NIC - IP and VLAN

Started by spetrillo, October 19, 2021, 08:00:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 19, 2021, 08:00:05 PM
Hello all,

Is it possible for a NIC to have both an IP assigned to it and then a VLAN running on top with another subnet?

Thanks,
Steve
October 20, 2021, 08:59:43 AM #1
Possible yes, but it's discouraged.

See for example this thread:
https://forum.opnsense.org/index.php?topic=25130

Create an extra VLAN for the subnet you intended to use untagged ...



Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 20, 2021, 04:52:05 PM #2
Hmmm...ok that makes sense but here is my new question...

Can the default LAN interface have just a VLAN on it? Will it operate? I could create vlan 0 to be 192.168.1.0/24 but I am not sure this will work. Second I would assume you would take the default config and not configure vlans on installation, then make the changes post install?
October 20, 2021, 05:00:30 PM #3
1. VLANs start with 1.
2. Yes, of course, the physical interface can have only VLANs on it and everything is managed via those VLANs. That's the recommended configuration.
3. Your switch needs to carry all your VLANs tagged on that port where your OPNsense is connected (so called "trunk port" in Cisco terminology).
4. Yes, you do a default install, then change after installation. Can be done on the console IIRC.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
October 20, 2021, 05:36:24 PM #4
Sorry for all the networking questions...vlans confuse me!

Ok so my original OPNsense firewall has the default LAN interface as 192.168.1.1/26. It is connected to an untagged port on my main switch and I can ping the interface no problem. My vlan 1 is 192.168.0.1/24 and contains mgmt IPs for all my devices. I really do not want to change vlan 1, but I could delete the LAN interface and instead run vlan 1 across it. I would have to shuffle IPs but this is doable.

Sound doable to you?
October 20, 2021, 06:35:52 PM #5
So I did a few things.

I removed the default LAN interface and configured vlan 1 to run across this interface. I re-configured everything, so that my DHCP scopes would point to this new IP(192.168.0.1) as the new DNS IP. It seems things are still rolling on the current firewall, or else my wife would be screaming at me right now.

I have a more powerful firewall about to be implemented, so this should go in smoothly, now that the LAN interface is running a vlan and nothing more. All my subnets are now vlans.
Print
Go Up Pages1
User actions