I have an Opnsense router, feeding to a Mikrotik switch CSS-610-8G.
The switch then goes out to a variety of nodes throughout the building. All subsequent switches in the network are dumb switch's.
The main DCHP server on the router is configured to 192.168.1.0/24 with a pool of 192.168.1.50-150.
I have one VLAN (20) established for Wifi Guest access. Firewall rules set accordingly. The DCHP server for this VLAN is 192.168.2.0/24 with a pool assigned.
The AP's are TP-Links, which have been set up to use VLAN 20 on the guest SSID. The private SSID is set to not use VLAN tags at all.
This works perfectly, except anything connecting to the guest SSID (VLAN 20) cannot get assigned a DCHP address. The private SSID works fine. The log in the router says it is seeing the wireless device connect, and the DHCP is assigning an IP, but that doesn't appear to be making it to the wireless device, which times out.
If I assign a IP statically to the wireless device before connecting to the guest SSID, it also works as intended.
Here is the odd thing. If I replace the CSS-610-8G with a standard consumer grade dumb switch, it all works perfectly fine. I've been looking through the options in swOS, but from what I am able to tell, it should be allowing all VLAN traffic on all ports. There should be nothing restricting packets with or without VLAN tags from routing where they please.
Any help would be appreciated.