Messages

I  have already set a static IP on the VLAN of 192.168.10.1 and have a  range of 192.168.10.50-192.168.10.100 on the dhcp server.
I've tried changing the vlan interface parent from the LAN port to another unused NIC port and plugging directly into the router but my laptop still didn't receive an address. I'm thinking of trying a full factory reset to see if it helps or perhaps plugging the AP directly into the router without my switch

DHCP server is enabled on the VLAN interface and yes switch port 1 goes to router and 2 to AP.
I left port 1 & 2 tagged, but added port 3 as an untagged member port of the VLAN 10 and adjusted the PVID to 10 for port 3. When i connected my laptop, it didn't receive an IP
Any idea why opnsense isn't giving network access if the DHCP server is enabled?

I had vlans disabled for the SSIDs that were already running, but the test SSID had VLAN enabled as per the screenshot. Yet when i connect to this test SSID, i get no network access and don't get assigned an IP

More screenshots, please let me know if anything else is helpful

Screenshots of configs attached

Like a diagram of the setup? Any advice on what application I can use to create a diagram like this?

I went and bought a tp link managed switch so that I could get rid of my bridge and then assigned ports 1 and 2 of the switch as tagged for a test vlan (these ports are connected to my opnsense PC and my access point). I set this vlan up in opnsense (with Lan port as parent), assigned it to an interface and enabled dhcp server for the vlan interface. I then cloned the allow all rules from my Lan interface to the vlan (only changing the interface and source). When I add an extra ssid mapped to this test vlan on my access point, my laptop is not assigned an IP and has to self assign again and I can't ping anything.

Any idea why the vlan is not working? Thanks

I did adjust the tunables as per the opnsense documentation. I'll try disabling DHCP on the VLAN within the bridge and see if that improves my problem. I think it's also probably time to buy a switch and stop messing with this bridge too!

Thank you pmhausen, your answer has helped me a lot. I didn't know you couldn't have a VLAN on a port that is part of a bridge. I carried out your instructions almost exactly except that i put my IOT VLAN into my LAN bridge and kept my trusted VLAN outside the bridge since i only have 4 trusted devices (two laptops and two phones) so it's easier to seperate them out rather than all the individual IoT devices.

Do i still have to enable DHCP on the VLAN contained within the bridge or is this handled by the bridge? Also if i have an allow all rule for my trusted VLAN, can it connect via telnet and ssh to devices in the other VLAN? I tried telnet from my laptop and it said connection refused despite being able to ping the destination device

I only have one access point and want to divide the devices connected into two subnets

Ok that makes sense. Thanks for your prompt reply

I have an opnsense router with quad NIC with 3 of the ports setup with a LAN bridge and the 4th being WAN. Tonight, i tried creating two VLANs with tags 10 & 20, with the parent set as the one of the bridged ports (igc0). I created firewall rules for the two VLAN interfaces to allow all traffic and also enabled DHCP on both interfaces. Then i went to my access point which is plugged into to igc0 and assigned VLAN tags 10 & 20 to the 5ghz and 2.4Ghz SSIDs. Upon doing this, i immediately lost all network access through wifi and couldn't ping anything. Actually, my wifi connected laptop stopped being assigned an IP adress and had to self assign.

Any reason why this would happen, considering i only had a single allow all rule assigned to the interface? i feel like it might be related to the fact that i have a LAN bridge set up linking 3 ports on my router (in place of a switch)

Hi, I run opnsense on a mini PC along with home assistant on a raspberry pi running some IoT devices. I plan to move the home assistant and all IoT devices to a separate vlan from my laptop and phone for security purposes.

I'm a networking newbie so wanted to ask, will this break any of my automations or functionality? I assumed it wouldn't matter as long as home assistant and the IoT devices are on the same VLAN. I also assume I'll have to put in a rule to allow me to access the web GUI for home assistant as well (perhaps only allowing port 8123). Any other rules I might need to setup?

I was also thinking I could seperate the VLANs and initially allow all traffic but measure traffic crossing the VLAN boundary to see what rules I might need to apply. How would I go about logging the traffic between the VLANs like this?

Thanks

Wish I read this before I picked an eap670 up on the way home today!
Are there any issues if I don't wish to use IPv6? Also this is probably a stupid question but can I place different ssids on different VLANs and preserve these tags thru a smart switch? I've always thought that smart switches only allowed one tag per port

I was looking to buy the tp-link eap670 as an access point for my home. Will I need a seperate controller? Any issues using this AP with opnsense?

Thanks in advance

Hi
I have setup opnsense to route all LAN traffic through a VPN tunnel using PIA and wireguard (as per script made by Fingerless Gloves) but apparently there may still be DNS leaks if using a local DNS server. I use the unbound DNS server on opnsense, how can I route this through the tunnel to avoid DNS leaks. Or is there another easier way to avoid leaks?