VLAN & DHCP problems [Solved]

[pankaj]

Hi,

I'd like to run a guest wifi on a VLAN on my home network so did following steps:

1. Picked on port on OPNSense appliance and created a VLAN (=4) on one of the ports, this port does not run any tagged interface and only the VLAN (=4).
2. Added a DHCP server on the VLAN with 192.168.4.x
3. The VLAN port is physically wired to another corner of the house (behind the walls) and at the outlet there is a L2 managed switch. And there is a VLAN (=4) port configured on L2 switch.
4. For testing, when I connect a laptop to VALN(=4) configured port on L2 switch I get a correct IP assigned in the 192.168.4.x subnet...so far working good.

This is where I am running into problems:
The only FW rule on VLAN(=4) interface is to allow all traffic outside (attached screenshot). From my laptop when I ping 8.8.8.8, the logs shows that it gets to the gateway of 192.168.4.x subnet but no response comes back and the laptop machine cannot get to anything past the gateway.

I'll appreciate any pointers to get this working, it seems simple enough that I cannot find any reasons for it not to work.

Thanks.

[Greelan]

Is the connection between OPNsense and switch trunked with VLAN4?

[pankaj]

I am very new to VLAN but think that is the case for few reasons:

- using a TrendNet TEG S80ES switch where port-1 (VLAN 1) is the static tagged port & connected to the wall socket. Within the UI for switch there are VLANs configured using other ports for TV, IoT & GuestWifi. The two other VLANs for TV & IoT are working fine.

- I am using Archer A7 for GuestWifi in AP mode for this setup but when I change the mode from AP to router then all the clients connected to GuestWifi are able to get to the Internet. But the drawback in this case is that TP Link router starts running its own DHCP for clients with 192.168.0.x subnet. Ideally I'd like to handle all DHCP and FW rules on OPNSense box.

Since the second scenario is working, I inclined to think that connectivity between the L2 switch port and OPNsense has been configured correctly.

[pankaj]

Another clarification, on OPNSense the port running VLAN does not run any untagged interface or any other DHCP subnet so its only one VLAN (with unique subnet) for each port.

[Greelan]

Hard to say then. I have 4 VLANs running tagged on a port with no untagged network and it’s all fine. Maybe double check all your OPNsense config for VLAN4

[pankaj]

Fair point, I think I will take a break and check the configurations again!

The same setup is working for IoT AP using another router so most likely I must've messed up some detail in the set up.

Thanks for looking over details!!

[AbstractGeo]

It's possible that the VLAN configuration on your switch is a bit tricky!

In settings, go to VLAN - then PORT.  Make sure your port that you want to be on VLAN 4 UNTAGGED are set to PVID 4.  (It needs to match one side vs. the other. If OPNSense is conneced directly to this without an intermediate switch, the VLAN 4 thing needs tto be set to PVID 4 - Primary Vlan ID)

On my TPLink, you need to set not just You need to do the following, if you're using 'untagged" VLAN 4 on the OPNSense side

The port on the other side shgould be configured to be Untagged, and VLAN 4 - but you also need to go to the "NATIVE VLAN" setting, 

[pankaj]

@AbstractGeo thanks for your comments. This may be in right direction but I don't know enough about VLAN so perhaps let me do a better job of explaining the topology.

Attached is a simplified diagram of my home network.

1. The OPNSense box is running two VLANs on its port (assuming these are tagged) and these two ports connect directly to an unmanaged switch.

2. The unmanaged switch connects all the RJ45 wires running behind the walls and take the network to each room.

3. At the room where I have the two routers, the wall socket connects to a managed switch which only only has one Static Tagged port and all others are static untagged. Two of the ports on the switch are configured for VLAN=2 & 4

4. The VLAN=2 port is connected to an Orbi router in AP mode and it works like a charm

5. The VLAN=4 port is connected to TP Link router in AP mode and it does not work!

6. The VLAN=4 port gets even more confusing with following parameters:
  a. If I connect a laptop to this port (instead of TP Link router), the laptop gets the correct IP address from OPNSense but no connectivity.
  b. If TP Link router is connected in router mode (instead of AP mode) then everything works except for the fact that TP Link is running its own DHCP subnets for connected clients.
  c. The TP Link router in AP mode meets the same fate as the laptop scenario

Honestly I can live with the 6b configuration but why Orbi router is working and not the TP Link is driving my curiosity 

[pankaj]

The problem got solved by following these steps:

1. First configured the VLAN on switch from 2 to 4 (working VLAN)
2. Connected a laptop to the switch, the laptop got connectivity so eliminated any potential wiring issue or OPNSense LAN port issues (whew!)
3. Changed the VLAN on the same port from 4 to 2, assigned static IP for laptop's MAC....bingo success again!
4. Now switched the laptop with A7 Archer router and all worked like a charm!

Since I did not find any problem in any of the setup, I am still not sure why it did not work for so many days but not complaining