OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: woter324 on April 05, 2020, 10:39:57 pm

Title: Routing issue - I think
Post by: woter324 on April 05, 2020, 10:39:57 pm

Hi,

I've got OpnSense almost configured. I can connect to and from VLANs and access the Internet, however, an outstanding issue is really foxing me. As the title suggests I think I'm missing something on the Gateway / route table, but I can't work it out.

Hardware has two NICs: igb0 (LAN) and em0 (WAN)
OpnSense's IP  = 192.168.10.1/28 on VLAN10.
Default "LAN" interface has no IP. In effect a trunk port.
VLAN50 = 192.168.50.1/24

VLAN10 has a switch (192.168.10.2) on it and the port connected to OpnSense is set to trunk and includes VLAN10.

I have two devices connected to the aforementioned switch: Laptop A and Laptop B. Both switch ports are set to access with VLAN10 and VLAN50 respectively.

Issue
Laptop A - 192.168.10.9
Cannot connect to OpnSense (192.168.10.1) web interface.
Cannot connect to any other VLAN / Internet.
Can connect to switch's (192.168.10.2) web interface.

Laptop B - 192.168.50.108
Can connect to OpnSense (192.168.10.1) web interface.
Can connect to all VLANs.
Cannot connect to switch's (192.168.10.2) web interface.

I've tested whilst disabling the firewall. Obviously I cannot route to the Internet, but the issue remains.

I have one Gateway set:
Name = WAN_PPPoE
Interface = WAN
Protocol = IPv4
Priority = 254
Gateway = 195.102.260.130 (My public IP).

I have no user-defined routes.

I've searched and searched and after 12 hours, I'm reaching out in the hope that someone may be able to spread some light on my issue. If you have any ideas of what's going on, I'd be grateful if you could share.

Thanks in advance.

Title: Re: Routing issue - I think
Post by: woter324 on April 06, 2020, 03:36:25 pm

Not so much a routing issue, but a switching issue.

The OpnSense FW is replacing a 10 year-old Cisco router and I used the same config on the switchport of the switch:

Code: [Select]

interface gigabitethernet27
 description "***TRUNK to OpnSense (NIC1)***"
 switchport trunk allowed vlan add 50,65,100
 switchport trunk native vlan 10
!

Once I removed the `switchport trunk native vlan10` line and added 10 to the allowed list, it worked.

Code: [Select]

interface gigabitethernet27
 description "***TRUNK to OpnSense (NIC1)***"
 switchport trunk allowed vlan add 10,50,65,100
!

Now, to work out how these firewall rules work...