Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Where am I going wrong with VLAN setup?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Where am I going wrong with VLAN setup? (Read 1207 times)
bdarl357
Newbie
Posts: 2
Karma: 0
Where am I going wrong with VLAN setup?
«
on:
August 13, 2022, 10:48:19 pm »
Hello everyone! I have a question regarding VLAN config as I'm fairly new with OPNsense. I've tried several different tutorials on YouTube, read through the documentation and I still somehow end up managing to lock myself out whenever I start working on VLANs.
I can't figure out if I'm making an error during interface config or if it's going south when I start doing rules. For now I just want to make sure I have the initial setup correct and then I'll worry about the rules side of things later. I apologize if this ends up being a really obvious thing...
So, here's what I'm trying to do and how I've set it up in the past.
At the moment I would like two VLANs; VLAN10 for my lab/MGMT (my PC, NAS, a server I plan to build soon) and VLAN20 for pretty much everything else (wireless, IoT, etc). I would like to break that down into a few more VLANs in the future, but for the sake of education, I'm sticking with just the two. Ideally, I would be able to access everything in all other VLANs from VLAN10, and block everything else from accessing VLAN10 entirely.
I have an Aruba S2500-48P with the profiles built for each access and trunk port I'll be using but currently unassigned to any ports. I have the switch plugged into the LAN port on my OPNsense box which will be configured as a trunk port in the switch.
I then create two virtual interfaces for the VLANs and set the parent on both to LAN. I am running DHCP on LAN as a 10.0.1.0/24 network. I have enabled DHCP for the virtual interfaces as well; 10.0.10.0/24 and 10.0.20.0/24 respectively for VLAN 10 and 20. My first question is, if I have all traffic being tagged with a VLAN, does my LAN interface need to be running DHCP?
Aside from any config errors I've made, is this even the best way to go about it? I read another post where the responder said they use another physical interface without an IP address for the switch/router trunk and they also have the LAN plugged in too.
Hopefully I have enough info here to go on. I'll attach some screenshots from OPNsense and my switch. Many thanks in advance for any guidance anyone may be able to offer.
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Where am I going wrong with VLAN setup?
«
Reply #1 on:
August 14, 2022, 12:37:00 am »
Add a vlan to the LAN port, tag is 20. Go to interfaces, assign vlan20, enable and address it.
That's it.
Now in your switch, the LAN network will be your untagged network, or pvid, and the vlan20 will need to be tagged on the trunk and untagged on any interfaces that use it.
Do the same for any other vlans you want.
Edit:
Also, do yourself a favor now. Don't use vlan1 on the switch. In fact, you should never use vlan 1.
Add a new vlan, any id you want ( my favorite car is an Oldmobile 442 so my native vlan is 442 as an example ), then assign it an address, and make it the native port on all ports.
Change the default profile to just allow the native vlan.
Change any other port so the native vlan is the vlan of that port, ie MGMT native should be 10 etc.
Not sure what you're asking about dhcp and having a tagged vlan? One has nothing to do with the other.
Do you want the vlan to receive addresses by dhcp? If yes, you need dhcp running on that interface.
One question I have for you, when you click in a field on your switch, does the text entry box stay open?
I use chrome and it will never stay open to allow me to enter anything. I found a workaround but just wondering if anyone else sees this too.
«
Last Edit: August 14, 2022, 12:46:21 am by Demusman
»
Logged
bdarl357
Newbie
Posts: 2
Karma: 0
Re: Where am I going wrong with VLAN setup?
«
Reply #2 on:
August 14, 2022, 02:22:56 pm »
Thanks for the response! Once I get done writing this I'll give it a go and see where I end up.
I could have worded the DHCP question better. My shower thought was since my physical LAN interface is handing out IPs and then the virtual interfaces that use it as parent are also handing out IPs, I was wondering if maybe there was conflict between the two that was causing an issue. Just something that popped into my head a while back. Seems like an incorrect assumption though.
For the switch, I haven't had any issues with the text boxes. I'm using Firefox though so maybe it just doesn't like Chrome? I vaguely remember hearing about issues with Chrome and these switches in some of my research.
EDIT:
Okay so more questions than answers unfortunately but honing in on some more relevant gaps in my knowledge (clearly there are many). My current problem is with the switch config.
I went in and made a new default VLAN (500) to ditch VLAN1. I give it the IP of 10.0.1.10 to keep it on the same network as my gateway and got an error saying it conflicted with the VLAN1 IP 10.0.1.2. Okay. Cleared out the IP from VLAN1 (since I won't be using it) and reassigned it to VLAN 500 so it is now 10.0.1.2. Hit apply, get locked out of switch. Didn't have a chance to change the default port profile from 1 to 500 so I'm thinking that's not the way to go about it. What's my screwup there? Also what should I be setting the "Switch IP" dropdown to on the VLANs page? I'll attach some more screen shots to show you where I'm currently at with the process.
Again, many thanks for your help with this and I really do apologize for the lack of knowledge. I've done as much research as I can stand but at this point I'm beating my head against a wall and just need to talk it out. Your patience is greatly appreciated!
«
Last Edit: August 14, 2022, 03:51:27 pm by bdarl357
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Where am I going wrong with VLAN setup?