Hi,
In my network I got a wireless access-point(a single RJ45 connector) connected to my OPNsense box.
I use the VLANs for different SSIDs to connect to the rest of the network as well as to the internet.
The management interface is not VLAN capable, and requires for updates connection to the internet(over a gateway).
(http://capture.jpg)
In theory I could:
- use the Firewall to connect the physical port to the internet.(Then none of the VLANs get internet)
- use a Bridge to connect a VLAN as well as the physical port together.(then none of my devices
can connect to the bridge over DHCPv4)
I know that both are not the recommended nor a working way. So how do I get internet to the VLANs as well as the physical port?!? My internet search did only yield empty threads and a lot of confused or helpless people.
edit: Does VLAN TAG 0 solve the problem?!?
Hi,
for every VLAN you create a interface in OPNsense. The untagged (management) LAN segment is their parent interface.
Assign networks to all of them, incl. DHCP ranges if needed.
Define pass rules for every interface. There is no requirement for any dependency between those rules. So, internet access can be configured independently. What are you trying to achieve?
Note that there might be hardware setups where VLAN tagging on an untagged active parent may cause trouble.