Messages

gorgeous thank you! worked like a charm!

UPDATE: yes the video worked that was indeed the issue!!! however I have a new one now...

I messed up and changed the listening interface for the webgui I still have SSH however it seems like everything I change on there does not fix my issue does anyone know how to change the listening interface via SSH

Thank you all for all your help! I am going to try that video I just watched it and it looks promising!! Thank you guys so much I will update you all when I get a chance!

Great we found the issue thank you for the help! But how do I fix it?

could any of these settings be affecting it? or the fact that it is a hyper v vm? i mean that NIC port on the server is dedicated to just the VM and nothing else

show mac address-table interface tenGigabitEthernet1/1/3
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    1418.7762.dcff    DYNAMIC     Te1/1/3



Here is the mac address table table for the interface facing opnsense, I have the windows machine ip to 192.168.10.101 and pinging 10.1 continuously.

no that was over the auto back up assigned IPs APIPA i think is the protocol.

No ping of gate way from laptop with static and APIPA IPs

Here is an SS of the DHCP page for vlan10 on opnsense

Can you do,

While the current config the one with trunk on the ports >

Code Select Expand

show int Te[port towards OPN] trunk
show int Te[port towards PC] trunk
show int Te[port towards AP] trunk

And as well while a device is connected to your AP, do on teh switch

Code Select Expand

sh mac address-table interface Te[port towards AP]

Regards,
S.

show interfaces tenGigabitEthernet1/1/3 trunk

Port        Mode             Encapsulation  Status        Native vlan
Te1/1/3     on               802.1q         trunking      1

Port        Vlans allowed on trunk
Te1/1/3     1,10

Port        Vlans allowed and active in management domain
Te1/1/3     1,10

Port        Vlans in spanning tree forwarding state and not pruned
Te1/1/3     1,10




show interfaces GigabitEthernet1/0/5 trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/5     on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi1/0/5     1,10

Port        Vlans allowed and active in management domain
Gi1/0/5     1,10

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/5     1,10


show interfaces GigabitEthernet1/0/38 trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/38    off              802.1q         not-trunking  1

Port        Vlans allowed on trunk
Gi1/0/38    10

Port        Vlans allowed and active in management domain
Gi1/0/38    10

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/38    10



sh mac address-table interface gigabitEthernet1/0/5
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    4abd.fb3e.9eac    DYNAMIC     Gi1/0/5
   1    9c05.d643.c1b9    DYNAMIC     Gi1/0/5
   1    a64a.6488.9532    DYNAMIC     Gi1/0/5
   1    ae5a.8867.163d    DYNAMIC     Gi1/0/5
   1    bad2.b99c.0125    DYNAMIC     Gi1/0/5
  10    ba41.46ea.f647    DYNAMIC     Gi1/0/5
Total Mac Addresses for this criterion: 6

As a few more people have jumped on this thread I want to summarize what we know so far. I have a VM running OpnSense on a Dell R730 native OS is windows server 19 with a 10g SFP+ connection to a Cisco 3650 SFP+ 10g connection that is set to trunk vlan 1 and 10, 1 is set to native and if I remove vlan 1 from the trunk I lose the opnsense gui and ssh for some reason. I have a windows end device connected to port 38 on that same switch configured as an access port for vlan 10, I have a u7 pro AP on port 5 of that switch configed as a trunk port for 1 and 10 as well on unifi controller I have two networks 1 for vlan 1 and one for vlan 10, 3 SSIDs for vlan 1 and 1 for vlan 10. I have connected my phone to vlan 10 and can ping said phone from the windows machine also on vlan 10. I do have the vlan set up in OPNsense but i can not get an IP from DHCP on either the wireless or wired devices.

Thank you all for the help so far I hope this summary helps clarify

okay I will work on taking VLAN 1 off, I have my phone and the switchport mode access on port 38 which is a windows machine they could ping each other from switch to AP

Laptop     Switch                  AP
Vlan10     vlan10/P38       IOT network Port 5

yes my AP can tag it is a U7 pro with multiple SSIDs 3 for vlan 1 (just the different GHz) and 1 for vlan 10 IOT devices

yes I have 2 10G ports the other is shut down so this is for sure it

ifconfig
enc0: flags=0<> metric 0 mtu 1536
        groups: enc
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33160
        groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
        syncpeer: 0.0.0.0 maxupd: 128 defer: off
        syncok: 1
        groups: pfsync
hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: WAN (wan)
        options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
        ether 14:18:77:62:dc:fe
        inet xxx.xxx.xxx.xxx netmask 0xfffffc00 broadcast xxx.xxx.xxx.xxx        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
hn1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: LAN (lan)
        options=80018<VLAN_MTU,VLAN_HWTAGGING,LINKSTATE>
        ether 14:18:77:62:dc:ff
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan0.10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: Vlan10 (opt2)
        options=80000<LINKSTATE>
        ether 14:18:77:62:dc:ff
        inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255
        groups: vlan
        vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: hn1
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
wg1: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
        description: wireguard (opt1)
        options=80000<LINKSTATE>
        inet 10.10.10.1 netmask 0xffffff00
        groups: wg wireguard
        nd6 options=9<PERFORMNUD,IFDISABLED>
root@OPNsense:~ #

* Your Trunk ports are missing encap config

Code Select Expand

switchport trunk encapsulation dot1q

This command will not work on 3650 and other legacy switches. These command is for MLS switches.

3650 already by default supports 802.1Q and its the only encapsulation it supports by default.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3e/vlan/configuration_guide/b_vlan_3e_3650_cg/b_vlan_3se_3650_cg_chapter_0100.html

Regards,
S.

I was about to say this as it indeed does do 802.1q by default and the encapsulation dot1q is an invalid command on my switch. If I untruck vlan 1 I get locked out of Opense managment ssh and webgui. still routes traffic though