Reply
Highlighted
New Member
Posts: 6
Registered: ‎05-27-2017
Accepted Solution

Vlan works locally but not over powerbeam

I have a vlan configured for one of my ssid's that aligns with a specific virtual interface I created in pfsense. When I connect to that ssid at the location that houses the router, everything works fine. But, when I try to connect at a location that connects to the primary site through a powerbeam, my clients are constantly stuck trying to obtain their up address.

To recap, this configuration works
Router <-> unmanaged switch <-> unifi ap

This configuration does not
Router <-> unmanaged switch <-> powerbeam <-> unifi switch 8 <-> unifi outdoor ap

Everything else works at the remote location: the standard untagged ssid works just fine. I'll post some screen caps when I get to a computer, but all the access points are configured for "all" vlans and the power beams have no vlans configured in them, they are just pass through.

Does anyone have a suggestion of where to start debugging this?

Accepted Solutions
Member
Posts: 182
Registered: ‎09-24-2009
Kudos: 51
Solutions: 4

Re: Vlan works locally but not over powerbeam

Oh okay, that could be the problem then.

 

UniFi will use the information you enter in the "Networks" section to configure the switch.

 

If that's not in there then that UniFi switch is probably not passing the vlan at all because UniFi hasn't told it what it needs to do.

 

I bet that fixes it.

 

Glad to help out.

 

Let me know how it goes.

View solution in original post


All Replies
Member
Posts: 182
Registered: ‎09-24-2009
Kudos: 51
Solutions: 4

Re: Vlan works locally but not over powerbeam

In this section here "Router <-> unmanaged switch <-> powerbeam <-> unifi switch 8 <-> unifi outdoor ap"

 

You aren't showing what the PowerBeam is connecting to.

 

Is it a station or an access point?

 

Is is in a PTP configuration?

 

If it is, you don't show the other side.

 

I use PowerBeams every day as WDS bridges in PTP scenarios and they pass vlans with no problems.

 

Maybe the problem is in whatever the PowerBeam is connecting to?

 

I think if I were trying to make the same thing work I would have put another UniFi switch instead of the unmanaged switch so UniFi would handle the trunking of vlans for me, speaking of that where is the UniFi controller in this?

New Member
Posts: 6
Registered: ‎05-27-2017

Re: Vlan works locally but not over powerbeam

Thanks for the response!

I'd like to get another UniFi switch, but don't have the budget for it right now (this is actually just sharing a network between a relative and me).

One powerbeam is configured as the AP, the other as a station. The connection is PTP and WDS is on.

Lets call the location with the router Location1 and the other site Location2. At Location1, I have the router running into the unmanaged switch, which has

1. My server that (among other things) houses the UniFi controller
2. My UniFi APs for Location1
3. Hardwired network for Location1 (this has multiple vlans going through it)
4. Powerbeam AP

At Location1, I can connect to the tagged ssid and untagged ssid with no problem. At location2, I can only connect to the untagged ssid, the tagged one times out trying to obtain an ip address.

At Location2, I have a UniFi switch with

1. Powerbeam Station
2. UniFi outdoor AP

The configuration for the outdoor AP shows the correct vlan configuration for the tagged ssid, but any attempts to connect time out.

I can take pics of the configurations too if that helps.
Member
Posts: 182
Registered: ‎09-24-2009
Kudos: 51
Solutions: 4

Re: Vlan works locally but not over powerbeam

Okay, I see.

 

It looks like to me though, the only way it can work the way you have it laid out is to have some way to trunk that vlan from your unifi switch 8 to the port on your pfsense box that has the vlan on it.

 

Does location 2 need the UniFi switch there for some reason?

 

If you don't need a switch at location 2 then I would take out the unmanaged switch and use the unifi switch in it's place then plug the powerbeam AP into a port there and just use POE's at location 2 and run a short cat5e cable between the POE's of the powerbeam STA and the UniFi AP at location 2 and see if that works.

 

Then the unifi switch would treat the port you have connected to the powerbeam AP as a trunk port and your UniFi AP could get it's tagged vlan packets back to your router.

New Member
Posts: 6
Registered: ‎05-27-2017

Re: Vlan works locally but not over powerbeam

Ah, so I did some reading and found out that trunk ports actually adds some more data to the tags in the packet, so I'm guessing the powerbeam sees the tagged packets coming to it, but they're not in the proper format for a packet from a trunk port, so it just drops the packet. Does that sound about right?

Unfortunately, the unmanaged switch is a 48 port, and I'm using most of the ports, so I can't just move the unifi switch over (also, the unifi switch is actually powering another powerbeam that goes to another house, but that detail isn't important other than to say the switch is needed at that location).

With that said, I got some older managed cisco switches (I believe they're catalyst 2960s) from work that I've been thinking about setting up (if they work). I may just have to get those in place and start using them instead of the unmanaged switch.
Member
Posts: 182
Registered: ‎09-24-2009
Kudos: 51
Solutions: 4

Re: Vlan works locally but not over powerbeam

Well no not really, trunk ports don't add to the packet the actual vlan does.

 

So when a data packet from a client connected to the unifi AP arrives at the AP the packet has the vlan data attached to it before it leaves the ethernet interface.

 

This is what is referred to as a "tagged" packet.

 

The exact same thing happens to a data packet leaving your vlan interface on your pfsense box.

 

When it leaves that interface it is "tagged" with that vlan.

 

With the powerbeams as long as they are WDS then they will 100% just pass the vlan through untouched so I don't think they could be the problem as I've used them and almost all Ubiquiti radios this way time and time again and they will pass the tagged packets untouched.

 

There is an exception to this as recently though they have discovered that the AC only radios will not pass vlans properly with the newest 8.1.3-RC firmware. By your description though, you are using regular M5 powerbeams correct?

 

Now where a trunk is involved is to help pass those "tagged" packets along untouched.

 

But with that being said, the UniFi controller should be taking care of that if it can see that 8 port UniFi switch when it's behind the power beams.

 

Does the UniFi controller show that 8 port switch at location 2 as online when it's behind the powerbeams?

 

Speaking of that does it see the AP at location 2 also?

 

The symptom of the clients not being able to pull a DHCP address proves that those vlan tagged packets are being untagged at some point in the chain when the clients are coming from location 2.

 

Your first config chain where the AP is directly connected to the unmanaged switch tells us that the unmanaged switch  isn't untagging the vlan packets because the clients are able to pull an address so that makes me thing that the packets are arriving tagged from the AP at location 2 then entering that 8 port UniFi switch and either upon entering it or exiting it those packets are having the vlan tag rippped off and become untagged packets after going through that switch which would make the vlan interface on the pfsense box ignore them and thus the clients couldn't pull a dhcp address.

New Member
Posts: 6
Registered: ‎05-27-2017

Re: Vlan works locally but not over powerbeam

[ Edited ]

Got it, you're correct, I misread some documentation about trunk ports to mean that they added a prefix on top of the tag as they passed data through.

Yes, the unifi controller at location1 is able to see and manage the unifi switch and unifi AP at location2.

I agree with your reasoning. Looking at the configuration for the Unifi switch, there's a panel for configuring the networks/vlans which is just set to "Native (LAN)" with no tagging. Should the vlan be configured here as a separate network? BTW, the port that the unifi AP is on at location2 is configured to let through all networks/vlans.

Member
Posts: 182
Registered: ‎09-24-2009
Kudos: 51
Solutions: 4

Re: Vlan works locally but not over powerbeam

Yes absolutely, you need a separate network created for the vlan you're wanting to use inside the UniFi controller.

 

Also, remember that your vlan tagged network has to be a separate subnet than your untagged or "native" network. Something like native untagged is 192.168.0.0/24 and tagged vlan is 192.168.1.0/24 

 

The gateways for these networks are the IPs you have on the pfsense interfaces. 

 

Although I am a fan, I don't use it so I can't really help out with the pfsense config.

 

Once that is setup then the UniFi controller will configure the UniFi access points and UniFi switches for you.

 

So to clarify, your pfsense box has a vlan interface on it that you created for the tagged network and IT is handling the DHCP services correct? This is the way I normally use UniFi. I don't use the DHCP services in it as I would prefer the router handle that.

 

If that's correct, then all you have to do is create the networks in the UnFi controller and it'll take care of the rest.

 

I just got through engineering two installs very similar to what your trying to do with the exception of I prefer to use Mikrotik routers.

 

So in the UniFi controller (I'm running 5.4.15 from a Cloud Key):

go to the setting icon at the bottom left

then go to "Networks" at the left and tell Unifi what your networks are but leave DHCP turned off

enter all the info for your untagged or "native" network and on the network you need tagged be sure and enter your vlan tag in the vlan section.

Also, I think you've already done this but in the Wireless section where you created your SSID make sure that the one you need tagged has the vlan tag info entered there as well.

New Member
Posts: 6
Registered: ‎05-27-2017

Re: Vlan works locally but not over powerbeam

[ Edited ]

Ok, that makes sense, I thought I originally just needed to add the tag to the ssid. I just VPN'd and added it, but I'll have to wait until I get home to actually test it.

 

Thanks again for all the help!

 

EDIT

To answer your question, yes I created a new interface in pfsense for the vlan and it is handling DHCP (I agree about letting the router handle such details).

Member
Posts: 182
Registered: ‎09-24-2009
Kudos: 51
Solutions: 4

Re: Vlan works locally but not over powerbeam

Oh okay, that could be the problem then.

 

UniFi will use the information you enter in the "Networks" section to configure the switch.

 

If that's not in there then that UniFi switch is probably not passing the vlan at all because UniFi hasn't told it what it needs to do.

 

I bet that fixes it.

 

Glad to help out.

 

Let me know how it goes.

New Member
Posts: 6
Registered: ‎05-27-2017

Re: Vlan works locally but not over powerbeam

THAT WORKED! Thanks again for all the help!
Reply