OPNSense VLAN and Unifi Switch/AP

Started by Want2Lean91, October 20, 2022, 02:52:42 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
October 24, 2022, 05:39:00 PM #15


October 24, 2022, 07:16:05 PM #16
And the guest network is setup as vlan only with correct vlan id?
October 24, 2022, 10:35:49 PM #17
I believe so:


October 24, 2022, 10:42:42 PM #18 Last Edit: October 24, 2022, 10:45:02 PM by Want2Lean91
Quote from: Demusman on October 24, 2022, 07:16:05 PM
And the guest network is setup as vlan only with correct vlan id?





99% certain I've got the right network port chosen for the VLAN.

OPNSense is running in an Hyper-V instance with a dedicated dual NIC (one NIC for WAN and one NIC for LAN).
October 24, 2022, 10:46:26 PM #19
October 25, 2022, 02:28:23 PM #20
Nope.
See where it says "Vlan Only" in your last pic?
You would only set the IP in ubiquiti if you're using their whole ecosystem. You aren't since opnsense is your router.
You need to set the guest network as vlan only.
October 25, 2022, 03:34:35 PM #21
This makes sense and I though it was weird (in one of the guides) that they said to use "Guest".

I can connect to the wireless network but I'm not getting an IP address. My ultimate goal would (eventually) be to have my Windows DHCP server act as the DHCP server for this network - would setting this up be any easier or just add an unneeded layer of complexity at this point. I'm happy to continue on with trying to get OPNSense setup as my DHCP server.



October 25, 2022, 04:20:34 PM #22
Are you sure you enabled the dhcp server?
Honestly, I would set a port on the switch to that vlan and plug in a pc to test it, then move to the wireless.
October 26, 2022, 02:08:42 AM #23
What screenshot(s) would you like re: the DHCP server. I'm pretty sure I enabled it.
October 26, 2022, 07:50:50 AM #24
Quote from: Want2Lean91 on October 24, 2022, 10:42:42 PM
99% certain I've got the right network port chosen for the VLAN.

OPNSense is running in an Hyper-V instance with a dedicated dual NIC (one NIC for WAN and one NIC for LAN).

And there I see the problem. Are you sure that Hyper-V is supporting to set the VLAN inside of a virtual machine? I always hat issues with VLANs inside of a virtualized environment. I created them in the hypervisor to get them working. And if I remember correctly there was a thread where someone run into the maximum number of networks for OPNsense inside a Hyper-V VM because it only worked if the VLANs were created in Hyper-V.
Try to create a VLAN in Hyper-V and assign it as a interface in the OPNsense VM.

KH
October 27, 2022, 02:59:01 AM #25
Quote from: KHE on October 26, 2022, 07:50:50 AM


And there I see the problem. Are you sure that Hyper-V is supporting to set the VLAN inside of a virtual machine? I always had issues with VLANs inside of a virtualized environment. I created them in the hypervisor to get them working. And if I remember correctly there was a thread where someone run into the maximum number of networks for OPNsense inside a Hyper-V VM because it only worked if the VLANs were created in Hyper-V.
Try to create a VLAN in Hyper-V and assign it as a interface in the OPNsense VM.

KH

No, I'm not sure. I know enough Hyper-V to manage things but start to get lost when it comes to VLANS/Tagging/etc. I'm not completely clueless, but I'm also no guru.

I created a 3rd NIC and added it to the Hyper-V guest running OPNSense.



Here's my virtual switch manager (note, I can't create another switch with the teamed NICs as they're already in a virtual switch)



I realize that I'm (probably) rapidly approaching what this fourm can do to help - I'm grateful for any info/advice/etc. that anyone has to give.

Thanks!
October 27, 2022, 03:14:25 AM #26
Would this mean, then, that I need another physical NIC connected to it's own virtual switch and everything tagged with the VLAN?

October 27, 2022, 09:51:21 AM #27
Quote from: Want2Lean91 on October 27, 2022, 03:14:25 AM
Would this mean, then, that I need another physical NIC connected to it's own virtual switch and everything tagged with the VLAN?

No, you just need to set the VLAN on top of the LAN in Hyper-V. As my experience with Hyper-V is from a long time ago, I can only describe the concept, but not the steps. I believe you need to add a Hyper-V Switch on top of the LAN NIC. And then assign a Virtual NIC to the OPNsense as LAN. And also assign then the Virtual NIC with the VLAN to the same Hyper-V Switch.

Hope that helps.

KH
October 28, 2022, 02:39:08 PM #28
KH,

It does, but it seems like everything has to be tagged with that VLAN. If that's the case (and I understand if it is) then I need another physical NIC in the system to allocate to OPNSense.

I have 4 NICs; 1 is from the WAN to OPNSense, 1 is from OPNSense to the LAN, and 2 are in a NIC team for the other VMs on my Hyper-V instance.

I can't create a new Hyper-V switch with a VLAN tag and pull any of the above NICs as they're already in another Hyper-V switch.

At least that's what it seems.
November 29, 2022, 12:04:19 AM #29
All,

I never did get this working, though I suspect I would have had to add another physical NIC to the system so that all traffic on that NIC could be tagged with the VLAN ID.

Instead, I went with the Unifi Security Gateway which, sadly, means that my time with OPNSense has come to an end. Love the software and hope to use it again sometime soon - I just wish things like these were easier (overall - this isn't OPNSense's fault).
Print
Go Up Pages 1 2 3
User actions