Connecting WAN modem and LAN device via one cable (VLANs?)

[Thomas233]

Hello,

I have the following situation and asking you what`s the best practice for resolving the following situation:

Upper Floor:
* Modem Mikrotik <-----> connected via LAN cable to OPNSense WAN (to basement)
* Access Point Ubiquiti (not connected because no additional cable possible to OPNsense)

Basement:
* OPNSense <-----> connected directly via LAN cable to Modem Mikrotik

The problem is that I neither can`t change the position of the Mikrotik modem (due to radio signal) on the upper floor nor can`t move the Opnsense on the basement to the upper floor.
And the only connection between both is this one cable. I cant add an additional cable connection there.

I think the useful case may be to use VLANs for this problem, but I am absolutely unsure how to configure the interfaces in OPNSense.

Currently behind LAN1 on OPNSense are all clients.
And for having WLAN, LAN1 is also connected to some other Ubiquiti APs (to which I have connections) with some Ubiquitit switches between.
And the Ubiquiti AP in upper floor should also be connected to LAN for better WLAN signal coverage (at the moment it isn`t due the missing cable connection).

I`ve added a simple schemata for some clarification.

Would be nice if you can give me some tipps. Thank you very much!

Thank you very much!

[Patrick M. Hausen]

You need a managed switch to use VLANs. Once you have that, everything is perfectly possible.

[Thomas233]

Ok, thank you Patrick.

We have a switch (Ubiquiti UniFiSwitch 8 Desktop) on the basement and the same one also on the upper floor (at the moment it is not connected).

Is this one a managed one?

And how can I configure the interfaces (LAN,WAN) in OPNsense to send out the VLAN tags for example from the basement to the upper floor or vice versa (at the moment no VLANs are configured only default interfaces WAN and LAN) ?

[Seimus]

Ok, thank you Patrick.

We have a switch (Ubiquiti UniFiSwitch 8 Desktop) on the basement and the same one also on the upper floor (at the moment it is not connected).

Is this one a managed one?

Check on the manufacturer pages, if its managed if it has support for VLANs.

And how can I configure the interfaces (LAN,WAN) in OPNsense to send out the VLAN tags for example from the basement to the upper floor or vice versa (at the moment no VLANs are configured only default interfaces WAN and LAN) ?

On OPNsense you create specific VLANs and GWs for them, same you do on the switches. Port TRUNK between OPN and SWITCH, and SWITCH between SWITCH. Access port VLAN towards Modem and devices.

But this purely depends on if you have a managed switch. Rest is you need to read the documentation for your switch how to do it.

Regards,
S.

[Thomas233]

Is my following assumption correct (i am sorry if i am wrong but that could be real my problem with understanding it) ?

• Mikrotik LAN1 tagged VLAN 10 --> SWITCH (managed) upper floor --> cable --> SWITCH (managed) basement --> OPNSense WAN
• 
  OPNSense LAN1 with VLAN 20 (internal network) and VLAN 30 (guest network) --> SWITCH (managed) basement --> same cable as above --> SWITCH (managed) upper floor --> Ubiquiti AP LAN

And then configure Ubuqiti to transmit VLANs 20 and 30 via WLAN (20 = internal network for internal PCs, 30 = guest network for temporary guests).

And VLAN 10 is only for connection between Mikrotik modem and OPNSense (if needed at all).

The Mikrotik acts only as modem so it has no effects on any of the networks.

Is it possible to define multiple virtual VLANs on one physical port ?

Am I wrong here already ?

The toplogy is also related to this post/idea:
https://forum.opnsense.org/index.php?topic=40659.msg199423#msg199423

[Seimus]

You can do this, or that if you have capable switch for VLAN.

If possible its more suitable to have WAN on its own Physical port on the GW (OPN).

Regards,
S.