I’m probably missing something painfully obvious. I’ve got a completely new setup, route10, s8poe, 2x ap6pro on the public controller.
I’m attempting to create a VLAN for WiFi, and it works to access public internet, but I cannot figure out how to route it back so it has access to other VLANs as well. Right now I’m in the beginning stages of separating out my network, so most everything is on VLAN 1, but I will need to be able to route between VLANs as I work towards separating everything.
Generally it should just work if you’re using pretty default settings. Any chance you could post some screenshots of the WiFi and Network settings to help with troubleshooting a bit more? If it’s something pretty simple hopefully someone can spot the issue real quick 
Here’s some screenshots:
Network:
Networks:
I have no static routes, and nothing other than defaults setup in the firewall.
I’m also running into an issue where DHCP appears to not be handing out proper dns servers (the servers are on vlan1).
Disregard the DNS comment, I think that was an issue with recursion settings on my DNS servers not allowing the proper IPv6 DHCP range.
OK, cool, looks pretty fine to me off hand. Since VLAN 105 is isolated, what’s happening if we try to ping from a device on VLAN 1 to VLAN 101? Or vice-versa?
One thing I’m curious to try since there’s only the one WiFi password right now, is instead of setting the VLAN in the Alta Pass drop down, maybe instead remove it from there and set it under the Advanced settings Default Network VLAN field. Just something I noticed about how I have WiFi networks setup in my sites. I don’t think it should make a difference but it might be worth trying out as a test 
The VLAN definition for the Guest WiFi, which is set to .0/24 could possibly create problems. Otherwise nothing obvious.
Good catch. I changed that, but still don’t see any change on the vlan 101 behavior.
So I can ping from vlan 1 to 101, but not the other way around.
I also attempted making 101 the default on the testwifi, no change there either.
Huh, weird! Is there any chance you could put one of the wired devices on 101 and see if there’s still a problem pinging back over to vlan 1? I assume nothing has been tweaked with the firewall rules or anything like that? Just trying to cover the bases
Could also be worth deleting the PrimaryWifi SSID and re-creating it just to see if there’s something weird going on like it didn’t get provisioned properly or something along those lines.
