Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
2 identical vlans, different access
« previous
next »
Print
Pages: [
1
]
Author
Topic: 2 identical vlans, different access (Read 605 times)
turnah
Newbie
Posts: 2
Karma: 0
2 identical vlans, different access
«
on:
April 24, 2024, 11:03:24 pm »
I have set up a couple of VLANS on my OPNSense instance, DMZ and WIFI.
I have created interfaces, and firewall rules to allow all traffic from the vlans to test connectivity (i want to communicate with a proxmox server on 192.168.1.x). I am able to ping and access the 192.168.1.12 server from the DMZ but unable to ping it and no access from WIFI VLAN. The firewall rules show as green for both attempts in the live view.
I've compared setups and i can't see any differences between the DMZ vlan and the WIFI vlan at all other than ip addresses/ranges
To test i've setup two proxmox servers using vlan aware network, one on VLAN 10 (DMZ) and the other on VLAN20 (WIFI). DMZ can ping 192.168.1.12 and WIFI cannot. DHCP works correctly on both servers and they get the correct ip addresses assigned. If i switch VLANs between the two servers it remains consistant that VLAN10 can ping, but 20 cannot.
I was wondering if anyone had any pearls of wisdom that could help me figure this out?
Thanks,
Michael
Logged
Saarbremer
Sr. Member
Posts: 353
Karma: 14
Re: 2 identical vlans, different access
«
Reply #1 on:
April 25, 2024, 08:49:52 am »
I would recheck the IP configuration.
IPs for OPNsense on the respective interfaces really correct? Prefix set correctly?
DHCP configured correctly for all of them?
Do hosts in the VLANs get IPs matching your expectations?
Is DNS correctly set in DHCP?
Can you ping OPNSense from every host?
Is OPNSense correctly set up as default gateway for all hosts in all networks?
If yes:
Continue with the firewall, enable the logging for all respective rules. Check if allowed traffic is logged and passes. If nothing to see: Capture packets on the respective interfaces (e.g. to debug WLAN, you listen on the WLAN interface). Check if there's even expected traffic coming in. If no: Your network configuration is bad. Check switches and access points for proper VLAN propagation or any other filters.
HTH
Logged
turnah
Newbie
Posts: 2
Karma: 0
Re: 2 identical vlans, different access
«
Reply #2 on:
April 25, 2024, 11:24:20 pm »
Thanks for your helpful reply. I followed as best i could and still struggled. I then came across a forum post with someone having similar issues, his solution was to remove all the VLANS and try again.
I removed all the dhcp/interface and vlans from the config, set them up identically (copy and paste) one at a time and it's all working as expected now.
I'm not sure how, but somehow the config must have been corrupt the first time i set them
Logged
Saarbremer
Sr. Member
Posts: 353
Karma: 14
Re: 2 identical vlans, different access
«
Reply #3 on:
April 26, 2024, 08:57:08 am »
Good to hear that it works now. Having interfaces with similar configuration is quite a time saver. Unfortunately, you don't know what went wrong in the first place. That experience usually helps me best to get a deeper understanding of the system.
That, and reading the sources.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
2 identical vlans, different access