Messages

thanks for the quick reply

it's a combination of OpenWRT APs and TP link EAP 245, so they can both do multiple SSID, multiple DHCP and vlan tagging

currently, these are configured as (dumb) access point (so they don't have an own DHCP server running)

i want to make multiple VLANS available on all ports of my 4 port NIC, so my access points can each broadcast multiple SSIDs (each on their own VLAN). Form what I've read, the easy way would be to add a switch in between my Opnsense box and my APs, but I don't have a switch and have enough ports with the 4 port NIC. The setup I'm describing is what I've come up with from reading other kinda (but not really) related topics.

I very willing to just start over, so could you maybe point me in the right direction on how to do this properly?

Some more info:

- i have all 4 ports of my intel NIC bridged as "LAN". LAN has a DHCP server running and gives leases under 192.168.2.x
- for LAN, there is no vlan configured

- for every port of the NIC, i have also configured a VLAN with VLAN tag 20.
- these 4 vlans, are bridged as "VLAN20"
- for VLAN20, there is a dhcp server running giving leases in 192.168.20.x

in my access points (connected directly to the Intel NIC, no switch in between), there is a wifi network without vlan tag. Devices connected to this, get an IP in 192.168.2.x range and can connect properly. There is also a wifi network with vlan tag 20 on the same APs which broadcasts my IoT network. Devices connected to this, get an ip in the 192.168.20.x range. For example, an ipconfig on a client on this network gives me:
IP: 192.168.20.101
Subnet: 255.255.255.0
gateway: 192.168.20.1 (DHCP server of VLAN20).

When i go to "leases" under the DHCPv4 service in Opnsense, i see the device with IP 192.168.20.101 listed under interface VLAN20.

in the firewall i have a pass all rule for VLAN20 net.

So the problem is that the devices on the VLAN20 net cannot connect to the internet, nor ping a device on my network (even the default gateway is not accessible).

Hello
I opnsense installed on a box with an intel 4 NIC. I have multiple access points connected directly to ports of this NIC. I want to create VLANs which are available to all access points connected to these 4 NICs ports. I do this so I can create WiFi networks for guests and for IoT, available on every access point.

So far i have created 4 VLAN interfaces each with their own assignment and then bridged them together (I had to do this in order to make DHCP work, i first tried making a vlan directly on the LAN bridge (which bridges the NICs 4 ports), but DHCP didn't work that way). On my access points (OpenWRT), I configured the right WiFi networks. My devices can connect and get an IP in the right DHCP range, so this is working. However, none of these devices can connect to the internet (or ping the router). My bridged VLAN has a pass all rule in the firewall, so I don't know why it's not working.

I found this post of someone having the exact same issue, but no solution is provided: https://forum.opnsense.org/index.php?topic=7359.0

What am I doing wrong? I also don't understand why I don't find more information about this as this seems like something a lot of people would do.