Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Migrating to vlans
« previous
next »
Print
Pages: [
1
]
Author
Topic: Migrating to vlans (Read 126 times)
9axqe
Full Member
Posts: 201
Karma: 4
Migrating to vlans
«
on:
October 28, 2024, 01:42:50 pm »
Hello all,
it's my second attempt at migrating, the first one wasn't very successful, probably due to lack of preparation.
I have a very simple network, with 192.168.1.0/24 (and IPv6, but let's just consider IPv4 for this, I think I can extrapolate IPv6 config from there). I intend to make this VLAN1. I know best practice is to have a separate VLAN for mgmt, but we're talking about a home, I don't want to switch SSID just to connect to a device in my home – and many of my IoT are unable to separate mgmt and user traffic anyway...
Requirements:
1. keep existing IP/DHCP config and make this VLAN1 / native VLAN.
2. introduce a vlan for guest wifi (VLAN10, 192.168.1.10/24)
I don't really need a LAGG interface, I don't expect more than gigabit on the network (it's a home network).
The switch in front of the opnsense is managed, it's running a recent openwrt and I configured one port to tag both VLAN1 and VLAN10
So far, what I plan:
* remove LAN2/igb2 assignment
* create VLAN intf "vlan0.10" with parent interface igb2, and static IPv4 192.168.10.1
* assign igb2, interface will be now named "igb2_vlan10_GUEST"
Now I'm a little stuck as to how I assign VLAN1 (192.168.1.0/24) to igb2 as well.
Currently, all traffic is coming via LAN1/igb1, which is also part of a bridge. What would be the recommended approach to move this to igb2 as well?
Logged
dseven
Sr. Member
Posts: 301
Karma: 33
Re: Migrating to vlans
«
Reply #1 on:
October 28, 2024, 01:57:48 pm »
It's generally recommended to avoid using VLAN ID 1, as it can have special meaning in some implements. If you want to keep things nicely aligned, maybe you could use 1001 and 1010 or something.
You also need to be careful with the term "native VLAN" - that generally means the VLAN associated with untagged traffic on a given port.
What is the purpose of the bridge of which igb1 is a member? What other members are there?
Logged
9axqe
Full Member
Posts: 201
Karma: 4
Re: Migrating to vlans
«
Reply #2 on:
October 28, 2024, 02:02:19 pm »
>What is the purpose of the bridge of which igb1 is a member? What other members are there?
There was LAN1 and LAN2 that's it, because I had two devices plugged into opnsense at some point. But since I now have a managed switch, I can move away from it and I do not need a bridge anymore.
I'm all for VLAN1001, that's fine for me, IF the managed switch can take untagged traffic in the 192.168.1.0/24 subnet and transform this in tagged VLAN1001 traffic on the trunk toward sense. I need to check if openwrt is able to do this, I think it should be possible though.
Logged
dseven
Sr. Member
Posts: 301
Karma: 33
Re: Migrating to vlans
«
Reply #3 on:
October 28, 2024, 02:20:31 pm »
That should work - you'd just make 1001 the native VLAN / PVID / untagged on the switch ports that the hosts are connected to, and tagged on the "trunk" to OPNsense.
So think you just need to:
Create VLANs 1001 and 1010 on the parent device that will be connected to the switch.
Change the existing interface assignment for LAN to use vlan0.1001 instead of your bridge
Assign vlan0.1010 as for guest, and configure it with IP address 192.168.10.1/24, enable DHCP server, rules to block access to LAN but allow access to any ("the internet"), etc.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Migrating to vlans