Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Moving from Draytek to OPNsense, trying to understand VLAN with DHCP
« previous
next »
Print
Pages: [
1
]
Author
Topic: Moving from Draytek to OPNsense, trying to understand VLAN with DHCP (Read 603 times)
waldorf
Newbie
Posts: 10
Karma: 0
Moving from Draytek to OPNsense, trying to understand VLAN with DHCP
«
on:
July 23, 2024, 05:33:24 pm »
Since it is not possible with Draytek routers to have mDNS forwarding, which is required for Chromecast, I decided to give OPNsense a try.
With a Draytek background, at least one aspect is not clear to me. With Draytek you configure a "Network" with a DHCP server and assign a VLAN tag to it. You can assign this VLAN to a physical port as "untagged" as well.
e.g. tagged to Port2 and untagged to Port3. The DHCP server serves both.
I try to accomplish the same with OPN sense.
Defined a VLAN 4, assigned it to a logical interface with static IP 192.168.4.1/24 and enabled a DHCP server on this VLAN.
Now I want this VLAN to be also on a physical interface, I read somewhere to use a "bridge". So I created a bridge with both the logical interface from this VLAN as well as the physical port. (did not specify IP address here, since IP address/gateway is already on the logical I/F) I do not get any addresses via DHCP on the physical port.
It this a correct way to accomplish this or are there other options ?
«
Last Edit: July 23, 2024, 09:40:46 pm by waldorf
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6826
Karma: 573
Re: Moving from Draytek to OPNsense, trying to understand VLAN with DHCP
«
Reply #1 on:
July 23, 2024, 08:32:42 pm »
Almost there. OPNsense is not a switch, so there is no concept of untagged ports being part of a certain VLAN. We can emulate that with a bridge as you correctly found out.
So
- create tagged VLAN interface but don't put an IP address on it
- enable and assign the port that should be untagged in that VLAN and also don't assign an IP address
- create bridge interface, put untagged port and VLAN in it as members
- place assignment, IP address configuration, DHCP ... on the bridge interface, not any of the members
The last step is mandatory.
And at the very last set the two tunables as described in the documentation so your firewall operates on the bridge interface and not the members:
https://docs.opnsense.org/manual/how-tos/lan_bridge.html#step-six
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
waldorf
Newbie
Posts: 10
Karma: 0
Re: Moving from Draytek to OPNsense, trying to understand VLAN with DHCP
«
Reply #2 on:
July 24, 2024, 07:57:46 pm »
Thanks for you quick response. I did quite some reading and searching, but nothing pointed me
into this direction. I just tried it and it works like a charm
The "switch emulation" is only for occasional testing purpose. The tagged VLAN goes to the actual switch/devices.
Logged
Patrick M. Hausen
Hero Member
Posts: 6826
Karma: 573
Re: Moving from Draytek to OPNsense, trying to understand VLAN with DHCP
«
Reply #3 on:
July 24, 2024, 08:23:09 pm »
FreeBSD handbook on VLANs, bridging, and a general understanding that VLANs in FreeBSD are just tagged sub-interfaces. Same for Linux, btw. VLAN 4 on igb0 and VLAN 4 on igb1 are not connected by a switching fabric, because there isn't any.
Your Draytek probably has some switching silicon.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Moving from Draytek to OPNsense, trying to understand VLAN with DHCP