Hello all,
In going thru the install of OPNsense I noticed there is a dialog that allows me to configure vlans as part of the install. In testing this I can set a vlan to a physical interface but there is no place to assign an IP to this vlan. Is there something I am missing or is this true bc it does not help when installing the OS for the first time.
Thanks,
Steve
You don't assign an IP to a VLAN. It is just slightly more complex.
What you do is follow a multi-step process:
* create an interface for the VLAN, Interfaces -> Other Types -> VLAN. Click + to add a new one, pick a parent interface (like re0), give it a VLAN tag (id) and a description (name). Say, re0, id=999, description=internaltest
* In Interfaces -> Assignments, you'll see the new VLAN in the lowest line. Here, assign a name to the interface like internaltest999 and check the assignment of the VLAN to the correct physical interface (there might be many available depending on resources)
* next, the new VLAN will show up as an interface in Interfaces menu. Go to Interfaces -> internaltest999 and click "Enable interface". Last step, you configure the actual interface to your liking.
Short version, if "you only need a VLAN" this is a two minute process.
The Interface -> Assignment overview will, if you have many VLANs, show all of them and the interfaces they run on.
Can this process be done for the default LAN interface? I want to convert that to a vlan.
I don't see why not. The procedure above should work, and you can start sending tagged packets towards the interface.
Ahhhh....so the switch port that this is connected to needs to be a tagged port?
Probably. That's the point of VLANs.
Not always...all switch ports do not have to be tagged to get traffic to its end point.
Correct, but VLANs in the OPNsense world are always tagged interfaces on a parent one, since OPNsense is not a switch. And you must connect this "trunk" port to another "trunk" (i.e. tagged) port on the switch to transport the VLAN tags ... otherwise it's just single interfaces.
I got it...yes you are right in that respect! Now a stupid question, which really kicked this whole dialog off.
My temp firewall is built with the default LAN interface configured and connected in a traditional manner. I would prefer to configure a vlan on this physical interface, so all my internal interfaces are running over vlan. I would assume I need to connect to the firewall over a different interface/subnet and then I can delete the LAN interface and make it a vlan?
More or less. You can define all the VLANs you need using a different physical port and then assign the LAN interface to VLAN x in Interfaces > Assignments.
OPNsense provides an additional layer of abstraction between your rules and the network interfaces proper. WAN, LAN, ... are symbolic names that are used to assign the rules and are thenselves in turn assigned to the real interfaces.
No need to delete anything or recreate/move rules.