Hello!
I'am running an appliance with OPNSense:
Versions
OPNsense 25.7.9-amd64
FreeBSD 14.3-RELEASE-p5
OpenSSL 3.0.18
That's my first time VLAN configuration. First I followed the step showed by this link: https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-vlan-on-opnsense
That's the overview:
Interfaces:
LAN01: 192.168.1.0/24 (DHCP server enabled) - general purpose)
LAN02: 192.168.100.0/24 (DHCP server enabled - IoT devices)
VLAN01: 192.168.101.0/24 (DHCP server enabled - IoT devices - Parent to LAN01, VLAN TAG 20)
So, there is only one cable that goes to this distant room and it's connected to the LAN01 (blue). Yellow dashed line area shows the devices that must be configured.
(https://ibb.co/N6jfbpVD)
https://ibb.co/N6jfbpVD
Then I created in OPNSense a VLAN to connect the IoT devices that are in this room. DHCP server is enabled for this interface (192.168.101.0/24)
(https://ibb.co/p6BRXzp6)
https://ibb.co/p6BRXzp6
- Both switches are managed (TP-Link showed in the picture). Here is the configuration.
(https://ibb.co/DgDM2Mpv)
https://ibb.co/DgDM2Mpv
(https://ibb.co/35b81sDN)
https://ibb.co/35b81sDN
The IoT devices in this room are not even getting an IP. What am I missing?
Thanks in advance.
Quote from: ivpenna on December 10, 2025, 07:21:04 PMThen I created in OPNSense a VLAN to connect the IoT devices that are in this room. DHCP server is enabled for this interface (192.168.100.0/24
This is the LAN subnet. I don't think, you want to connect the devices to LAN.
What's about the access point?
You connected it to a tagged switch port. Hence you have to configure the VLAN on the AP as well.
Quote from: viragomann on December 10, 2025, 07:45:10 PMThis is the LAN subnet. I don't think, you want to connect the devices to LAN.
Quote from: viragomann on December 10, 2025, 07:45:10 PMThis is the LAN subnet. I don't think, you want to connect the devices to LAN.
My bad. It's 192.168.101.0/24. I fixed the original post.
I was able to get an IP address using a notebook and setting up the VLAN ID 20 on Windows. It was easier than configuring the AP itself (don't even know if It has this option).
Your answer gave me guidance. But I think I'm not grasping VLAN basics (at least not the way I'm supposed to configure these TP-Link switches).
What I really wanted is:
- Every device connected to ports 4 or 5 TL-SG105E would get an IP address from 192.168.101.0/24 subnet (tag 20)
- Every device connected to ports 2 or 3 TL-SG105E would get an IP address from 192.168.1.0/24 subnet (untagged)
- Port 1 will be the trunk port.
https://ibb.co/N6jfbpVD
At first, I'm not willing to configure a VLAN on a client (notebook, Access Point, etc).
Thank you for your reply.
Quote from: ivpenna on December 10, 2025, 09:27:55 PM- Every device connected to ports 4 or 5 TL-SG105E would get an IP address from 192.168.101.0/24 subnet (tag 20)
So if the AP has no VLAN configuration, you have to add these port as untagged to the VLAN20.
The other settings should be fine.
It worked! Thank you very much.
But I had to take one step further: change the PVID settings on the 5 port switch (connected to the Access Point)
https://ibb.co/nN1vkRFD
This video also helped me: https://www.youtube.com/watch?v=4JNptgMWUi0&t=356s
Thank you!