Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Too stupid for one nic setup (Omada)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Too stupid for one nic setup (Omada) (Read 230 times)
Aurel81
Newbie
Posts: 18
Karma: 0
Too stupid for one nic setup (Omada)
«
on:
November 13, 2024, 09:43:39 pm »
OK ... got a omada switch, controlled by omada software.
Zimaboard for baremetall opnsense
and like to set it up as one nic router (as i have 2 wans) but for the moment, a simple connection would be great ;-)
Switch Setup
1 -> Default (Interface)
5 -> LAN (VLAN)
100 -> WAN 1 (VLAN)
Port 1 -> WAN. Native 100 + Untagged 100
Port 2 -> LAN Trunk. Native 1, Tagged 5+100, Untagged 4
Port 3 -> LAN. Native 4, Untagged 5
Opnsense configured on re0
LAN re0_vlan5
WAN re0_vlan100
i thought i understood, tried to replicate tutorials , but it seems as if i havent understood (un)tagging...
but i dont get a WAN IP :-/
Can you pls help me out, finding the problem (for that, tell me pls what you need to know :-) ) ? most probably its easy, but i am too stupid for days now...
Logged
meyergru
Hero Member
Posts: 1680
Karma: 165
IT Aficionado
Re: Too stupid for one nic setup (Omada)
«
Reply #1 on:
November 13, 2024, 10:39:22 pm »
What configuration does your ISP need? DHCP? VLAN? If the latter, you would either need QinQ or leave Port 1 untagged - that is, if your ISP wants DHCP over VLAN 100.
Some providers also lock in the MAC of their own router...
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Aurel81
Newbie
Posts: 18
Karma: 0
Re: Too stupid for one nic setup (Omada)
«
Reply #2 on:
November 13, 2024, 11:36:55 pm »
as far as i know, they dont require anything like that. ISP -> Modem -> Router.
at the moment i am using the WAN directly plugged into the 2nd port of the zimaboard.
my isp is vodafone in germany, using cable
«
Last Edit: November 13, 2024, 11:45:52 pm by Aurel81
»
Logged
EricPerl
Jr. Member
Posts: 88
Karma: 2
Re: Too stupid for one nic setup (Omada)
«
Reply #3 on:
November 14, 2024, 02:40:16 am »
See disclaimer at the end.
FWIW, I haven't tried such one NIC setup but I gather that your OPN WAN traffic is VLAN 100 tagged and your LAN traffic is VLAN 5 tagged. No untagged interface on that physical device.
I'll assume the ISP expects untagged traffic and offers DHCP.
I believe the following should work:
You might want to start by setting the management VLAN of your switch off of an untagged physical NIC.
There's an Omada guide for this. Create an additional VLAN for that (e.g. 2).
After you've done that, you can change the VLAN of the default Omada interface to a bogus value (999).
You can reparent VLAN 2 to re0.
The port connected to the controller should use profile 2 (done as part of the management network change).
The port connected to the router should use a profile with 2, 5 & 100 tagged (the All profile should work).
All you LAN devices should be connected to a port with profile 5.
The port connected to the ISP should use profile 100.
WARNING:
This looks fairly unconventional to me, and I wouldn't trust myself to run it.
The switch will be subjected to internet traffic that's potentially malicious BEFORE it is rejected by the FW...
If it gets compromised, your entire network LAN traffic is potentially exposed.
Misconfiguration of a switch port could also have dire consequences (exposing the client to the internet if it gets an IP). And so on...
I would test this behind a legacy router first...
Logged
Aurel81
Newbie
Posts: 18
Karma: 0
Re: Too stupid for one nic setup (Omada)
«
Reply #4 on:
November 14, 2024, 11:21:59 pm »
ok ... i need to check that. but yeah, the isp provides WAN via DHCP and expects most probably untagged traffic ...
maybe i have time to test it on the weekend.
thank you so much for the help!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Too stupid for one nic setup (Omada)