Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
VLAN Config
« previous
next »
Print
Pages: [
1
]
Author
Topic: VLAN Config (Read 2153 times)
spetrillo
Hero Member
Posts: 721
Karma: 8
VLAN Config
«
on:
March 28, 2023, 06:13:48 pm »
Hello all,
I am somewhat new to the world of vlans and trying to do some segregation on my home network. I am in the midst of building a new firewall to do this and having some trouble getting vlans to work.
Right now I have a trunk connection from my main switch to a small switch in my lab. It is trunking vlan 1 only. Attached to my lab switch I have my new firewall and a PC. Right now the default LAN interface is connected and it is set to 192.168.1.2. My PC is connected as 192.168.1.3. MY PC's port on the switch is set to untagged and the LAN interface is also set to untagged. I can connect to the new firewall's GUI and have also set an upstream gateway to my current firewall, so I can get updates and access to the Internet.
Now I have enabled OPT1 on the new firewall, and configured vlan01 on the interface. Vlan01 has a static address of 192.168.1.4, and should not interfere with the LAN interface, as I disconnect the cable on the LAN interface and connect it to the OPT1 interface. I go into my lab switch and configure the switch port attached to the OPT1 interface as tagged. The PC remains as untagged. I try to ping vlan01(192.168.1.4) and I get no response.
What am I doing wrong?? I cannot for the life of me get vlan01 to respond back to me. I checked and made sure I have a rule on the new vlan that lets all traffic in/out, so I do not believe its that.
Thanks,
Steve
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: VLAN Config
«
Reply #1 on:
March 28, 2023, 06:30:33 pm »
Do you have any firewall rules that allow pinging the OPNsense box on that interface?
Logged
„The S in IoT stands for Security!“
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: VLAN Config
«
Reply #2 on:
March 28, 2023, 06:51:08 pm »
Only the one default rule, which is the same as LAN interface.
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: VLAN Config
«
Reply #3 on:
March 28, 2023, 08:22:13 pm »
You can't use the same subnet on multiple vlans.
Vlan01 is an internal naming convention for opnsense, what tag did you actually use?
If you are using a physical interface on the router, you aren't using vlans. Is OPT1 physical?
You only tag a vlan on a port if the device you're connecting it to is also tagged with that vlan.
You aren't very clear with the details so hard to say but if OPT1 is physical, don't tag the switchport it connects to.
Why are you using .2 as gateway? and for that matter .4 for the other gateway.
Set the lan to 192.168.1.1 and the second subnet to something else like 192.168.2.1.
Logged
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: VLAN Config
«
Reply #4 on:
March 28, 2023, 08:51:13 pm »
Ok vlan01 has a tag of 1, with a static IP of 192.168.1.4/24. Vlan01 is on top of the OPT1 physical interface. No config on the OPT1 physical interface, which is the main difference over LAN physical interface, which has a static IP of 192.168.1.2 and NO vlan assigned.
My switch ports are set as follows:
1) PC is set to vlan 1 - untagged
2) LAN interface is set to vlan 1 - untagged
3) OPT1(VLAN01) inteface is set to vlan 1 - untagged
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: VLAN Config
«
Reply #5 on:
March 28, 2023, 09:27:51 pm »
You can't use vlan1. Change it to anything else. vlan1 is kinda "special" and is the default vlan of just about every switch ever made.
Again, you can't use the same subnet across vlans. Change it to anything else. Convention will say to use the same tag as subnet, ie 192.168.10.0/24 will be vlan 10, 10.10.20.0/24 will be vlan 20 etc, but that's personal preference.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
VLAN Config