PF-Sense Firewall
-Sets up 3 VLANs, vlan ids 1,3,5.
(1 is for everything, 3 is for IOT devices, 5 guest network)
-PF-Sense provides dhcp addresses for the three separate networks (DNS routing etc are all handled by the pfsense firewall)
In my network I currently am running two Netgear R7800s non-DSA wireless routers. They present 3 wireless networks: MyNetwork, Guest and IOT (called guest1). VLAN 3 and 5 (guest and IOT) are tagged and VLAN 1 the (everything else network) is untagged. Each of the three wireless networks gets the correct IP from the PFSense router and this just works. It has worked for years since 18.x.x at least....
Now when I try to replicate this in a Netgear R6230 DSA capable router:
I can set up the 3 interfaces.
I can set up two 802.11q devices and I get dished the correct IPs
However, as soon as I turn on Bridge VLAN Filtering I loose access to the bridge and consequently the box and I have to reset the box. (I have tried every permutation I can think of, of tagged and untagged with the same result every time)
I get this same issue/behavior also on a Linksys WRT1200AC on 21.02, and a Belkin RT3200 on the latest snapshot...
if i understand correctly, VLAN1 (untagged) is a management
did you try to temporary assign IP on Vlan 3 or 5 for management and left out untagged Vlan1?
basically, to try pure tagged (trunk) network ?
that way you could sort out problems with mixed (tagged/untagged) ports
hmmm
last thing what i could suggest
try make one independent WIFI interface and left it out from vlan/bridge filtering, this way you could access to AP , then you could make diagnostic from there
Yes... That is a good idea was considering doing that... Will see if I can figure out something using this as a back door... Should speed troubleshooting...
as soon as I turn on Bridge VLAN Filtering I loose access to the bridge and consequently the box
Which is exactly what happened to me on a WRT32X when I forgot to change the device in the LAN interface to br-lan.1 before applying the VLAN filtering changes
By the way, you don't have to reset your device if you mess this up, at least I didn't - I just waited the 90 seconds, and let the changes revert - also, you say
I never created 802.1q devices - creating the VLANs does that for you
Don't feel like that, br-lan is the default, and there is no pointer/information about the consequence of enabling vlan filtering in that submenu on the device tab. And in the old days of swconfig this subtlety did not exist.
I went through the same 'learning' experience ;), so either I should feel like fool as well or neither of us should.
Thank you both sooooooo much for helping me on this. I have a WRT3200ACM, pfSense, and a Netgear managed switch. I was able to connect a PC to the ethernet port I had the AP attached to and would join the vlan with no issues. But whenever I enabled vlans on the AP, I lost connectivity. I too would reset the router, not knowing I could just wait two minutes.
I now have vlan1 for management and untagged traffic and vlan10 for my soon to be enabled iot wireless ap. All I had to do was set the lan interface device to the correct br-lan.1.
I have been fighting with this for three weeks, so when I realized what I was doing wrong, I did in fact feel like a fool. lol.
