Vlan Routing Problem

Started by ciscolog, December 27, 2024, 08:28:18 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 27, 2024, 08:28:18 PM
In the topology shown in the picture, computers on vlan 10 and vlan 20 cannot access the internet. I can see the IP addresses of the computers in Live View, but they cannot access the internet. Do I need an additional rule or routing for this?

https://imgur.com/a/7neml0o
December 27, 2024, 08:47:03 PM #1
Yes, both. The default "Allow LAN to any rule" has "LAN net" as the source address - that's 192.168.1.0/30 in your case(?). You could change that to "any", or add additional rules for your subnets. You'll also need to add routes to those subnets on OPNsense, but your diagram suggests you've already done that?
December 27, 2024, 10:19:52 PM #2
IMO, a simpler setup is to only use the switch(es) for VLAN tagging/untagging.
The VLANs are handled by OPN. No static routes are needed... All inter VLAN traffic is controlled by what is allowed to enter at the VLAN gateway (at OPN).
December 27, 2024, 11:00:13 PM #3
Quote from: dseven on December 27, 2024, 08:47:03 PMYes, both. The default "Allow LAN to any rule" has "LAN net" as the source address - that's 192.168.1.0/30 in your case(?). You could change that to "any", or add additional rules for your subnets. You'll also need to add routes to those subnets on OPNsense, but your diagram suggests you've already done that?
192.168.1.0/30 exactly what kind of rule should I write for the network address can you give an example
December 28, 2024, 10:54:16 AM #4
The same as the default "Allow LAN to any rule", except instead of "LAN net" as the source, it'd be your subnet (172.16.10.0/24 or whatever it is). You could create an alias with a list of all your routed subnets and use that as the source for a single rule.
Print
Go Up Pages1
User actions