Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: bazsa79 on February 19, 2025, 06:26:39 PM

Title: VLAN switch and Opnsense interface settings
Post by: bazsa79 on February 19, 2025, 06:26:39 PM
Hello!

I read this post but I need some help. - https://forum.opnsense.org/index.php?topic=36530.msg178401#msg178401

I also want to make something similar, but recently I ran into the fact that the firewall became completely inaccessible from the inside. What could I have messed up? Should the nativ (default) VLAN be transferred (is recommended?) then transferred from 1 to another vlan number? 1 on all Aruba switches now the native trunk. Should I then change this default VLAN to eg 1001 on all switches?

So these vlans are currently on the switch that I want to connect to the Opnsense machine running under MS Hyper-v (1 WAN and 1 LAN port now, not tagged):
1 - native (untagged)
90 - lan
103 - cameras

Under Opnsense, I added 90 and 103 to the VLAN.
I assigned 103 to an interface. The parent is the current "LAN" (this should be VLAN 90).
I added firewall rule 103 to pass.
I routed the port connected to the Hyper-v server on the Aruba switch as follows:
vlan trunk native 1
vlan trunk allowed 90,103
Is it a problem here that I left out the 1 (native) VLAN? Should that be?: vlan trunk allowed 1,90,103

Then when I assigned VLAN 90 to the LAN interface under Opnsense, everything inside became inaccessible. (Now I've done it so that I can access it from outside the place as well :D)

So what do you suggest I do first? (nativ vlan number...)
Also, what did I screw up?
What should I do, in what steps?

One more question.
If I want to reach the 103-VLAN from a couple of computers from the LAN (VLAN 90), do I have to add a route (or bridge?) manually under Opnsense?

Thanks in advance for any help!
Title: Re: VLAN switch and Opnsense interface settings
Post by: bazsa79 on March 02, 2025, 06:07:04 PM
The solution was this, in case anyone else needs it:

https://learn.microsoft.com/en-us/powershell/module/hyper-v/set-vmnetworkadaptervlan?view=windowsserver2025-ps
https://forum.opnsense.org/index.php?topic=45988.0
https://docs.genians.com/release/en/install/virtual-trunk-sensor.html

get-vm TUZFAL

get-vm TUZFAL | Get-VMNetworkAdapter

$adapters=get-vm TUZFAL | Get-VMNetworkAdapter

$adapters |?{$_.MacAddress -like "*A077"} | Get-VMNetworkAdapterVlan

$adapters |?{$_.MacAddress -like "*A077"} | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "90,103" -NativeVlanId 1

( Back untagged mod:
 $adapters |?{$_.MacAddress -like "*A077"} | Set-VMNetworkAdapterVlan -Untagged )
Text only | Text with Images