OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: overture on July 19, 2018, 08:06:49 am

Title: [solved] Can I set lagg LAN ip4 to None and have ip4 set on VLANs only
Post by: overture on July 19, 2018, 08:06:49 am
Hi
I am trying to work out how to set up my management vlan.
Initially, before I put various hosts on their own subnet/VLANs, I had everything set to the same subnet with no VLANs, 192.168.110.x/24 including all routers, switches, hosts and APs in a bid to finally (after creating the others first) create a management VLAN110 with that subnet.

On top of a lagg interface set as LAN, I now have set up all the VLANS (except management vlan) with static IP interfaces assigned and their own DHCP server all to a common gateway on LAN. My hosts are now all working in their own tagged VLANs as they should.

But the last step, getting my switches, opnsense router and APs on to VLAN110 I cant achieve yet. I already have a static ip set on LAN 192.168.110.1 (the initial subnet) from the beginning. All my switches have their management ip in that subnet as well.

I guess part of the issue is: opnsense LAN is set to 192.168.110.1, so I cant assign VLAN110 interface to that ip. I have it set to 192.168.110.240 and from a host on a dedicated management tagged vlan110 physical port I cant reach opnsense gui.

I would like to be able to have my opnsense LAN set to None in the IPv4 config type so that I can have VLAN110 interface ip set to 192.168.110.1 but when I tried to set LAN interface to None opnsense locked up and got a startup loop from a boot script (froze at loading Squid). I didnt know how to circumvent that so I had to re-install and start again.

Can I do this without hosing my install? If not what should I be doing with VLAN110/LAN interface ip assignments to get my management vlan happening?

Sidenote: I dont want VLAN110 - 192.168.110.0/24 to be the default vlan if untagged. I have VLAN1 192.168.1.0/24 for that.
Title: Re: Can I set lagg LAN ip4 to None and have ip4 set on VLANs only
Post by: Redguy on July 19, 2018, 08:12:37 am

Sure ! no problem.. do that all the time..    Creating a lagg does not create a layer 3 interface automatically.. 


Step 1 - create the lag
Step 2 - Create the desired vlans with the lagg as parent interface
Step 3 - Assign interfaces to vlan x on lagg y

Done.. Just dont assign an interface to the lagg itself.
Title: Re: Can I set lagg LAN ip4 to None and have ip4 set on VLANs only
Post by: Redguy on July 19, 2018, 08:17:56 am

Ah didnt read the whole message :-( sorry..

should be simple though.. All you need to do is create the vlan 110 on the lag, and then change the assignment of your LAN interface from using the lagg(x) itself to vlan 110 on your lagg..   Leave the Lagg(x) unattached in the assignments window..

Should work just fine.. it might be handy if you manage your opnsense firewall using an IP on one of the other vlans at that moment so you wont lose connectivity.

Title: Re: Can I set lagg LAN ip4 to None and have ip4 set on VLANs only
Post by: overture on July 19, 2018, 08:29:17 am
Ok thanks! that seems simple enough. I had it in my head that the LAN was at the top of the tree and that vlans had to sit under it.

What led me to that conclusion was that I couldn't do it without a lagg involved. There was no other interface type I could see that would host vlans and sit atr the top of the tree. Luckily my box has 4 igb ports so I could make a lagg.

What your saying is that the lagg is at the top and the lan can sit aside the other vlans.

To help me understand, If you only had 2 physical ports, one for WAN and ONE for LAN how would you do this without lagg at the top?
Title: Re: Can I set lagg LAN ip4 to None and have ip4 set on VLANs only
Post by: overture on July 19, 2018, 08:37:48 am
I must admit Im a bit hesitant to do as you suggest because last time I hosed my system. It's taken me literally days to get to this point.

Backing up helps I know.

Its just that the LAN interface is so fundamental to opnsense and I thought it shouldn't be a child of a vlan.

Well here I go! see you on the other side....any last words, gotchas or caveats Redguy?

PS: If I dont report back here in days its because it failed. OPNsense is now completely hooked in to my network.
Title: Re: Can I set lagg LAN ip4 to None and have ip4 set on VLANs only
Post by: overture on July 19, 2018, 09:15:16 pm
Awesome Redguy that worked! Case closed.