Messages

I'm doing something similar for my guest wi-fi network. A separate dedicated wireless router in AP mode. It's on its own VLAN and then firewall rules to only allow internet access.


Sent from my iPad using Tapatalk

Nice! The patch works for me.

If it is an option, you can try and use a separate dedicated interface for VLAN.


Sent from my iPhone using Tapatalk

Turns out to to be a bad cable connected to that specific port.

That's why I kept getting the self-assigned IP's. Go figure. Nothing to do with VLAN.

I still need to finish the project that I expected to be a simple thing. And it might be with a cable that works.


Sent from my iPhone using Tapatalk

Thanks. I'll reset the Aruba switch and try it again.

Is the single interface connected to a switch? I would double check that they are all configured the same way. And if there is a switch,  someone who had a similar issue got all the VLAN's working by restarting the switch.

I'm simply trying to set up a simple VLAN for a guest PC. Something is not right and would appreciate some guidance.

Opnsense:
1. Create VLAN 30 - GUEST
2. Interface GUEST - vlan 30 on LAN network port (in my case re1). Enabled device with static IP 192.168.30.1/24
3. DHCPv4:[GUEST] with an IP range 192.168.30.100 - 192.168.30.200
4. Created a firewall rule for GUEST:
IPv4 *   GUEST net   *   *   *   *   *   Default allow GUEST to any rule
and there are 3 automatically created rules to allow access to DHCP server

On the switch (Aruba 1930)
1. Create VLAN 30
1. Port 1 on the switch is a trunk to opnsense - VLAN 30 included/tagged
2. Port 15 on the switch is for a guest PC - VLAN 30 included/untagged
3. Interface 15 on the switch is set to Port VLAN ID 30
4. Since routing happens on opnsense I've not enabled routing on the switch and no DHCP relay

On the guest PC I keep getting the self-assigned IP address 169...

I suspect it can be
1. the firewall rule
2. some additional config on the switch (I've seen some posts depending on the type of switch requires a static route for the VLAN)

And yes, I did try to disable IPS (that I only use for WLAN anyway) and sensei is only protecting LAN.

Thoughts? I'm just not sure where to look next. My guess at the moment is that it is related to FW rule (I'm new to opnsense). I figured since it is a VLAN there' just an in-rule.   

BTW - I can ping 192.168.1.30 from a PC that is connected to the switch connected to another port - basically from the LAN to the VLAN 30 interface on opnsense. If I set a static IP on the guest PC I don't get any traffic. I don't see any action for GUEST interface in the live firewall log.

I'm well underway with my migration effort. Just to add, if anyone else is doing something similar - since I'm using my current router for internet and default gw I just had to add a route for my current network to the LAN interface 192.168.1.2 and then everything just works as suggested.

Yeah, sorry about that. I intended to show the dotted line being after I move the modem.

This was helpful. Changed LAN to any rule and I'm now able to ping OPT1 from the PC on LAN - progress.

Next I will check the NVR to make sure it is setup the way it should. Thanks for pointing me in the right direction!

Glad to hear I'm not the only one. I was going to start with the NVR but I also have some IOT devices that I can move once I get this figured out. 

I did add the rules but for some reason I'm not able to get through from LAN. The current wifi router is a Deco M9+. As long as I have the pass in rule for OPT1 I was hoping what you are doing would be all I need to do.

I should add that I have 2 switches between the wifi router and the opnsense server. Part of this process I'm moving all the networking gear and servers to a different location so I have to run new cables. The family have no appreciation for the effort and requires no down time...

I will start over with OPT1 and can post how the interfaces are setup and the rules. I must have done something wrong. Appreciate the reply.

I'm in the process migrating over to opnsense. My plan is to have 2 separate networks OPT1 for my nvr  and LAN for the main network and DHCP server.  I tried to capture this in a diagram - attached.

Before the cut over I just want to learn a little bit more about opnsense. The actual migration is just to connect the modem, enable the WAN interface on the opnsense FW, make LAN the 192.168.1.1 default GW and then turn the wifi router into an access point.

Everything is up and running with the latest version. Seems to be working fine except I'm not able to reach the NVR on the second network. I thought I would just be able to add a fw rule to allow LAN access to OPT1?  As an example if I'm on the PC 192.168.1.118 I want to access the NVR 192.168.2.3 over ssh or http.

Am I missing something obvious? Do I need to add a route etc? Or is this just not a good scenario and I should just set it up the way it is intended. My understanding was that within the network behind the WAN interface I should just need the fw rules to OPT1 to allow LAN in. And the GW for OPT1 is auto.

I hope this make sense. Appreciate any help or advice.