Messages

1

General Discussion / Re: OPNSense with APs, Wireless Bridge, VLANs

« on: Today at 03:05:24 am »

EricPerl,

I guess my last reply would be for you too. Right now I have the box plugged directly into my Arista switch so I can use the monitor and keyboard. Nothing I seem to do except setting the LAN to igc0 (physical interface) seems to work.

2

General Discussion / Re: OPNSense with APs, Wireless Bridge, VLANs

« on: Today at 02:55:59 am »

Patrick,

I cannot get this work. Sorry for being short as I'm doing this on my phone now. I attached what the console says for assignments. I want to keep my LAN addresses as 192.168.1.0/24 otherwise I'll have to reconfigure everything.  The router cannot ping anything and nothing can get to the web interface unless it's on a physical interface, not a VLAN bridge. Any help would be appreciated as my entire network is currently down.

Thanks,
Brian

3

General Discussion / Re: OPNSense with APs, Wireless Bridge, VLANs

« on: Today at 01:17:25 am »

I broke everything hard when I undid the interface bridge. I was setting it up from the command line and got back into the web interface. I created the VLAN bridges and interfaces and assigned them IP addresses. I created a pass rule in the firewall for just any-any. Still can't get into the web interface. Do I need to remove LAN and only have the 3 VLANs and the WAN? Or do I make every VLAN a member of LAN?

4

General Discussion / Re: OPNSense with APs, Wireless Bridge, VLANs

« on: November 30, 2024, 11:49:02 pm »

Patrick,

Ok thanks!

My first hiccup is that when I go to create the VLAN bridge interface, it only shows the LAN and WAN interfaces, not the VLANs I created.  Is that because I still have the physical interfaces bridged? 

I'm a bit worried about losing access to the GUI when I un-bridge those interfaces.  Is there a "proper" way to un-bridge them without having to go put a monitor and keyboard on the router?

- Brian

5

General Discussion / Re: OPNSense with APs, Wireless Bridge, VLANs

« on: November 30, 2024, 11:37:21 pm »

Patrick,

Thanks for the quick reply. 

I'm testing this out to begin with the IOT VLAN.  I created 3 VLANs.  One, each, with opt2, opt3, and opt5 (respectively) as the parents, with the same VLAN tag of 2.  Is that correct (see attachment)?

I assume I need to remove all physical devices from the current bridge, which is assigned to LAN?  All 5 non-WAN interfaces are currently members of bridge0, which is the LAN bridge.

If that is correct, then I would create a bridge interface that includes those 3 physical interfaces? 

I am still confused a bit on the after-config, but one step at a time here.

Thanks for the help!

6

General Discussion / OPNSense with APs, Wireless Bridge, VLANs

« on: November 30, 2024, 11:10:03 pm »

Hello,

I am having a heck of a time understanding how to (and how not to) configure my OPNSense router the way I need to.

I have a 6-port OPNSense router (currently 0-4 bridged to LAN, 5 is WAN).  I had a Google Nest mesh setup that I just removed and installed 2 Zyxel NWA-130BE Wifi7 access points so that I can use multi-SSID/VLAN tagging to isolate my chinese devices, main computers, TVs, printers, cameras, etc... from my server LAN and basically lock down my network how I want it. 

It's my understanding that I can't use a bridge interface on the router if I want VLAN tagging.  I have attached a diagram of what I'm trying to get to, but I can't for the life of me figure out how to get there in OPNSense. 

I guess my question (may be more, but I'm not sure what else to ask) is:
   How do I configure my LAN interface(s) to be able to have the router do DHCP (static and/or dynamic) for all the VLANs (1.0/24, 2.0/24, etc..) while allowing me to use firewall rules on the router to control what traffic can pass between VLANs. 

I need to be able to run Home Assistant from my Proxmox server, but all my IOT devices (light bulbs, switches, etc...) are going to be on the wireless APs on VLAN 2.
 
Any help is greatly appreciated.  I have a good and stable setup right now, but it's not how I need it to be.

Thanks, in advance!

Brian