Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Help needed in setting up vlan in opnsense
« previous
next »
Print
Pages: [
1
]
Author
Topic: Help needed in setting up vlan in opnsense (Read 198 times)
jw64
Newbie
Posts: 6
Karma: 0
Help needed in setting up vlan in opnsense
«
on:
October 13, 2024, 09:04:13 pm »
I am trying to set up a vlan in my opnsense box.
Following the instruction in
https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-vlan-on-opnsense
, I created a VLAN1 using a physical lan port LAN1 as its parent. The LAN1 port static address is 192.168.3.1, and VLAN1 is 192.168.100.1. The VLAN1 interface is assigned to a logical interface and enabled. Both have DHCP enabled in their respective subnets. For testing purpose, I created firewall rules to allow VLAN1 to reach any network. I have a laptop physically linked to the LAN1 port via ethernet cable. When I put the laptop in the LAN1 subset (by using a static IP address 192.168.3.10), it works normally. However, when I change the laptop to the VLAN1 subset (by using a static IP address 192.168.100.10), it cannot reach internet, and no other devices in my home net can reach that laptop. Any clue how to debug and correct the problem? Thanks.
Jim
Logged
Patrick M. Hausen
Hero Member
Posts: 6848
Karma: 575
Re: Help needed in setting up vlan in opnsense
«
Reply #1 on:
October 13, 2024, 09:09:04 pm »
You cannot place a laptop into a VLAN by merely changing its address. You need to configure the network interface to use the VLAN tag 1 on the connection.
Commonly this is done by a managed switch that runs a tagged interface (called a "trunk") to OPNsense and presents an untagged interface to the laptop. The tagging and untagging is done on the switch fabric.
Without a managed switch VLANs do not make much sense. What VLANs do:
- partition your switch into N smaller switches
- connect OPNsense to all of these smaller switches over a single cable
What VLANs don't do:
- magically sort your clients into networks based on IP address
HTH,
Patrick
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Help needed in setting up vlan in opnsense