Hello.

With the setup below, I'm trying to have multiple VLANs going through a single network cable between my tplink switch and my pfsense. I had no problem doing so between my cisco switch and my pfsense. However, with TPlink I'm facing a very weird situation with my setup:

1. Hardware:

     - Pfsense on HUNSN

     - Switch TL-SG3452P

     - OMADA controller OC200

2. Setup

     - On Pfsense, I have the LAN interface on 10.1.1.0/24, with the GW on .254 and DHCP enable from .1 to .253. I've added vlan 20, that I linked to the correct igb. In Interface assignments, it reads "VLAN 20 on igbx - lan (VLAN 20)". I've then enabled that interface, with GW being 10.1.20.254/24, and DHCP enabled from 10.1.20.101 to .110.

     - On Omada: 

          - I've added the tplink switch. I then went to Settings -> wired networks -> LAN and I have created VLAN20, with purpose = VLAN. 

          - Then, still from Omada, I went to the tplink switch configuration -> ports, and configure port 2 with VLAN 20. Port 1 is "LAN" and port 48 -which is connected to the pfsense- is set to "All", which I believe is like "trunk" on a cisco switch. At least that is what I believe when I check ws is tagged and untagged in the "All" profile: LAN(1) is native and untagged, while VLAN_20(20) is tagged). Omada is connected to port 3, which is set to "All".

3. Result:

     - When I plug PC1 to port 1, it gets an IP in the range of 10.1.1.x/24. It can ping its own GW .254 and google 8.8.8.8 and can surf no problem.

     - When I plug PC2 to port 2, it gets an IP in the range of 10.1.20.x/24 ... but that is it !! It cannot even ping its own GW !

4. Very weird things:

     a) PC1 can ping 10.1.20.254 ... and PC2 10.1.20.100 !!

     b) If I swap the PCs, the problem remains on VLAN20

     c) If I put both PCs on ports on tplink with VLAN20, they both receive an IP in the 10.1.20.x range, still cannot ping their own GW, but can ping each other.

     d) On Omada, if I go back to Settings -> wired networks -> LAN and set up VLAN20 purpose to "interface", then I add 10.1.20.254 as GW then save, the behavior and problem are still the same.

     e) On Omada, if I go on the switch configuration -> VLAN interface, then I enable "VLAN_20", I can see via console connection on the tplink switch that it now has 2 IP addresses: still 1 on the range of VLAN1, and now also 1 on the range of VLAN20, but it then faces the same issue -> cannot ping its own VLAN20 GW.

I don't understand how a device can receive DHCP information from a DHCP server on a VLAN that is taggued on a trunk link set between the switch that device is connected to and the DHCP server/Pfsense, but then not able to ping/surf anywhere. 

Currently, only the devices linked to the vlan that is untaggued end-2-end can communicate no problem.

What am I doing wrong ? What am I missing ? 

Thanks in advance for your answers and help.

Best regards,

Nic.