DHCP settings unavailable and enable VLAN tagging for LAN interface

Started by hermanlf, February 06, 2025, 10:42:59 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 06, 2025, 10:42:59 PM Last Edit: February 07, 2025, 02:57:45 AM by hermanlf
I have a Proxmox 8.3.0 host with two network interfaces:
vmbr0 is the LAN/management interface
vmbr1 is the WAN interface.

On the Proxmox host I've installed opnsense 25.1 with two virtual nics:
vtnet0 is the WAN interface that is connected to vmbr1
vtnet1 is the LAN interface that is connected to vmbr0
opnsense is accessed via 172.16.2.1 on vtnet1

Two issues:
1 - How do I tag the "default" management subnet with a VLAN ID in opnsense? Is it even possible to do? I'd like to be able to handout an IP based on the VLAN id the switchport is tagged with.
2 - After creating a VLAN in opnsense, the interface does not appear in services for me to setup a DHCP range. Only the "LAN" interface is available for DHCP. I think I'm most likely missing a step. I've been able to do this before but completely forgot.

## My Proxmox Settings ##
Code Select
auto lo
iface lo inet loopback

iface enp3s0 inet manual

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 172.16.2.11/24
        gateway 172.16.2.1
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#LAN

auto vmbr1
iface vmbr1 inet manual
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
#WAN

source /etc/network/interfaces.d/*

The only thing I did on opnsense was to create the VLANs.
February 07, 2025, 01:23:12 AM #1
Assuming the proxmox host is within a private network, you can manage it within a VLAN of that private network.
The .11 IP seems to be assigned to PVE by the way...

On the bridge that's going to be shared for PVE management and OPN-LAN, you need to separate that LAN traffic by specifying a VLAN.

I've done a 1 NIC setup recently:
https://forum.opnsense.org/index.php?topic=45437.msg227451#msg227451
That gives you a clue about what you need to do during the installation.

And FWIW, what you missed in an interface assignment. After you create the VLAN, you need to assign an interface to it.
February 07, 2025, 10:10:34 AM #2
Thanks @EricPerl

- Now my only problem is that I just can't seem to get the VLAN02 interface to show up in ISC DHCPv4.

So far I have:
1. Created the vlan02



2. Assigned vlan02 to VLAN02 Interface



3. Only the LAN interface shows up under Services > ISC DHCPv4







 
February 07, 2025, 10:31:45 AM #3
Have you navigated to Interfaces > VLAN02 and enabled the interface? And assigned at least an IPv4 address?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 14, 2025, 01:58:51 AM #4
@EricPerl

Thanks so much for your reply. Sorry for the late response but I was on an off-roading trip with my friends.

Anyway, I have enabled the VLAN02 interface.


But the DHCP IP assignment area looks strange to me. It's not like what I have seen in screenshots.


Any ideas?
February 14, 2025, 05:27:34 AM #5
This is your interface for the VLAN so you generally need to give it at static IP on a different subnet to LAN.

Have a look at your LAN interface setup and do something similar but use a different subnet. e.g.

LAN Interface: 192.168.1.1/24
VLAN1 Interface: 192.168.2.1/24

Then you use services such as ISC DHCP to setup dhcp on this interface...



February 15, 2025, 07:15:15 PM #6
Correct, the LAN is by default set up with a static IP address.
You need to replicate that for additional interfaces, even if there's a DHCP server for that VLAN, and it's likely there is not one.
That was the second part of Patrick's reply #4...

FWIW, a useful convention is to use the VLAN ID in the subnet, as in 192.168.ID.0/24.
This way, it's pretty easy to verify that a device is getting its IP from the expected VLAN.
And looking at logs, it's straightforward to identify the VLAN of the remote machine.
Print
Go Up Pages1
User actions