Text only | Text with Images

OPNsense Forum

Archive => 23.7 Legacy Series => Topic started by: Cipher on December 04, 2023, 11:15:11 AM

Title: Assistance Needed: Routing Issue with OPNsense Firewall and Cisco Layer 3 Switch
Post by: Cipher on December 04, 2023, 11:15:11 AM
 I'm currently facing a routing issue that I'm hoping to get some guidance on.

Here's a brief overview of our setup:

We have two separate subnets from our ISP, both /29.
We are utilizing a layer 3 switch from our ISP with VLAN tagging to connect to the OPNsense firewall.
The switch port connecting to the OPNsense firewall is tagged with VLAN 130, and VLAN 130 is utilizing both /29 subnets for the uplink to the firewall.

What I'm attempting to achieve:

I want to separate the subnets so that the uplink will have two VLANs, specifically VLAN 130 and VLAN 131.
However, when I configure this setup, it seems to only route one subnet and not both.

The Cisco team has mentioned that OPNsense needs to be configured to route these subnets internally.

I would greatly appreciate any insights, advice, or guidance on how to properly configure OPNsense to internally route these subnets. If there are specific settings or configurations I should be looking at, please point me in the right direction.

Thank you in advance for your support!
Title: Re: Assistance Needed: Routing Issue with OPNsense Firewall and Cisco Layer 3 Switch
Post by: netnut on December 04, 2023, 09:28:37 PM
QuoteThe Cisco team has mentioned that OPNsense needs to be configured to route these subnets internally.

What topology are they proposing ? Without a decent network diagram and lack of information (Gateways ?, DHCP ?, Routing Protocols ?) it's a shot in the dark, but this should work anyway:

- Clean your current WAN config, just the raw interface with _nothing_ configured, this will be your parent interface for both VLANs
- Create two VLANs (130+131) in "INTERFACES: OTHER TYPES: VLAN" with your WAN interface as parent.
- You now have two (WAN) interfaces, WAN1 (VLAN130) and WAN2 (VLAN131).
- Configure both WAN interfaces with the matching subnets, like:

WAN1: 192.168.1.1/29     Gateway (Cisco): 192.168.1.6/29 ?!?!

WAN2: 192.168.1.9/29.    Gateway (Cisco): 192.168.1.14/29 ?!?!


If they only provide a single gateway interface at the Cisco site, you probably can use a single WAN interface at OPNSense, but both sites (Cisco & OPNSense) need some static route magic or BGP.

Provide some details and/or ask the Cisco guys how they would configure the gateway/router (ie OPNsense) if it was a Generic/Cisco device. Everything they can think off can be accomplished with OPNsense.....



Title: Re: Assistance Needed: Routing Issue with OPNsense Firewall and Cisco Layer 3 Switch
Post by: s4rs on December 06, 2023, 07:48:09 PM
To be clear the Cisco port is a trunk and not an access vlan?
Text only | Text with Images