Access Points failing to tag traffic for VLAN 43 - VLAN 33 and 113 work correctly
Product: Omada Controller + EAP Access Points + TL-SG1218MPE switch
Issue Description:
I have a pfSense firewall/router with multiple VLANs configured. The following VLANs are working correctly:
-
VLAN 33 (Staff network) - Works via SSID "KAOWiFi"
-
VLAN 113 (Guest network) - Works via SSID "KAO-Guest" (Guest mode enabled)
However, VLAN 43 (OfficeIoT) does NOT work on ANY SSID I create.
What I have verified:
-
pfSense configuration is correct - VLAN 43 interface is up (192.168.43.1/24), DHCP server is running with pool 192.168.43.150-199, and static reservations exist
-
Switch configuration is correct (TL-SG1218MPE):
-
Ports 3 & 4 (connected to APs): VLAN 43 = Tagged, PVID = 1
-
Port 10 (wired device): VLAN 43 = Untagged, PVID = 43
-
Port 1 (connected to pfSense): VLAN 43 = Tagged, PVID = 1
-
-
Wired device on VLAN 43 works - A fingerprint device (TA500) on port 10 gets IP 192.168.43.3 successfully
-
Packet capture on pfSense shows VLAN 43 traffic from the wired device, but NO DHCP discover packets from WiFi clients trying to connect to VLAN 43 SSIDs
-
I have tried:
-
Creating a brand new SSID (TEST-VLAN43) with VLAN 43
-
Enabling Guest mode on the test SSID
-
Adding an "Allow All" firewall rule on pfSense for VLAN 43
-
Rebooting the Access Points
-
Result: When any device (phone, Smart TV) tries to connect to a VLAN 43 SSID, it fails to obtain an IP address. The device connects to the SSID but never receives a DHCP lease. The same devices connect successfully to VLAN 33 and VLAN 113 SSIDs.
Question: Why are my Access Points failing to tag client traffic with VLAN 43 when they correctly tag VLAN 33 and VLAN 113? Is there a known limitation or bug with certain VLAN IDs on Omada APs?
Environment
-
Omada Controller version: OC200 1.0 1.40.18 Build 20260506 Rel.74003 (Stable)
-
EAP firmware version: EAP670(EU) v2.0 v1.3.7
-
Switch: TL-SG1218MPE 5.0 1.0.0 Build 20230616 Rel.57668
