I would like to put a network switch in front of the WAN gateway, so that:
Modem --> Switch --> Opnsense
I have a dual WAN configuration: WAN1 is cable (using DHCP) and WAN2 is DSL (using PPPoE).
To keep things simple, let's say the switch looks like the follows:
Switch port 1: native VLAN 101, connected to cable modem
Switch port 2: native VLAN 102, connected to DSL modem
Switch port 3: VLAN 101 and 102 are tagged, connected to OPNsense
On OPNsense, I configure WAN1 and WAN2 to use VLAN 101 and VLAN 102, respectively. (To be specific, I configure WAN1 to use VLAN 101 directly, while I configure PPPoE to use VLAN 102).
This works perfectly for the WAN2 on the DSL modem. However, for the cable modem on WAN1, the OPNsense gateway initially gets the private IP address for the cable modem (192.168.100.1), but then it is unable to get the DHCP address for the internet and it marks the gateway as unavailable. Note that WAN1 works correctly if I connect the cable modem directly to OPNsense on a physical port.
Any advice would be appreciated.
I've read that some ISPs use VLAN for their access stuff, so it would seem logical to assume that your VLAN setup conflicts with their VLAN and unless you pick the proper one (there's a list where some are listed: https://habbie.github.io/isp-vlans/) or they don't use VLAN it can't communicate just as you describe.
Have you tried entering 192.168.100.1 into Reject Leases From? That's specifically to prevent cable modems from assigning a private address to OPNsense.
Cheers
Maurice
Thanks for the tips. I rechecked all the settings and tried it again, and it's now working with both modems connected to the switch, which is connected to the router. @maurice, I'll look at that DHCP client setting if I see this problem again in the future.
I should add: what I think fixed it was to completely isolate the WAN traffic on the switch. When it wasn't working, I suspect the VLAN configurations on my switch were leaking WAN traffic to other ports.