor > Mac table.

    Zyxel Melen


  • ArmoredPCs
    ArmoredPCs Posts: 11  Freshman Member
    First Comment Friend Collector

    Hello, thanks for the reply, it seems some devices are right now on the ''correct'' vlans per the mac table.

    Looked on the arp table on pfsense but the IPs that the devices are getting are like of the VLAN1

  • PeterUK
    PeterUK Posts: 3,456  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Post the setup of the tplink

  • ArmoredPCs
    ArmoredPCs Posts: 11  Freshman Member
    First Comment Friend Collector

    Setup is the same just deferent switch

    LAN1 was the uplink tagged and then Tagged port 8 for the AP and untagged for port 7 DVR

    Both switch installations were made by me…

  • PeterUK
    PeterUK Posts: 3,456  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited September 10

    So devices are getting a IP just not from the right VLAN?

    Forbidden VLAN1 on all ports mainly 1, 10, 12, 24 with a port reserved to login

    The DVR on port 10 untag with PVID 200 should work

  • ArmoredPCs
    ArmoredPCs Posts: 11  Freshman Member
    First Comment Friend Collector

    Correct, they don't get the correct IP.

    I can see even the devices from advance IP scanner. and ping works ,even after configuring the vlans.

    Last time o configured a zyxel switch i didnt had such hassle.

    Only problem is i am through VPN and i fear that if i change the VLAN ports as you said i will lose the management to the switch since port 24 is the uplink,tried to change to forbiden the port 10 but no change.

    Scenario is that VLAN1 is the managment and intenal network ,we manage the switch from there and the AP.

    Only the DVR and other 3 Wifi (guest,Iot,employees) need to be on a vlan

    There is another WIFI with vlan1 that the owner even when i am there can connect and do maintenance.

  • PeterUK
    PeterUK Posts: 3,456  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited September 10

    It seems like the AP's don't have a VLAN if devices are getting a IP on the untag VLAN1

  • ArmoredPCs
    ArmoredPCs Posts: 11  Freshman Member
    First Comment Friend Collector

    WiFi before was working correctly with the same configuration on the AP

    Its not the first time doind vlans with access poin etc

    My main problem is like its not feeding the VLANS to to the switch etc

    I have tried every combination of settings.

  • PeterUK
    PeterUK Posts: 3,456  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    So your going to have to go on site to fix it because they have done something on the other end.