How the hell do you setup a Draytek Vigor130 with VLAN?!?!?!

Started by TechDope, March 27, 2022, 01:54:01 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 27, 2022, 01:54:01 PM
I see that many many many Draytek Vigor130 modems are in use, particularly here in the UK. However, I cannot find a guide any where on how to setup VLANs on this thing :(

My Opnsense firewall is all setup for VLAN, but have no idea how to match these settings on my modem... I am the only Vigor130 Opnsense VLAN user?? Are there others?

This is the page that mentions VLANs, so I guess the settings might be here right?? Really hope somebody out there can help me out with this please.

March 27, 2022, 02:00:16 PM #1
Are you trying to run PPPoE with that?

E.g. here in Germany with Deutsche Telekom you are supposed to run PPPoE over VLAN 7.

Two alternatives:

- configure the Vigor to insert VLAN tag 7 on the DSL interface and not worry about VLANs in OPNsense
- configure the Vigor not to change VLANs and create VLAN 7 on the OPNsense and run PPPoE on that

The details really depend on your ISP, not on the equipment used. You should find better help in e.g. the customer forum of the ISP you are using.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 27, 2022, 08:33:01 PM #2
Thank you, I appreciate your solutions but I have no clue how to do that. That is why I am looking for a step-by-step idiots guide... but I'll check out the ISP forums.

Maybe I should have included more info just in case there are others like me;

ISP: BT (fiber into modem I think).
VLAN: Created a "Work" VLAN on Opnsense so it is separate from the rest of my network. So I'll re-phrase my original question...

Am I the only Vigor130 Opnsense VLAN BT internet user wanting to isolate one PC on a VLAN??
March 27, 2022, 08:52:46 PM #3
VLANs to separate PCs are internal to your network. The Uplink-Vigor-OPNsense part is external to your network (WAN). You do not need to do anything with the Vigor to separate your PC. OPNsense does that.

I obviously assume that you want to use OPNsense and connect to your ISP with the chain above. The important part is to configure your Vigor in modem mode and let the OPNsense handle everything else like e.g. PPPoE. What exactly is needed should be documented by BT ...
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 27, 2022, 10:05:00 PM #4
Ah, that's good news then ;D thanks...soooo, my next completely off topic question is - how do I connect my Windows 10 machine to the new VLAN?

I have setup my VLAN following a guide that I'm pretty sure is accurate, but I have no idea how to test this new VLAN or what settings to add to Windows 10  :(

I'm guessing I have to add Static details to the IPv4 Properties in Windows 10, but where do I get this info from on Opnsense...

IP address:
Subnet mask:
Default Gateway:
Preferred DNS server:
March 27, 2022, 10:47:55 PM #5
The point of VLANs is to have a single physical interface "fan out". So you need a VLAN capable managed switch.

E.g.
Code Select
                                                                     
    Uplink                                                           
                                                                     
       ▲                                                             
       │                                                             
       │                                                             
       │                                                             
       │                                                             
       │                                                             
       │                                                             
┌─────────────┐                                                     
│             │                                                     
│    Modem    │                                                     
│             │                                                     
└─────────────┘                                                     
       │                                                             
       │                                                             
       │                                                             
┌─────────────┐                      ┌──────────────────────────┐   
│             │      Trunk Port      │                          │   
│   OPNsense  │──────────────────────│   VLAN capable switch    │   
│             │  VLANs 1, 2, 3, ...  │                          │   
└─────────────┘                      └───┬─────────┬─────────┬──┘   
                                         │VLAN 1   │VLAN 2   │ VLAN 3
                                         │         │         │       
                                         │         │         │       
                                         │         │         │       
                                         │         │         │       
                                     ┌──────┐  ┌──────┐  ┌──────┐   
                                     │      │  │      │  │      │   
                                     │  PC  │  │  PC  │  │  PC  │   
                                     │      │  │      │  │      │   
                                     └──────┘  └──────┘  └──────┘   

Your PC is not supposed to know about VLANs  - they are "virtual LANs", for PCs they look just like you had a separate switch. Which is the point. Run N virtual switches on one physical one.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 27, 2022, 11:12:45 PM #6
BALLS!  :-[ I have a Netgear Unmanaged Switch! Thanks for explaining that. Well that ends my great mystery of 2022!

Tune in next week when I try to plug a DVI cable into a VGA port...
March 27, 2022, 11:47:23 PM #7
Doesn't your OPNsense have a spare interface that you could connect to that single separated PC? No need to use VLANs if it's just a single device.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 28, 2022, 12:41:17 AM #8
YES IT DOES! Spare LAN 3 to 6 are free - somebody else setup this firewall, so I wouldn't have clue how to setup and activate LAN 3 - is there an easy setup/step-by-step guide to achieve a separate network and internet for the WIN10 PC using LAN3?
March 28, 2022, 01:01:22 AM #9
Interfaces > Assignments

Create a new one with the "+" sign picking the physical port to the left of the "+" and putting some description that suits you into the description field. That will give you a new interface in the Interfaces section. You will need to pick an IP address range, probably configure DHCP, and firewall rule(s) ... but it's all quite straightforward.

If you don't have a clue what all this means, ask someone knowledgable to assist you. If you know how IP and networks work, it's really dead easy. If you never worked on that part of your infrastructure ... well, either there's some learning ahead, or for quick results better ask someone.

Documentation for interface configuration is here:
https://docs.opnsense.org/interfaces.html

HTH,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 28, 2022, 01:09:18 AM #10
Cool - I see the light!! Why didn't I think of those damn spare ports before!?!? You have a gift sir, or you've hacked my webcam and spotted said ports! Any way, a million thank yous for your digital slap in the face, I needed that!

I'm off to create another network or two! MWAAA HA HA HAHAAAA!!!!!!
Print
Go Up Pages1
User actions