Messages

Yes, I didn't config firewall rule yet,
I just want to make sure the routing mode can work first.

But after a little time test, it will broken it's connection after several minutes,
then connect again after a little time,
I don't know if my configuration problem.

I had config out a roting mode for VLAN
https://docs.opnsense.org/manual/how-tos/transparent_bridge.html
when create a bridge, select VLAN and Wan(not Lan and Wan),

But an interface just can create a bridge,
so if you have a lot of VLAN, then...
your OPN host must have enough interface to match your vlan number.

I don't know if anything I lost and need to watch out?

Now I can let vlan port isolate from switch and connect to internet in NAT mode,
but I want to change to roting mode.

Internet -- OPN host -- Lan(VLAN121) -- Switch -- client in VLAN 121(public IP)

How should fix my config?

Maybe I should set VLAN port isolation on switch,
I will try it first.

all my ip in vlan are same block/netmask with lan ip(192.168.1.x/24),
I use vlan in switch just for port isolate(e.g: client in VLAN 121 can't connect client in VLAN 122...)
but all clent is 192.168.1.x/24, and OPNSense lan port ip is 192.168.1.7(example),so...
how should I set then every VLAN client can ping the OPN host lan ip(192.168.1.7)?

and port21(vlan121) untag mode was configured by huawei switch access mode.
but I had try, it can connect to other client in the same vlan121 on another switch(port21/sw2)

I meaning, if OPN host lan port plug on sw2 port21(vlan121 too), sw1 and sw2 connect with GB3(trunk port),
OPN host and test client in vlan121 can ping each other,
but if the OPN host lan port plug on GB3(sw1 trunk port), they can't see each other.

I set a rule from "vlan121 net" to "The Firewall", test client in port 21(VLAN 121)still can't ping the OPN host.
OPN host can't ping test client too.
but my work nb from switch eth port 1(vlan1) can ping the OPN host without ping rule.

I post my switch and OPN config

I create the vlan rule from copy the lan config, I didn't see the LAN icmp rule,
but my pc outside the vlan can ping the OPNSense host lan ip.

I try to create a ICMP rule for VLAN, but still can't ping the OPN host lan port form vlan..
and, OPN host can't detect the test client in VLAN too...

I set it this way now,
but my client in vlan 121 can't ping the OPNSense lan ip.

I don't know how to fix it.

Thank you

　I use a hwawei switch with multivlan, 1, 121, 122, 123, 124,
I want to set a trunk port with GB4 and link to lan port(bge1) on OPNSense,
let vlan 1, 121~124 can link internet,

　I don't make sure how should I set at OPNSense.
if anyone can help me?

Thank you