OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: RZ36 on November 15, 2021, 12:51:27 am

Title: How to configure VLANS.
Post by: RZ36 on November 15, 2021, 12:51:27 am

My goal: is to have 3-5 VLANs with some access to other VLANs and some blocked from the internet. My layout
OPNsense
WAN
LAN
-VLAN1(192.168.10.1) -VLAN 2(192.168.20.1) parent interface set to LAN.

Juniper Switch EX4200 48 port
Port 0 -> LAN OPNsense
Port 1 -> VLAN 1
Port 24 -> VLAN 2
Port 2-23/25-47-> Default

attempt1:
My PC is plugged into Port 1. I should have VLAN1. I'm unable to connect to both my switch and OPNsense. When I check my IP with ifconfig I see my IP is still from from default LAN(192.168.0.3). Have to move PC to Switch-Port2 to gain access to switch. I am able to connect OPNsense VLAN1 gateway(192.168.10.1)

attempt 2:
I've read that you have to setup a Trunk port between the switch and OPNsense so I set Switch-Port0 to trunk mode. Added VLAN1 and VLAN2 as members to Trunk Switch-Port0. PC is plugged into Port 1. Unable to connect OPNsense and Switch. When I move my PC to Switch-Port2(Default LAN) I'm able to connect back to the switch but OPNsense unable to connect to VLAN1 gateway. I have to turn off trunk mode on Switch-Port0 to regain access to OPNsense.

Title: Re: How to configure VLANS.
Post by: Greelan on November 15, 2021, 11:20:20 am

Try tagging VLAN1 with something other than 1 - say 10

Title: Re: How to configure VLANS.
Post by: RZ36 on November 15, 2021, 06:36:07 pm

Still not working. I've tried VLAN 10 and 100

Title: Re: How to configure VLANS.
Post by: Antaris on November 16, 2021, 09:44:03 pm

It's better if you have a separate port in the OPNsense. Assign it, enable it, name it TRUNK and DO NOT assign an IP address to it. After this assign your VLANs to the TRUNK port as parent and connect it to the switch. The try to untag your VLANs to specific ports. Avoid to mix tagged and untagged traffic on the same port in BSD, especially if you use netmap(Sensei/Zenarmor)...

Title: Re: How to configure VLANS.
Post by: RZ36 on November 16, 2021, 10:45:45 pm

Quote from: Antaris on November 16, 2021, 09:44:03 pm

It's better if you have a separate port in the OPNsense. Assign it, enable it, name it TRUNK and DO NOT assign an IP address to it. After this assign your VLANs to the TRUNK port as parent and connect it to the switch. The try to untag your VLANs to specific ports. Avoid to mix tagged and untagged traffic on the same port in BSD, especially if you use netmap(Sensei/Zenarmor)...

So I should have multiple connections to the switch from my OPNsense box? So is this why you should have more than 2 ports for your OPNsense box? One per VLAN or Trunk? I see some people having multiple VLANs with their main LAN being a VLAN too. So if I add a 4 NIC card to my OPNsense box I should have 1 WAN, 1 LAN, then for the 4 NIC expansion would have 3 VLAN ports, and then 1 Trunk. Or is the 1 LAN no necessary at this point?

Title: Re: How to configure VLANS.
Post by: Greelan on November 16, 2021, 10:54:15 pm

I use one port for WAN, one port for LAN (untagged parent) and one port for all my VLANs (tagged, no parent interface)