Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Home network with OPNsense, UniFi, and Asus AP (FreshTomato) - VLAN help
« previous
next »
Print
Pages: [
1
]
Author
Topic: Home network with OPNsense, UniFi, and Asus AP (FreshTomato) - VLAN help (Read 115 times)
OPNenthu
Newbie
Posts: 5
Karma: 0
Home network with OPNsense, UniFi, and Asus AP (FreshTomato) - VLAN help
«
on:
November 20, 2024, 12:58:52 pm »
I have an OPNsense appliance with a UniFi L3 switch and an Asus RT-N66U WiFi router converted to an AP with FreshTomato firmware. Strange bed-fellows, but I think they can get along.
Attached is the topology I'd like and need your input, particularly on using VLAN 1. This VLAN ID is a source of confusion.
I want all the network devices on a subnet, which I refer to as the "Default" network as that is what UniFi calls it and assigns as VLAN 1. I'd like to manage devices in this network from my PC on the "Home" subnet, VLAN 20, and would like only a single tagged trunk from OPNsense. All the subnets, including Default, should be set up on igc0 (what is typically the default LAN interface parent).
A small complication here is that I don't have a dedicated host for the UniFi controller to keep on the Default network, so I'm having to run it within a VM on my PC on the "Home" net. I know of some tricks to host it like this using
DHCP option 43
in ISC, DNS overrides for the "unifi" host name, and firewall rules to allow the inter-VLAN traffic. There is a chicken-and-egg problem here though, as the switch needs to be adopted before the VLANs can be set up. I might need to migrate my desktop PC between subnets while setting things up.
My main questions are relating to VLAN 1. I've read many comments about it, and remain unsure what to do with it. I'm thinking that I can use it just like any other VLAN tag. Please correct me. Is VLAN 1 special in some way, or is it just conventionally used for untagged frames? Can I safely use it for tagged traffic instead on the OPNsense trunk?
In UniFi I would tag all the VLANS (1, 10, 20, 30) on the OPNsense trunk and leave nothing as Default. On the AP trunk I leave VLAN 1 as default (required) and tag only 10, 20, 30.
I'm thinking to reset OPNsense and when it asks for manual interface configuration, I will tell it to create 4 VLANs with igc0 as the parent: VLAN 1, 10, 20 and 30. I assign VLAN 1 (igc0_vlan01) as the "LAN" with the IP 192.168.1.1. I configure WAN as usual on igc1, and do absolutely nothing with igc2 and igc3 (leave them unassigned and disabled). My router has 4 NICs but I think I only need to use 2.
Am I on the right track with this or am I misusing VLAN 1?
Logged
dseven
Sr. Member
Posts: 300
Karma: 33
Re: Home network with OPNsense, UniFi, and Asus AP (FreshTomato) - VLAN help
«
Reply #1 on:
November 20, 2024, 01:59:50 pm »
Will UniFi let you tag VLAN 1 on a switch port? If so, I think the track you're on should be OK. OPNsense doesn't attach any special meaning to that ID (AFAIK).
«
Last Edit: November 20, 2024, 09:25:33 pm by dseven
»
Logged
OPNenthu
Newbie
Posts: 5
Karma: 0
Re: Home network with OPNsense, UniFi, and Asus AP (FreshTomato) - VLAN help
«
Reply #2 on:
November 20, 2024, 08:56:17 pm »
Indeed it does. I have three options in UniFi controller for ID 1 on any given port:
1) I can leave it as untagged
2) I can tag it
3) I can disable it
In UniFi lingo these options are "Native," "Tagged," and "Blocked," respectively.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Home network with OPNsense, UniFi, and Asus AP (FreshTomato) - VLAN help