OPNSense Inter-VLAN Routing - Can't get VLANs to Communicate?

Started by Servergeek, October 18, 2021, 05:38:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 18, 2021, 05:38:51 PM
So basically I am trying to set up router-on-a stick between a few vlans to segment my network. I have 5 vlans, each is tagged and working through OPNSense. However, I cannot get the interfaces to communicate with eachother.

Basically I have 5 vlans:
VLAN 1 - Default, use for management basically
VLAN 2 - Servers VLAN, going to eventually have all my servers on it
VLAN 3 - Devices VLAN, basically all the normal computer systems on my network
VLAN 4 - IOT Vlan, for any other devices
VLAN 5 - WAP Vlan - going to be all my Wireless access points
VLAN 10 - WAN (Of course want to be separated through firewall)

I can probably do the routing with my switch (Procurve 6600-48g) but I would like to be able to set up firewall rules to block specific traffic between some of the VLANs. (Will eventually do that later)

Basically for right now I want them to all be able to communicate with each other, but no matter what I do I can't ping devices on different VLANs, but the VLANs have access to the internet. Do I need to set up rules to allow communication? I've tried a few different things, like passing out and in from the different interfaces but no matter what configuration I tried I can't get it to work.
October 18, 2021, 06:54:05 PM #1
You just need to set-up rules for each VLAN.
I have three VLANs, pretty small. My Primary VLAN, an IOT VLAN and Server VLAN. Only the primary can access to the other VLANs, they cannot access to the primary. So in the IOT VLAN and Server VLAN I have a rule that allows access from the Primary.


So add the rule as follows:


Action: Pass
Quick: Selected
Interface: IOT
Direction: In
TCP Version: IPv4
Source: Primary_Lan net
Destination: Any


That's it.. should work.

OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
October 18, 2021, 07:27:54 PM #2
So I tried that, but still can't ping a device from the serversVLAN to the LAN or from the LAN to the ServersVLAN.

The only thing that sorta worked was making a floating rule allowing traffic in any direction from all the LAN side interfaces. That allowed pinging devices on LAN network from ServersVLAN but not vise-versa.
July 08, 2023, 05:07:32 AM #3
Did you ever get this figured out? I am having a similar issue
July 17, 2023, 10:29:55 PM #4
Even i have similar issue .Did you find any solution for it
July 25, 2023, 08:53:56 PM #5
I ended up deleting all interfaces and assignments and started adding them back one at a time
Print
Go Up Pages1
User actions