hello
i have a unifi AP on port 3 on my Switch
the Switch is connectetd over port 10 to the opnSense FW
the Switch also have some normal LAN Ports.
so i have done a Trunk on both Port 10 or 3
now i have triyed this but all other port on the Switch did not work any more
so will i have to config also the default VLAN on the opnSenseFW?
if so do i have to config something as default VLAN?
or it is possible to config the VLAN on the basic LAN Port?
or what i do i miss?
have a nice day
vinc
are all the other ports on the switch in access mode? you should keep it in access mode and tag those ports with the appropriate VLAN ID
default VLAN only means if a packets comes as not tagged, then the default tag will be added, in the case you have kept some interfaces with the default VLAN then yes, you should have it configured on OPNsense too.
in my opinion is better to always specify a custom tag to each port
@siga75 thanks for your feedback
yes all other are on Access Mode, but i will have to change my Server Port to to trunk and add the vlan Tag to the VM itself
there comes another Question
it is possible to have on FW Port 2
the LAN port with ip Range
and use the same IP Range as a VLAN or is there a trick to swap it so everything would stay on the same IP but move from the EthPort to the VLAN
Or any opinion how to do the change?
the DMZ is not the Problem because Port3 on the FW no VLAN an a Switch only for DMZ
have a nice day
vinc
sorry, I don't get what's the issue
if you have:
- one port of OPNsense in trunk to one port of the switch
- all the VLANs ID (also the default one) configured on that trunk, both on the OPNsense and on the Switch
- all the access port on the switch with the correct VLAN ID configured
then for the servers connected to the access port of the switch it's transparent, they have no VLAN TAG since the switch will remove it
@siga75 merci
so the Switch Port where the Unifie AccessPoint connected is have not to be a trunk, just only the port between opnSense and Switch?
have a nice day
vinc
if your access point only provides one network then no need for a trunk, trunk is needed to have multiple networks (VLANs) on the same cable.
if your access point need to receive/provide more than one network then of course you need a trunk also there, if it is supported by the AP, but in that case it also has to be configured there
@siga75 Merci
yes i will have more then a vlan - with each ssid a vlan
IP MAC Manufacturer Interface Interface name Hostname
10.18.14.1 00:0d:b9:48:53:56 PC Engines GmbH igb2 LAN
10.18.14.131 fe:bd:4a:ac:10:8f igb2_vlan1014 1014vLAN
10.18.14.50 ac:1f:6b:d3:93:31 Super Micro Computer, Inc. igb2 LAN
10.18.14.81 78:8a:20:d3:72:d0 Ubiquiti Networks Inc igb2 LAN
how it is possible to have VM with a vlan1014 tag?
so my guess is it's 2 networks
10.18.14.0/25 (default vlan)
10.18.14.128/25 (vlan 1014)
I don't know if it the best solution, but what I would do is:
change default vlan to use tag 1015 or whatever
port 3 and 10 on the switch in trunk with vlans 1014 and 1015
all the other ports on the switch in access mode, tagged with the necessary vlan id
in opn create 2 (or more if needed for other networks not used by AP) VLAN interfaces with parent interface the phisical one that is connected to the switch
the same has to be done in your AP, I don't know the options you have there
what do you mean with VM with the 1014 tag? the devices connected to your AP will not see any tag, the switch inside your AP will remove the tag once forwarding the packets