Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Assistance Needed: Routing Issue with OPNsense Firewall and Cisco Layer 3 Switch
« previous
next »
Print
Pages: [
1
]
Author
Topic: Assistance Needed: Routing Issue with OPNsense Firewall and Cisco Layer 3 Switch (Read 870 times)
Cipher
Newbie
Posts: 31
Karma: 1
Assistance Needed: Routing Issue with OPNsense Firewall and Cisco Layer 3 Switch
«
on:
December 04, 2023, 11:15:11 am »
I'm currently facing a routing issue that I'm hoping to get some guidance on.
Here's a brief overview of our setup:
We have two separate subnets from our ISP, both /29.
We are utilizing a layer 3 switch from our ISP with VLAN tagging to connect to the OPNsense firewall.
The switch port connecting to the OPNsense firewall is tagged with VLAN 130, and VLAN 130 is utilizing both /29 subnets for the uplink to the firewall.
What I'm attempting to achieve:
I want to separate the subnets so that the uplink will have two VLANs, specifically VLAN 130 and VLAN 131.
However, when I configure this setup, it seems to only route one subnet and not both.
The Cisco team has mentioned that OPNsense needs to be configured to route these subnets internally.
I would greatly appreciate any insights, advice, or guidance on how to properly configure OPNsense to internally route these subnets. If there are specific settings or configurations I should be looking at, please point me in the right direction.
Thank you in advance for your support!
Logged
netnut
Sr. Member
Posts: 272
Karma: 33
Re: Assistance Needed: Routing Issue with OPNsense Firewall and Cisco Layer 3 Switch
«
Reply #1 on:
December 04, 2023, 09:28:37 pm »
Quote
The Cisco team has mentioned that OPNsense needs to be configured to route these subnets internally.
What topology are they proposing ? Without a decent network diagram and lack of information (Gateways ?, DHCP ?, Routing Protocols ?) it's a shot in the dark, but this should work anyway:
- Clean your current WAN config, just the raw interface with _nothing_ configured, this will be your parent interface for both VLANs
- Create two VLANs (130+131) in "INTERFACES: OTHER TYPES: VLAN" with your WAN interface as parent.
- You now have two (WAN) interfaces, WAN1 (VLAN130) and WAN2 (VLAN131).
- Configure both WAN interfaces with the matching subnets, like:
WAN1: 192.168.1.1/29 Gateway (Cisco): 192.168.1.6/29 ?!?!
WAN2: 192.168.1.9/29. Gateway (Cisco): 192.168.1.14/29 ?!?!
If they only provide a single gateway interface at the Cisco site, you probably can use a single WAN interface at OPNSense, but both sites (Cisco & OPNSense) need some static route magic or BGP.
Provide some details and/or ask the Cisco guys how they would configure the gateway/router (ie OPNsense) if it was a Generic/Cisco device. Everything they can think off can be accomplished with OPNsense.....
Logged
s4rs
Full Member
Posts: 144
Karma: 5
Re: Assistance Needed: Routing Issue with OPNsense Firewall and Cisco Layer 3 Switch
«
Reply #2 on:
December 06, 2023, 07:48:09 pm »
To be clear the Cisco port is a trunk and not an access vlan?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Assistance Needed: Routing Issue with OPNsense Firewall and Cisco Layer 3 Switch