Vlan 1 & switch issue

[Dozza07]

Hi,

I'm trying to setup a ubiquity switch with opnsense but i have ran into a vlan 1 issue.

so when you setup a ubiquity switch it will assign itself an ip of 192.168.1.20 on vlan 1.

now, i have setup vlan 1 and also even the interface with a gateway of 192.168.1.254

i have one cable going from opnsense to ubiquity.

all vlans seem to work but any hosts on vlan 1 ( 192.168.1.x/24)

i cant get to the switch on 192.168.1.20 to manage it .

any ideas?

[Patrick M. Hausen]

Ubiquiti insist on running VLAN 1 untagged throughout the layer 2 domain. Which does not make much sense but as far as I know cannot be changed.

Since mixing tagged and untagged VLANs on a single port is discouraged in OPNsense, we use an extra untagged port for VLAN 1 and a trunk port with all tagged VLANs.

HTH,
Patrick

[Dozza07]

Hi patrick.

Thanks for clearing that up. So how does the config on the opnsense should look like.

So i have 2 connections to the ubquity switch now and would like to know the correct way to configure it on the opnsense side

so im trying to configure igc1 as the trunk port and igc2 as the untagged vlan 1 port

under assisgnments
lan 1 --> under device --> igc1
lan 2 --> under device - vlan01
is this correct?

[Patrick M. Hausen]

You create all your VLAN devices on igc1 and leave igc2 as is.

Assuming VLAN 1 is your "LAN" you assign "LAN" to igc2 and all other interfaces, OPT1, OPT2, ... to the various VLANs in igc1.

From OPNsense's point of view there is no VLAN 1, just an untagged regular port.

[Dozza07]

sorry patrick i think i have confused myself..
please see attached photos..

so i want igc1 to have all my vlans besides vlan 1
igc2 to be vlan 1 as you mentioned.

what about the uquity end?

[Patrick M. Hausen]

Ubiquiti end - create a profile named e.g. "trunk" carrying all VLANs except VLAN 1. Assign to some port, connect to igc1. Connect arbitrary port with default profile to igc2.