Hello,
I have the following topology: OPNsense -(cable)-> Fritz!Box as WiFi AP -(WiFi)-> Fritz!Box Repeater -(cable)-> Unifi AP -(WiFi)-> Clients
The Unifi AP spans 3 WiFi networks:
1) Standard
2) Guest (VLAN 110)
3) IoT (VLAN 120)
In OPNsense, I created the VLANs, the interfaces and enabled DHCPv4 on the interfaces. I also added firewall rules.
If I connect to the standard WiFi (no VLAN), all is fine.
If I connect to either the Guest or the IoT network, I see at the OPNsense a DHCPDISCOVER and a DHCPOFFER from the respective VLAN in the logging; so I conclude that VLAN tagging is fine and the traffic comes (at least) to the OPNsense.
However I do not see a DHCPREQUEST nor a DHCPACK by the client on the VLAN. What I DO see is a ping from the client with the non-DHCP-given address (169.X.X.X) which is blocked and logged by my "block all" rule at the end of the firewall rule set. What I expect is a 10.0.110.X or a 10.0.120.X client IP address provided via DHCP based on the respective WiFi net / VLAN (110 or 120).
Any ideas what I am doing wrong?
P.S. Fritz!Box is planned to be replaced but this is my current test setup.
I have the following topology: OPNsense -(cable)-> Fritz!Box as WiFi AP -(WiFi)-> Fritz!Box Repeater -(cable)-> Unifi AP -(WiFi)-> Clients
The Unifi AP spans 3 WiFi networks:
1) Standard
2) Guest (VLAN 110)
3) IoT (VLAN 120)
In OPNsense, I created the VLANs, the interfaces and enabled DHCPv4 on the interfaces. I also added firewall rules.
If I connect to the standard WiFi (no VLAN), all is fine.
If I connect to either the Guest or the IoT network, I see at the OPNsense a DHCPDISCOVER and a DHCPOFFER from the respective VLAN in the logging; so I conclude that VLAN tagging is fine and the traffic comes (at least) to the OPNsense.
However I do not see a DHCPREQUEST nor a DHCPACK by the client on the VLAN. What I DO see is a ping from the client with the non-DHCP-given address (169.X.X.X) which is blocked and logged by my "block all" rule at the end of the firewall rule set. What I expect is a 10.0.110.X or a 10.0.120.X client IP address provided via DHCP based on the respective WiFi net / VLAN (110 or 120).
Any ideas what I am doing wrong?
P.S. Fritz!Box is planned to be replaced but this is my current test setup.