Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
VLAN untag on specific interface
« previous
next »
Print
Pages: [
1
]
Author
Topic: VLAN untag on specific interface (Read 1704 times)
ultimeus
Newbie
Posts: 6
Karma: 0
VLAN untag on specific interface
«
on:
October 09, 2023, 12:22:16 pm »
Hi all,
I'm trying to acheive the following on my opnsense
ETH0 WAN
ETH1 Vlan 10 Untag pvid 10
ETH2 - ETH3 LAG LACP Vlan 3,4,10,20,30,99 Tagged
Vlan 10 is my management Vlan, so I would like to have ETH1 as my main MGMT port but still carry the VLAN 10 to other switches trough the LACP.
I fiddled with the vlans, assignments, bridges etc but I just managed to locked out myself of the system many times.
Could someone point me in the right direction?
As I have read freebsd cannot do pvid?
Thanks in advance
«
Last Edit: January 24, 2024, 11:58:30 am by ultimeus
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6848
Karma: 575
Re: VLAN untag on specific interface
«
Reply #1 on:
October 09, 2023, 12:27:41 pm »
You need to create a bridge interface with eth1 and VLAN 10 on eth3 as members.
Are you sure your interfaces are named eth0, eth1, etc.? I don't know of any network driver in FreeBSD that would create such device names. Looks like Linux to me.
Network interfaces in OPNsense are named e.g. ix0, ix1, ... or igb0, igb1, ...
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: VLAN untag on specific interface
«
Reply #2 on:
October 09, 2023, 12:38:54 pm »
probably virtualised setup
Logged
Patrick M. Hausen
Hero Member
Posts: 6848
Karma: 575
Re: VLAN untag on specific interface
«
Reply #3 on:
October 09, 2023, 12:40:14 pm »
They would be named vtnet0, ... for VirtIO and em0, ... for E1000 in that case.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: VLAN untag on specific interface
«
Reply #4 on:
October 09, 2023, 12:57:35 pm »
right you are.
Logged
ultimeus
Newbie
Posts: 6
Karma: 0
Re: VLAN untag on specific interface
«
Reply #5 on:
October 09, 2023, 01:41:20 pm »
I'm just used to name physical interfaces ETH, but no they are name igc0, igc1,etc in my opnsense.
My setup is using a topton nuc, it's not virtualized.
Thanks Patrick, I will have a look and report.
Logged
ultimeus
Newbie
Posts: 6
Karma: 0
Re: VLAN untag on specific interface
«
Reply #6 on:
October 09, 2023, 02:59:14 pm »
I got it work, not the most intuitive for sure.
I mainly followed this
https://docs.opnsense.org/manual/how-tos/lan_bridge.html
and additional info is to set the network IP on the bridge and give a pass rule on the firewall.
Logged
Patrick M. Hausen
Hero Member
Posts: 6848
Karma: 575
Re: VLAN untag on specific interface
«
Reply #7 on:
October 09, 2023, 03:04:42 pm »
Don't forget the two tunables. It's more complicated than you probably expected, because FreeBSD is not a switch. So you have to "fake" that with a bridge interface.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
ultimeus
Newbie
Posts: 6
Karma: 0
Re: VLAN untag on specific interface
«
Reply #8 on:
October 09, 2023, 03:26:33 pm »
Yes, I just checked the tunables and changed according values.
Coming from a Ubiquity EdgeOS it's more work but like you said it's more kind of a workaround to fake that.
Logged
ultimeus
Newbie
Posts: 6
Karma: 0
Re: VLAN untag on specific interface
«
Reply #9 on:
January 24, 2024, 11:57:50 am »
Couple months later I finished redoing my network and servers.
Unfortunately the bridge is not working.
When I connect igc1 to my switch (untag vlan10) it's making a loop in the network.
I tried IPv4 configuration type to none and Static IP on interface Bridge_to_igc1 bot both where making a loop
See screenshots
Logged
netnut
Sr. Member
Posts: 272
Karma: 33
Re: VLAN untag on specific interface
«
Reply #10 on:
January 24, 2024, 08:03:35 pm »
From a quick look at your screenshots:
The Bridge Device is the only interface that should be numbered (including the tunables you did)
Bridge member interfaces should be unnumbered
Create VLAN10 on your LACP uplink and bridge that VLAN10 device under bridge0
The bridge interface ip will be the gateway interface for VLAN10
Logged
ultimeus
Newbie
Posts: 6
Karma: 0
Re: VLAN untag on specific interface
«
Reply #11 on:
January 25, 2024, 11:13:39 am »
Hi netnut,
I don't get what you mean by unnumered.
Could explain a bit more in detail?
Logged
netnut
Sr. Member
Posts: 272
Karma: 33
Re: VLAN untag on specific interface
«
Reply #12 on:
January 26, 2024, 03:43:30 am »
Quote from: ultimeus on January 25, 2024, 11:13:39 am
I don't get what you mean by unnumered.
If you create a bridge device with one or more members, the only device with an IP address (L3) is the bridge device itself (numbered). All member interfaces are being bridged (L2) so just need to be enabled and assigned the parent bridge device without any IP configuration (unnumbered)
Your screenshots shows a bridge device with 192.168.10.1 and a member with 192.168.10.99, that last one should be unnumbered.
If you're patching both the "management" interface (igb1) and your LACP trunk (igb2+igb3) to the same switch and next create a bridge on igb1 with a VLAN assigned to the LACP trunk, yes, a better loop isn't possible
.
«
Last Edit: January 26, 2024, 04:13:54 am by netnut
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
VLAN untag on specific interface