OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: verasense on March 23, 2021, 11:41:22 pm

Title: VLAN in WAN and LAN
Post by: verasense on March 23, 2021, 11:41:22 pm

My ISP requests a VLAN of 20, does this mean I should not use VLAN 20 in my LAN?  Or will OPNsense treat differently VLANs on WAN interface vs VLANs on LAN interfaces?

Title: Re: VLAN in WAN and LAN
Post by: bartjsmit on March 24, 2021, 10:11:00 am

Short answer is no. You have thousands to choose from, so why make things more difficult?

Bart...

Title: Re: VLAN in WAN and LAN
Post by: Maurice on March 24, 2021, 11:28:25 am

If your OPNsense WAN and LAN interfaces are two separate physical interfaces, you can absolutely use the same VLAN on both of them. VLAN uniqueness is only required within a layer 2 network.

Title: Re: VLAN in WAN and LAN
Post by: verasense on March 24, 2021, 11:37:39 am

Yes, there are separated physical interfaces, my concern is that, in the same way that if I set the same VLAN in two different physical LAN interfaces they will be "connected", this will happen somehow with the WAN interface. Not sure if the behaviour would be to share a broadcast domain between my LAN VLAN20 and the WAN.

I know that there are a lot of VLAN IDs to choose from, but I had already set my network with certain VLANs before. It is just that my ISP has required me a specific VLAN to connect to its fiber afterwards, and it just happened to be one that I had already assigned and configured.

Title: Re: VLAN in WAN and LAN
Post by: Maurice on March 24, 2021, 11:50:47 am

As long as both interfaces are not connected to the same physical network (switch), the VLANs should not be in the same broadcast domain.

Quote from: verasense on March 24, 2021, 11:37:39 am

if I set the same VLAN in two different physical LAN interfaces they will be "connected"

Did you actually observe that? While you can create bridges between physical interfaces in OPNsense, I would be very surprised if it would do so automatically simply based on identical VLAN IDs.

Title: Re: VLAN in WAN and LAN
Post by: verasense on March 25, 2021, 07:54:26 pm

Mmmm.. Actually I didn't observe that, it is an assumption. I thought that connecting to the VLAN 10 on interface 1 and to the VLAN 10 on interface 2 was going to exchange packets between them.

You are right about that - I actually remember I had to create a bridge in the past to connect two networks from different interfaces. Just thought that having the same VLAN will trigger the same behaviour as a switch, which is not true.

Title: Re: VLAN in WAN and LAN
Post by: Maurice on March 25, 2021, 08:17:50 pm

Oh, assumptions are dangerous... speaking from experience. ;)

It's not a switch. I see no reason why it would automatically bridge VLANs across different physical interfaces just because they have the same VLAN ID.

Why not go ahead and just try it?

[edit]
Your edit was faster than my response. :-)
[/edit]

Title: Re: VLAN in WAN and LAN
Post by: verasense on March 26, 2021, 12:23:20 am

Thanks :-D