Help needed in setting up vlan in opnsense

[jw64]

I am trying to set up a vlan in my opnsense box.

Following the instruction in https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-vlan-on-opnsense, I created a VLAN1 using a physical lan port LAN1 as its parent.  The LAN1 port static address is 192.168.3.1, and VLAN1 is 192.168.100.1. The VLAN1 interface is assigned to a logical interface and enabled. Both have DHCP enabled in their respective subnets. For testing purpose, I created firewall rules to allow VLAN1 to reach any network. I have a laptop physically linked to the LAN1 port via ethernet cable.  When I put the laptop in the LAN1 subset (by using a static IP address 192.168.3.10), it works normally.  However, when I change the laptop to the VLAN1 subset (by using a static IP address 192.168.100.10), it cannot reach internet, and no other devices in my home net can reach that laptop.  Any clue how to debug and correct the problem? Thanks.

Jim

[Patrick M. Hausen]

You cannot place a laptop into a VLAN by merely changing its address. You need to configure the network interface to use the VLAN tag 1 on the connection.

Commonly this is done by a managed switch that runs a tagged interface (called a "trunk") to OPNsense and presents an untagged interface to the laptop. The tagging and untagging is done on the switch fabric.

Without a managed switch VLANs do not make much sense. What VLANs do:

- partition your switch into N smaller switches
- connect OPNsense to all of these smaller switches over a single cable

What VLANs don't do:

- magically sort your clients into networks based on IP address

HTH,
Patrick