OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: cranky on March 26, 2021, 11:29:35 am
-
So i made a vlan 15, 2 pc's are on this vlan, 10.0.1.101 and 10.0.1.102
I expected that when theres traffic from and to this VLAN15, i would see it in the firewall under interface VLAN15.
All im seeing is WAN and LAN. Any help??
-
Have you enabled Logging for the Rules on your VLAN Interface?
-
yup, thats the weirdest thing.
-
Is your LAN the untagged equivalent of VLAN15?
Cheers,
Franco
-
No, its tagged 15.
P.S. the DHCP Req is the only thing that shows up in the firewall under VLAN15 interface? So i'm confused af.
-
Are your sure the devices are in the VLAN and not the normal LAN?
Sounds like the devices are in the wrong network
-
Are your sure the devices are in the VLAN and not the normal LAN?
Sounds like the devices are in the wrong network
Well, the normal lan is 10.0.0.x and the vlan is 10.0.1.x, the pc's are getting the ip from the VLAN15 DHCP.
Also the shaper i setup to shape 10.0.0.x range, and the 10.0.1.x has unlimited bw, wich i see when i do speedtests.
I would think they are in VLAN15?
-
Are your sure the devices are in the VLAN and not the normal LAN?
Sounds like the devices are in the wrong network
Well, the normal lan is 10.0.0.x and the vlan is 10.0.1.x, the pc's are getting the ip from the VLAN DHCP.
I would think they are in VLAN15?
Yep than they are in the VLan
-
Are your sure the devices are in the VLAN and not the normal LAN?
Sounds like the devices are in the wrong network
Well, the normal lan is 10.0.0.x and the vlan is 10.0.1.x, the pc's are getting the ip from the VLAN DHCP.
I would think they are in VLAN15?
Yep than they are in the VLan
Yeah, thats what i figured too, i reinstalled this box 3 times already because of this (port forwarding is not working either to the vlan).
The first time i DID see the VLAN15 interface.
Also , im getting this error all of the sudden :
[26-Mar-2021 11:15:44 Europe/Amsterdam] PHP Warning: implode(): Invalid arguments passed in /usr/local/www/firewall_nat_edit.php on line 216
-
Show your
-Interface config
-VLAN config
-Assigments
-Firewall Rules
-Network Plan (which devices are between your Client and OPNsense)
-
I'm sorry for sounding dumb asking this again. Do the LAN and VLAN share the same physical port?
Cheers,
Franco
-
Show your
-Interface config
-VLAN config
-Assigments
-Firewall Rules
-Network Plan (which devices are between your Client and OPNsense)
Network plan= OPNsense (10.0.0.1 - em0) <--> Switch (vlan 15 tagged on ports 1,3,5) <---> client (port 3) 10.0.1.101
Rest is attached as screenshots.
-
I'm sorry for sounding dumb asking this again. Do the LAN and VLAN share the same physical port?
Cheers,
Franco
There are no dumb questions :) , yes they share the same port.
-
As suspected from the firewall perspective VLAN traffic is seen on em0 natively and enforced so you don't see them attributed VLAN on top of em0.
Do not use tagged and untagged on the same port going into OPNsense.
Cheers,
Franco
-
As suspected from the firewall perspective VLAN traffic is seem on em0 natively and enforced so you don't see them attributed VLAN.
Do not use tagged and untagged on the same port going into OPNsense.
Cheers,
Franco
ok, so, this is what i just did, and now its showing up as vlan15....
My switch uses native vlan1 untagged, i added the untagged vlan1 to ports 3 and 5, (so port 3 is now untagged1, and tagged15), now it shows up as vlan15
-
Can't know for sure. If you don't have another port free at least push LAN to VLAN ID 10 so both are clearly separated.
The biggest issue here is LAN is the only preconfigured network with internet access pass rule and this setup extends it to the VLAN without intention by configuration.
Connectivity-wise this works, security-wise not so much.
Cheers,
Franco
-
Can't know for sure. If you don't have another port free at least push LAN to VLAN ID 10 so both are clearly separated.
The biggest issue here is LAN is the only preconfigured network with internet access pass rule and this setup extends it to the VLAN without intention by configuration.
Connectivity-wise this works, security-wise not so much.
Cheers,
Franco
yes i'm aware of this, this is just a testing phase, im not intending to leave the extention to the vlan like this.
thnx for the heads up anyway :) , much appreciated.
(tbh its been years since i did networking so im rusty af)