OPN vs arista connection to switch

Started by militarymedic23, February 13, 2025, 10:22:39 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 13, 2025, 10:22:39 PM
Hello,
I'm beginning my venture into the process of moving from Arista to OPN.  Already pulled down OPN and installed it in PVE to get a feel for it.  Aim is to have OPN installed on a Protecli unit that untangle is on now.  But one of the things I am having a hard time understanding is the difference in how the int/port needs to be configured between the OPN machine and my Cisco switch.
With Arista, the switchport is just sitting on vlan 1, access port, no other config on it. It's routing traffic to 5 different vlans just fine.
From what I've seen in OPN, to take over the same traffic routing does the switchport need to be converted over to a trunk? so all the vlans under the main (i.e.) vtnet1 can talk?
February 14, 2025, 10:47:26 AM #1
Is the Cisco switch doing layer 3 routing between those VLANs? I assume it must be, otherwise the access switchport wouldn't be sufficient.
February 14, 2025, 12:35:57 PM #2
Yeah it is
February 14, 2025, 12:52:02 PM #3
If the Cisco switch does routing, there is no point in having VLAN interfaces in OPNsense. Just connect a single interface, add the Cisco switch as gateway, add static routes to all the VLANs.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 14, 2025, 12:54:47 PM #4
So if you want to keep it that way, you probably need to add static routes (or a routing protocol) so OPNsense knows how to reach those subnets. If you want to allow those subnets to access other destinations through OPNsense, you'd need rules to allow that (those subnets would not be part of "LAN net", so the default "Allow LAN to any rule" wouldn't match). Since OPNsense is not in the path between those VLANs, it would not be able to effect any filtering etc. on traffic between them. If you want to change that, you'd have to remove layer 3 routing from the switch, tag the VLANs on the link to OPNsense, and create an interface for each VLAN on OPNsense.
February 14, 2025, 08:44:38 PM #5
ah, thank you both for the clarification. 
How you are describing the scenario makes a lot more sense now.  Arista is setup exactly the way you are referring.  I think I was getting confused when looking at setting up routes for OPN, whatever articles I came upon either didn't make sense or were talking about an entirely different scenario.
When setting up the Arista/Untangle appliance I didn't want it managing the vlans.  the Cisco switch is plenty fine for that. 

Thanks!
Print
Go Up Pages1
User actions