Show Posts
1
General Discussion / Struggling to get VLANs working
« on: November 06, 2023, 10:08:54 pm »
I'm setting up a new OPNsense device to replace the router on my network, and I also bought at netgear 610 WAP.
the OPNsense box has a (genuine) intel i350 T4 card in it, and I've assigned the igb0 interface to be my WAN port.
next I've assigned a VLAN 1 tag to the igb1 and setup DHCP on it. the entire rest of my wired network is on a single unmanaged 24 port switch, and this is fine, as all the devices on that switch are devices I would want on the same VLAN anyway. The issue is my Netgear access point can broadcast up to 8 SSIDs with different vlans, and I want to use three of them. the first being a private network that should be on vlan1 and have access to the entire network. the second VLAN2 should be a guest network, that only has access to the internet. and the third VLAN3 should be entirely isolated to itself and have no internet access and an only be able to access other devices on it's own vlan.
right now I'm only attempting to get the vlan1 and vlan2 working. and nothing works. no amount of bridging, firewall rules, or virtual interfaces, seems to be able to make the wireless vlan1 talk to the wired network, or even get DHCP to work.
I've added a diagram below of the physical network layout I'm attempting. As I've already spent three days on this, I'm thinking it would be more productive if someone could just look it over and tell me how I can make this work rather the go over what I've already tried, since I've tried some variation of everything at this point.
the OPNsense box has a (genuine) intel i350 T4 card in it, and I've assigned the igb0 interface to be my WAN port.
next I've assigned a VLAN 1 tag to the igb1 and setup DHCP on it. the entire rest of my wired network is on a single unmanaged 24 port switch, and this is fine, as all the devices on that switch are devices I would want on the same VLAN anyway. The issue is my Netgear access point can broadcast up to 8 SSIDs with different vlans, and I want to use three of them. the first being a private network that should be on vlan1 and have access to the entire network. the second VLAN2 should be a guest network, that only has access to the internet. and the third VLAN3 should be entirely isolated to itself and have no internet access and an only be able to access other devices on it's own vlan.
right now I'm only attempting to get the vlan1 and vlan2 working. and nothing works. no amount of bridging, firewall rules, or virtual interfaces, seems to be able to make the wireless vlan1 talk to the wired network, or even get DHCP to work.
I've added a diagram below of the physical network layout I'm attempting. As I've already spent three days on this, I'm thinking it would be more productive if someone could just look it over and tell me how I can make this work rather the go over what I've already tried, since I've tried some variation of everything at this point.