Messages

"Then you need to set up LAN and GuestWifi tagged on OPNsense without a bridge interface, configure VLANs 2 and 3 on the port connecting your switch to OPNsense by using the management interface of the switch, similarly configure VLANs 2 and 3 on the ports connecting the APs, and map the SSIDs to the VLANs."

In the above set-up, what setting do I use in R7000 DD-WRT?  Right now, it's set as Router (which I believe is bridge mode).

Unfortunately, it is an unmanaged switch.  I will look for a managed switch.

"Assuming your OPNsense interfaces are e.g. em1 for WAN, em0 for wired LAN and em2, em3, and em4 running to your APs, you need to:"

em2, em3, and em4 are empty ports on the OPNsense.  I run em0 to a TP-Link 24 port Gigabit Switch (TL-SG1024S) that then runs individual wires to each AP.  I use each AP for both wired and wireless connections.  Each AP is running DD-WRT with br0 connecting eth0 and eth1 and vlan1, which is not tagged.

Here are my interfaces...

I'm a newbie and I'm starting to get confused.

My original set-up was OPNsesne connected to 3 R7000's running in dumb AP mode. The OPNsense provided the DHCP to each on my LAN (everything has the same IP range).  It's works fine.  I just want to create a Guest WiFi that is separate is all I am trying to do.

What if I create another tagged VLAN (#4) for Trusted WiFi.  Can I specify in OPNsense that Tagged #4 use the same IP range as my LAN, just a different subnet?

Newbie here.

I am running OPNsense Version 25.1-amd64 connected to a Cable Modem and 3 Netgear R7000 running DD-WRT v3.0-r59468 std (02/02/25).  I have successfully implemented a Wireguard/ProtonVPN connection.  I followed the instructions to setup a Guest Network (https://docs.opnsense.org/manual/how-tos/guestnet.html).  I was able to create and implement VLAN (tagged #3) on the R7000 serving a Guest WiFi which works as expected (i.e., OPNsense DHCP assigns an IP in the Guest Network which is separate from LAN).

However, I also want to connect to WiFi like I did prior to the Guest WiFi was implemented.  I only have 1 ethernet cable connected to a single physical Port running from the OPNsense to each R7000.  Whenever I tag the VLAN (#3) and assign it to that physical port, I lose the ability to connect the Trusted WiFi (untagged VLAN #1) to the LAN and getting an IP within my LAN.

Can I have both a tagged VLAN (#3) and an untagged VLAN (#1) running over a single physical port?

Thoughts?

Thanks in advance.