Getting a pfSense router, an EAP225 Access point, and a Cisco 3650 to work together on vlan

Getting a pfSense router, an EAP225 Access point, and a Cisco 3650 to work together on vlan

Getting a pfSense router, an EAP225 Access point, and a Cisco 3650 to work together on vlan
Getting a pfSense router, an EAP225 Access point, and a Cisco 3650 to work together on vlan
2024-03-20 19:07:57
Model: EAP225  
Hardware Version: V1
Firmware Version:


I'm trying to expand my network and setup a separate SSID on its own vlan.  In the tplink Oomada software I created the ssid and assigned it vlan10 on an EAP225 access point. This access point is on switch port 2 of a cisc0 3650.
On pfSense I made a vlan interface under the lan interface, gave it ip 192.168.10.1/24 and dhcp range of .10 to .100. This is on switch port 1 of the same cisco 3650. 192.168.0.1 is my normal pfsense lan ip.

What are the cisco commands to bridge the gap so to speak? I've tried:

 


interface vlan10
ip address 192.168.10.2 255.255.255.0
ip helper-address 192.168.0.1


interface gi0/1
switchport mode trunk
switchport trunk allowed vlan 1,10


interface gi0/2
switchport mode trunk
switchport trunk allowed vlan 1,10

Am I incorrect in thinking I need to have a trunk port where wifi access point connects (as it will have multiple ssid's, each with a separate network range and vlan) along with a trunk port where pfSense connects? Or am I just out in left field altogther.

 

I've been stumbling around for a few days and would appreciate anyone that point me in the right direction. All I've managed to do so far is block traffic and have to move cables to reconnect everything so I can undo what I just tried. My family is getting tired of me breaking wifi. Thanks in advance.
 

  0      
  0      
#1
Options
9 Reply
Re:Getting a pfSense router, an EAP225 Access point, and a Cisco 3650 to work together on vlan
2024-03-20 20:30:02

  @Sym 

 

You need those trunk ports and they look fine, but you do not need the ip address and ip helper in vlan10.

Kris K
  0  
  0  
#2
Options
Re:Getting a pfSense router, an EAP225 Access point, and a Cisco 3650 to work together on vlan
2024-03-20 20:58:49

  @Sym 

 

II don't know anything about pfSense  routers, but on TP-Link and Unifi, VLAN1 is always untagged in the background. i'm not really sure but i think you have to have vlan1 untagged to make it work., i would try with this config.

 

 

Link between router and switch

 

interface gi0/xx

description Link to pfSense
switchport trunk native vlan 1

switchport mode trunk

 

interface gi0/1
switchport trunk native vlan 1
switchport mode trunk
switchport trunk allowed vlan 1,10


interface gi0/2
switchport trunk native vlan 1
switchport mode trunk
switchport trunk allowed vlan 1,10
 

  0  
  0  
#3
Options
Re:Getting a pfSense router, an EAP225 Access point, and a Cisco 3650 to work together on vlan
2024-03-20 21:29:10 - last edited 2024-03-20 21:30:42

  @MR.S 

 

Thanks. I'm making progress finally. I wiped away what I had and used your config settings. I have normal wifi access but when I attempt to connect to the vlan ssid on my android phone it says

 

Connecting, then checking quaility of internet connection, and then disconnects.

 

I set a static ip on the vlan network to get that. If I set dhcp it just sits a minute with no message and then disconnects. I can connect to other non-vlan ssid's fine.

 

 

I have gi0/45 as the link to pfsense and gi0/2 the port for the EAP225. Those are the only ports I'm dealing with atm.

  0  
  0  
#4
Options
Re:Getting a pfSense router, an EAP225 Access point, and a Cisco 3650 to work together on vlan
2024-03-21 04:30:24

  @Sym 

 

To me, it seems that there are problems with the configuration of vlan on the pfsence router.
you should check that it is in order, I can't help you there, double check the router configuration. that's where VLANs start.

 

  0  
  0  
#5
Options
Re:Getting a pfSense router, an EAP225 Access point, and a Cisco 3650 to work together on vlan
2024-03-21 17:22:53

  @MR.S 

 

Well, the OP is trying to use the 'ip helper' (L3) having a trunk link (L2). Also, pfSense may not even support routed DHCP requests. 

Kris K
  0  
  0  
#6
Options
Re:Getting a pfSense router, an EAP225 Access point, and a Cisco 3650 to work together on vlan
2024-03-21 17:33:35

Thanks to everyones advice. I was able to get everything working as I needed. 

  0  
  0  
#7
Options
Re:Getting a pfSense router, an EAP225 Access point, and a Cisco 3650 to work together on vlan
2024-03-21 20:21:44

  @Sym  and the solution was ?

  0  
  0  
#8
Options
Re:Getting a pfSense router, an EAP225 Access point, and a Cisco 3650 to work together on vlan
2024-03-21 20:33:13

  @MR.S 

 

Trial and error mostly. I wiped the configs in the switch, re-created the vlans in pfsense, and re-created the ssid in omada. I found some youtube videos with some additional cisco commands to check my config and was finally able to get everything to line up. Trying to configure the trunks on a different port and move the cables over was probably the biggest mistake I was making. The trunk info in the switch wasn't showing until the link is active. I was attempting to avoid breaking stuff until I could verify the config, and the changes I made weren't appearing to take effect properly. They changes were actually saving, they just weren't reporting it until I had the link live.

  0  
  0  
#9
Options
Re:Getting a pfSense router, an EAP225 Access point, and a Cisco 3650 to work together on vlan
2024-05-19 06:53:41

  @Sym 

 

Hi there

could you please give me that youtube link. I have the same problem with EAP225,Omada controller, Cisco switch 2960 and Sophos firewall DHCP service.

  0  
  0  
#10
Options