"
Hey everybody! First post here. So, first of all, I'm pretty new to networking in general, but I fell in love with opnsense and want to learn more. So I quickly converted my old router, the RT6600AX, into an AP and happily started to create a VLAN network tagged 10. I'm using a TP-Link SG2210P switch, and have made sure to set the port from the AP to the switch, and also the one from switch to opnsense, into "tagged".
With the help of AI, I have created a guest VLAN, tagged 10, the same as on the AP and switch, however no matter how I try, I don't seem to be able to create an isolated VLAN in spite of correct rules (I believe). When connecting to the guest network on 192.168.10.x, I can still ping devices on 192.168.1.x although my first rule is to block traffic to 192.168.0.0/16 "in" from the guest interface. Grok suggested floating rules in "out" direction, but I tried that as well.
When checking the opnsense live log, I notice the ping is present from the phone, but coming from the standard LAN interface in spite of all my struggles. Grok's theory is that the synology AP simply doesn't send the tag correctly so it all ends up on the same network in opnsense anyway.
I'm not sure if anyone understands what I'm writing here. I guess I'm interested in knowing if anyone else has had any luck with the synology AP for isolated VLAN, or if it rather belongs in the trash can?
With the help of AI, I have created a guest VLAN, tagged 10, the same as on the AP and switch, however no matter how I try, I don't seem to be able to create an isolated VLAN in spite of correct rules (I believe). When connecting to the guest network on 192.168.10.x, I can still ping devices on 192.168.1.x although my first rule is to block traffic to 192.168.0.0/16 "in" from the guest interface. Grok suggested floating rules in "out" direction, but I tried that as well.
When checking the opnsense live log, I notice the ping is present from the phone, but coming from the standard LAN interface in spite of all my struggles. Grok's theory is that the synology AP simply doesn't send the tag correctly so it all ends up on the same network in opnsense anyway.
I'm not sure if anyone understands what I'm writing here. I guess I'm interested in knowing if anyone else has had any luck with the synology AP for isolated VLAN, or if it rather belongs in the trash can?
