VLAN setup DHCP works, but cannot ping gateway

[scooby420]

Hello, I've recently decided to dabble with VLANs with no prior knowledge of how it works, so this is a learning experience for me. I've set it up similarly to what most tutorials I've found have done (ex. https://www.wundertech.net/how-to-set-up-a-vlan-in-opnsense/) and have created a VLAN with an ID of 30, I haven't changed the setup for the default LAN and those packets are not tagged with any VLAN ID.

My setup is pretty simple for now, and if (or when) I get VLANs to work I'd like to expand it, but right now it's:

OPNSense box -> [ managed switch port 8 (tagged VLAN 30) -> managed switch port 5 (untagged VLAN 30) ] -> Computer

Connecting a computer using this scheme, the computer gets designated an IP from the VLAN range, but whenever I try to ping anything on the network it just times out (this includes the gateway and any other devices I connect to the managed switch). I've checked the rules and have added a rule similar to the default "allow LAN to any rule". Looking at the live view I cannot see any blocked requests with a source or destination ip of the VLAN.

I'm not sure what the next step in debugging the issue would be, would it be possible to send a request out and see where it fails?

[Saarbremer]

Hi,

if you don't see anything in the firewall live view you might want to double check your switches' and OPNsenses configuration.

First aspect:
I'd recommend to tag all VLANs on that last trunk and also on OPNsense. The reason is that OPNsense does not work very smoothly with untagged/tagged combinations.

Second aspects to check:
* Client host is connected to an untagged port in the respective VLAN
* Switch has either a dedicated connection to the other switch or a trunk where VLAN 30 is tagged on both ends
* Other switch provides a trunk to OPNsense. That is: VLAN 30 tagged + VLAN 1 untagged - or if you'd follow my recommendation it's both VLANs tagged.

Some switches (netgear) want you to define a PVID for every port as well. Make sure it is set to the VLAN's ID that is untagged on that very port.

Make sure you allow all traffic to destination "This firewall" and start testing with Ping until you can reach your gateway. Good luck.

[CJ]

Hello, I've recently decided to dabble with VLANs with no prior knowledge of how it works, so this is a learning experience for me. I've set it up similarly to what most tutorials I've found have done (ex. https://www.wundertech.net/how-to-set-up-a-vlan-in-opnsense/) and have created a VLAN with an ID of 30, I haven't changed the setup for the default LAN and those packets are not tagged with any VLAN ID.

My setup is pretty simple for now, and if (or when) I get VLANs to work I'd like to expand it, but right now it's:

OPNSense box -> [ managed switch port 8 (tagged VLAN 30) -> managed switch port 5 (untagged VLAN 30) ] -> Computer

Connecting a computer using this scheme, the computer gets designated an IP from the VLAN range, but whenever I try to ping anything on the network it just times out (this includes the gateway and any other devices I connect to the managed switch). I've checked the rules and have added a rule similar to the default "allow LAN to any rule". Looking at the live view I cannot see any blocked requests with a source or destination ip of the VLAN.

I'm not sure what the next step in debugging the issue would be, would it be possible to send a request out and see where it fails?

Post your VLAN firewall rules and other VLAN configuration screens.