Help - Cisco Switch VLAN Configuration

[bitrot]

Hello

I have scoured the forums and made a bazzilion edits, but I am still not able to correctly configure vlans from a cisco switch. I was able to configure vlans with no problem on a netgear accesspoint and opnsense.

Setup:
OPNsense 23.1.1_2-amd64

Switch Cisco SG200-26
Firmware Version: 1.4.11.5
Boot Version:      1.3.5.06

Interfaces on OPNSense
IoT (opt3)   vlan01 IoT (Parent: igc0, Tag: 3)      *Trying to get working
IoTwifi (opt4)   vlan02 IoT-Wifi (Parent: igc2, Tag: 5)      *This works great and connected to netgear access point with vlan tagging (1 & 5)
LAN (lan)   igc0
LAN25 (opt1)   igc2                   *This works great
OPT2 (opt2)   igc3
WAN (wan)   igc1


Lan Firewall
   Protocol   Source   Port   Destination   Port   Gateway   Schedule   Description       
     IPv4 *   LAN net   *   *   *   *   *   Default allow LAN to any rule      
     IPv6 *   LAN net   *   *   *   *   *   Default allow LAN IPv6 to any rule      

IOT Firewall
   Protocol   Source   Port   Destination   Port   Gateway   Schedule   Description           
     IPv6 *   IoT net   *   *   *   *   *   Default allow LAN IPv6 to any rule      
     IPv4 *   IoT net   *   *   *   *   *   Default allow LAN to any rule      


I have LAN (interface) plugged into port 25 on cisco switch

X X X X X X X X X X X X *
X X X X X X X X X X X X X


Switch configuration (Cisco SG200-26)

Default VLAN ID After Reboot: 1

VLAN Table
VLAN ID   VLAN Name   Originators   VLAN Interface State   Link Status SNMP Traps
1                     Default      Enabled         Enabled   
3         IOTLAN      Static      Enabled         Enabled   
   
   
I am trying to tag port 11 and 18 with vlan3 in the following configuration
port 11 and 18 are smart hubs/tv that I would like to isolate from base network

() represents default of
mode: Trunk
Admin: 1UP
Operation VLAN: 1UP

1  2  3  4  5  6  7  8  9  10 11           12 25     
() () () () () () () () () () Trunk/1UP,3T () ()

13 14 15 16 17 18           19 20 21 22 23 24 26
() () () () () Trunk/1UP,3T () () () () () () ()

The symptom is that the devices on port 11/18 are not put on the IOT interface but rather the LAN interface.
From my homework it seems that there might be an issue with tagged and untagged on the same interface, but I am not sure how to test/resolve.

Any insight is appreciated!

[TrixieBell]

It sounds like the traffic on those 2 ports is going out via the native vlan1

Unless the device you are plugging into 11 and 18 are vlan aware and are setting the vlan tag on their own traffic then you probably want to remove both vlans from the ports and add back in only untagged vlan 3.

Keep the tagging on vlan3 for your uplinks and opnsense ports.

[Demusman]

Hello

I have scoured the forums and made a bazzilion edits, but I am still not able to correctly configure vlans from a cisco switch. I was able to configure vlans with no problem on a netgear accesspoint and opnsense.

Setup:
OPNsense 23.1.1_2-amd64

Switch Cisco SG200-26
Firmware Version: 1.4.11.5
Boot Version:      1.3.5.06

Interfaces on OPNSense
IoT (opt3)   vlan01 IoT (Parent: igc0, Tag: 3)      *Trying to get working
IoTwifi (opt4)   vlan02 IoT-Wifi (Parent: igc2, Tag: 5)      *This works great and connected to netgear access point with vlan tagging (1 & 5)
LAN (lan)   igc0
LAN25 (opt1)   igc2                   *This works great
OPT2 (opt2)   igc3
WAN (wan)   igc1


Lan Firewall
   Protocol   Source   Port   Destination   Port   Gateway   Schedule   Description       
     IPv4 *   LAN net   *   *   *   *   *   Default allow LAN to any rule      
     IPv6 *   LAN net   *   *   *   *   *   Default allow LAN IPv6 to any rule      

IOT Firewall
   Protocol   Source   Port   Destination   Port   Gateway   Schedule   Description           
     IPv6 *   IoT net   *   *   *   *   *   Default allow LAN IPv6 to any rule      
     IPv4 *   IoT net   *   *   *   *   *   Default allow LAN to any rule      


I have LAN (interface) plugged into port 25 on cisco switch

X X X X X X X X X X X X *
X X X X X X X X X X X X X


Switch configuration (Cisco SG200-26)

Default VLAN ID After Reboot: 1

VLAN Table
VLAN ID   VLAN Name   Originators   VLAN Interface State   Link Status SNMP Traps
1                     Default      Enabled         Enabled   
3         IOTLAN      Static      Enabled         Enabled   
   
   
I am trying to tag port 11 and 18 with vlan3 in the following configuration
port 11 and 18 are smart hubs/tv that I would like to isolate from base network

() represents default of
mode: Trunk
Admin: 1UP
Operation VLAN: 1UP

1  2  3  4  5  6  7  8  9  10 11           12 25     
() () () () () () () () () () Trunk/1UP,3T () ()

13 14 15 16 17 18           19 20 21 22 23 24 26
() () () () () Trunk/1UP,3T () () () () () () ()

The symptom is that the devices on port 11/18 are not put on the IOT interface but rather the LAN interface.
From my homework it seems that there might be an issue with tagged and untagged on the same interface, but I am not sure how to test/resolve.

Any insight is appreciated!

You would only tag the vlan on the interface going to the router. Should be vlan 1 untagged ( you really shouldn't use vlan 1) and vlan 3 tagged. This port will be a trunk.
Then you untag vlan 3 on any interfaces you connect devices to and those ports will be access. They should also have the pvid set to 3.

[bitrot]

My friends Demusman & TrixieBell, you are brilliant! Thank you so much!
That solved it!