Need help assigning work laptop to guest vlan

[iPenguin]

I'm having issues assigning my work laptop on ethernet to get a static IP from OPNsense. It is getting an IP from the default LAN, but not OPNsense. I could have approached this all wrong as I'm pretty new to this. But I can't seem to figure it out. Just moved into a house, which provided an opportunity to buy some equipment and learn.

I'm running OPNsense as a VM on Proxmox. It's connected to TP-Link TL-SG3428XPP-M2 which is managed by Omada as a VM within Promox as well. These are connected via a 10Gb link.

I have 2 VLANs; guest and IoT, everything else just uses the default LAN. I've used static mapping to assign IPs to the wifi devices that fall into my IoT VLAN and Cameras that connect in to individual ports. The VLANs are added to Omada. I've setup static mapping to assign my work laptop an IP. but the laptop is still showing a LAN IP.

My issue resides with my office. I have 1 port from my network rack that drops into my office. That port connects to a dumb switch because I have my wife's work laptop, my work laptop, and my personal PC in that office.

I even tried buying a smart switch S25-0801-M in place of the dumb switch in my office. I set port 3 which connects to my work laptop as tagged for my guest network.

[meyergru]

You should not mix tagged and untagged VLANs on the same interface for OpnSense (or FreeBSD).

Instead, use another VLAN for your LAN and leave untagged unused.

[iPenguin]

excuse the ignorance, I'm not sure what you meant, but here is my attempt.

In Omada, Port 6 which runs to my off uses the 'All' port profile


I created another one as a test with the tags removed and assigned it to port 6. Rebooted my work laptop and it still assigned an IP from the default LAN.


My Port 24 which runs to a POE camera also uses the port profile 'All' and it assigned an IP for my IoT VLAN.

[dseven]

If I'm understanding what you're trying to do; you can't do that with a dumb switch in the office. Anything plugged into that switch will get the same untagged VLAN (your "LAN"). If you want some ports in the office to be "LAN" while others are "Guest", you need a managed switch.

[iPenguin]

I bought a managed switch for my office. Port 6 of my managed POE switch goes to my office, which I have another 8 port managed switch connected to it.

I want to be able to use DHCP from OPNsense to assign IPs based on the port used on the smaller 8 port switch. I have the VLANs added, but can't seem to get it to work.

Here is what my 8 port switch looks like

[dseven]

You haven't applied your VLANs to any switch ports. If you're saying you want DHCP to control what VLAN each device gets placed on; it doesn't work like that. You have to configure the switch ports, then DHCP will respond based on what VLAN requests are received on.

Let's assume that port 1 on your office switch is the uplink to your PoE switch, port 2 you want to be Guest, and the port 3 you want to be LAN...

Click on VLAN 1 in the lower table to select it. make it "Not Member" for port 2 (and leave it "Untagged" for all the other ports (for now), then "Add / Modify".

Then for VLAN 4, make it "Tagged" for port 1 and "Untagged" for port 2.

Then under Configuration -> VLAN -> 802.1Q VID, set the PVID for port 2 to 4.

Now if you connect to port 2, you should be on the Guest VLAN.

[iPenguin]

Thank you for the detailed instructions. Unfortunately, it did not work. I lose connection with these settings 

Office switch port settings


Office switch PVID setting


I tried the 'All' and 'Test' profiles on my POE switch. For the test one, I tried adding VLAN 4 as untagged as well. No luck..

[dseven]

What does "lose connection" mean? What does what when plugged in where? 

I don't know anything about the Omada switch. I just happen to have a Chinesium one that looks the same as your new office one. You want VLANs 3 and 4 to be tagged, and VLAN 1 untagged, on the link to the office switch, and also on the link to your OPNsense box.