Show Posts
1
21.1 Legacy Series / Guest VLAN and DHCP - another one
« on: May 12, 2021, 02:02:45 am »
I'm simply trying to set up a simple VLAN for a guest PC. Something is not right and would appreciate some guidance.
Opnsense:
1. Create VLAN 30 - GUEST
2. Interface GUEST - vlan 30 on LAN network port (in my case re1). Enabled device with static IP 192.168.30.1/24
3. DHCPv4:[GUEST] with an IP range 192.168.30.100 - 192.168.30.200
4. Created a firewall rule for GUEST:
IPv4 * GUEST net * * * * * Default allow GUEST to any rule
and there are 3 automatically created rules to allow access to DHCP server
On the switch (Aruba 1930)
1. Create VLAN 30
1. Port 1 on the switch is a trunk to opnsense - VLAN 30 included/tagged
2. Port 15 on the switch is for a guest PC - VLAN 30 included/untagged
3. Interface 15 on the switch is set to Port VLAN ID 30
4. Since routing happens on opnsense I've not enabled routing on the switch and no DHCP relay
On the guest PC I keep getting the self-assigned IP address 169...
I suspect it can be
1. the firewall rule
2. some additional config on the switch (I've seen some posts depending on the type of switch requires a static route for the VLAN)
And yes, I did try to disable IPS (that I only use for WLAN anyway) and sensei is only protecting LAN.
Thoughts? I'm just not sure where to look next. My guess at the moment is that it is related to FW rule (I'm new to opnsense). I figured since it is a VLAN there' just an in-rule.
BTW - I can ping 192.168.1.30 from a PC that is connected to the switch connected to another port - basically from the LAN to the VLAN 30 interface on opnsense. If I set a static IP on the guest PC I don't get any traffic. I don't see any action for GUEST interface in the live firewall log.
Opnsense:
1. Create VLAN 30 - GUEST
2. Interface GUEST - vlan 30 on LAN network port (in my case re1). Enabled device with static IP 192.168.30.1/24
3. DHCPv4:[GUEST] with an IP range 192.168.30.100 - 192.168.30.200
4. Created a firewall rule for GUEST:
IPv4 * GUEST net * * * * * Default allow GUEST to any rule
and there are 3 automatically created rules to allow access to DHCP server
On the switch (Aruba 1930)
1. Create VLAN 30
1. Port 1 on the switch is a trunk to opnsense - VLAN 30 included/tagged
2. Port 15 on the switch is for a guest PC - VLAN 30 included/untagged
3. Interface 15 on the switch is set to Port VLAN ID 30
4. Since routing happens on opnsense I've not enabled routing on the switch and no DHCP relay
On the guest PC I keep getting the self-assigned IP address 169...
I suspect it can be
1. the firewall rule
2. some additional config on the switch (I've seen some posts depending on the type of switch requires a static route for the VLAN)
And yes, I did try to disable IPS (that I only use for WLAN anyway) and sensei is only protecting LAN.
Thoughts? I'm just not sure where to look next. My guess at the moment is that it is related to FW rule (I'm new to opnsense). I figured since it is a VLAN there' just an in-rule.
BTW - I can ping 192.168.1.30 from a PC that is connected to the switch connected to another port - basically from the LAN to the VLAN 30 interface on opnsense. If I set a static IP on the guest PC I don't get any traffic. I don't see any action for GUEST interface in the live firewall log.