GL-MT300N Access Point set up problem

Hi,

Trying to get a GL-MT300N (latest firmware) set up as an access point for my IoT devices however I'm having issues which I cannot figure out.

My network is as follows:
Opnsense router into a managed switch.
Number of devices on LAN (10.8.4.0/24) however VLAN 20 on port 7 and the router.
VLAN 20 has DHCP enabled for the subnet of 192.168.20.0/24
IoT devices connected to the Mango and all on 192.168.20.0/24 & separate from 10.8.4.0/24.

In the standard conf of router mode the Mango gets assigned an IP via the WAN (192.168.20.20) and I can connect to it wirelessly (192.168.8.1) however it says no internet. I read that this is because the WAN will likely be blocking private networks (can't seem to disable this in the Mango GUI).

Have tried placing the Mango into AP mode however when this happens it doesn't get assigned an IP via the VLAN20 DHCP on Opnsense and any devices which connect via WIFI also wont be assigned an IP dynamically.

This doesn't seem like a complicated problem but for whatever reason it won't work as expected.

Any suggestions gratefully received!

Does the VLAN20 have tag of the managed switch? if yes, require to entry the VLAN ID of the WAN in the MT300N.

Try to connect a PC directly to the VLAN20 port to test, to see if it works.

So VLAN20 runs between the Opnsense router and port 7 on the switch. Port 7 has the PVID set to 20.

When in router mode the Mango accepts an IP from the Opnsense DHCP running on VLAN20, so they can communicate.

When it's in access point mode the DHCP from Opnsense VLAN20 has no impact on the Mango WAN port or any other device connected to the Mango WiFi.

In my head access point mode means the Mango runs as if it's a WiFi AP, but I may be mistaken?

Right.

Is it tagged or untagged from the VLAN 20 of the Opnsense?

VLAN20 from Opnsense is tagged and goes to port 7 on the switch which is untagged with a PVID of 20. The Mango connects the WAN to port 7.

Opnsense connects to port 1 on the switch, untagged as native VLAN1 and tagged as 20 for VLAN20.

Port 7 is excluded from the native VLAN1.

Hope that makes sense.

This post is what I'm trying to achieve except the Mango is on VLAN20 / different subnet and the Brume is my Opnsense router/switch.

Thanks for the clarify.

The quote thread you copied, the different place is the VLAN he was not but you are.

Seems there are not any wrongs in your topology in the VLAN. The VLAN only work from the Opensense to switch.

May I know other APs device work well with this switch port?

So interestingly the Mango works as expected when in router mode and connected to another switch port (so on the 10.16.5.0/24 subnet) and devices connected via WiFi on the 192.168... subnet work and can communicate with the internet.

I'm guessing it's an issue with VLAN configuration so I'll need to explore that, but it is strange. When plugged into the VLAN port it will pick up an IP address via the DHCP on the Opnsense VLAN interface so there is some communication there. Very confusing!

I feel like its maybe a NAT issue?

I can't see any relevant traffic being blocked by my firewall, eg between Opnsense and the Mango. Only traffic I do see is if I try to connect to the Mangos UI via it's WAN address from the native LAN, which the Mango obviously blocks.

VLAN seems to be properly configured seeing as the Mango can get an IP via the VLAN DHCP on Opnsense. However will not get an address if in AP mode. If the IP is static and then AP mode enabled there is still no communication, even connected WiFi devices won't pick up an address from the Mango.

In router mode I can ping the Mango from Opnsense.

I can't seem to get any data from the Mango flowing back through the Mangos WAN. If I connect to the Mangos WiFi and try to access Google I can see on the Opnsense firewall logs nothing is moving between the Mango and the DNS on Opnsense or the Mango and the Opnsense WAN.

I guess the VLAN ID of the Mango interface LAN (WAN) probably also require adding the ID 20 when it works as the AP.

Is it tagged or untagged VLAN?