So i made a vlan 15, 2 pc's are on this vlan, 10.0.1.101 and 10.0.1.102
I expected that when theres traffic from and to this VLAN15, i would see it in the firewall under interface VLAN15.
All im seeing is WAN and LAN. Any help??
Have you enabled Logging for the Rules on your VLAN Interface?
yup, thats the weirdest thing.
Is your LAN the untagged equivalent of VLAN15?
Cheers,
Franco
No, its tagged 15.
P.S. the DHCP Req is the only thing that shows up in the firewall under VLAN15 interface? So i'm confused af.
Are your sure the devices are in the VLAN and not the normal LAN?
Sounds like the devices are in the wrong network
Quote from: lfirewall1243 on March 26, 2021, 11:45:03 AM
Are your sure the devices are in the VLAN and not the normal LAN?
Sounds like the devices are in the wrong network
Well, the normal lan is 10.0.0.x and the vlan is 10.0.1.x, the pc's are getting the ip from the VLAN15 DHCP.
Also the shaper i setup to shape 10.0.0.x range, and the 10.0.1.x has unlimited bw, wich i see when i do speedtests.
I would think they are in VLAN15?
Quote from: cranky on March 26, 2021, 11:47:26 AM
Quote from: lfirewall1243 on March 26, 2021, 11:45:03 AM
Are your sure the devices are in the VLAN and not the normal LAN?
Sounds like the devices are in the wrong network
Well, the normal lan is 10.0.0.x and the vlan is 10.0.1.x, the pc's are getting the ip from the VLAN DHCP.
I would think they are in VLAN15?
Yep than they are in the VLan
Quote from: lfirewall1243 on March 26, 2021, 11:49:03 AM
Quote from: cranky on March 26, 2021, 11:47:26 AM
Quote from: lfirewall1243 on March 26, 2021, 11:45:03 AM
Are your sure the devices are in the VLAN and not the normal LAN?
Sounds like the devices are in the wrong network
Well, the normal lan is 10.0.0.x and the vlan is 10.0.1.x, the pc's are getting the ip from the VLAN DHCP.
I would think they are in VLAN15?
Yep than they are in the VLan
Yeah, thats what i figured too, i reinstalled this box 3 times already because of this (port forwarding is not working either to the vlan).
The first time i DID see the VLAN15 interface.
Also , im getting this error all of the sudden :
[26-Mar-2021 11:15:44 Europe/Amsterdam] PHP Warning: implode(): Invalid arguments passed in /usr/local/www/firewall_nat_edit.php on line 216
Show your
-Interface config
-VLAN config
-Assigments
-Firewall Rules
-Network Plan (which devices are between your Client and OPNsense)
I'm sorry for sounding dumb asking this again. Do the LAN and VLAN share the same physical port?
Cheers,
Franco
Quote from: lfirewall1243 on March 26, 2021, 11:53:49 AM
Show your
-Interface config
-VLAN config
-Assigments
-Firewall Rules
-Network Plan (which devices are between your Client and OPNsense)
Network plan= OPNsense (10.0.0.1 - em0) <--> Switch (vlan 15 tagged on ports 1,3,5) <---> client (port 3) 10.0.1.101
Rest is attached as screenshots.
Quote from: franco on March 26, 2021, 11:55:31 AM
I'm sorry for sounding dumb asking this again. Do the LAN and VLAN share the same physical port?
Cheers,
Franco
There are no dumb questions :) , yes they share the same port.
As suspected from the firewall perspective VLAN traffic is seen on em0 natively and enforced so you don't see them attributed VLAN on top of em0.
Do not use tagged and untagged on the same port going into OPNsense.
Cheers,
Franco
Quote from: franco on March 26, 2021, 12:01:23 PM
As suspected from the firewall perspective VLAN traffic is seem on em0 natively and enforced so you don't see them attributed VLAN.
Do not use tagged and untagged on the same port going into OPNsense.
Cheers,
Franco
ok, so, this is what i just did, and now its showing up as vlan15....
My switch uses native vlan1 untagged, i added the untagged vlan1 to ports 3 and 5, (so port 3 is now untagged1, and tagged15), now it shows up as vlan15
Can't know for sure. If you don't have another port free at least push LAN to VLAN ID 10 so both are clearly separated.
The biggest issue here is LAN is the only preconfigured network with internet access pass rule and this setup extends it to the VLAN without intention by configuration.
Connectivity-wise this works, security-wise not so much.
Cheers,
Franco
Quote from: franco on March 26, 2021, 12:05:55 PM
Can't know for sure. If you don't have another port free at least push LAN to VLAN ID 10 so both are clearly separated.
The biggest issue here is LAN is the only preconfigured network with internet access pass rule and this setup extends it to the VLAN without intention by configuration.
Connectivity-wise this works, security-wise not so much.
Cheers,
Franco
yes i'm aware of this, this is just a testing phase, im not intending to leave the extention to the vlan like this.
thnx for the heads up anyway :) , much appreciated.
(tbh its been years since i did networking so im rusty af)