N help setup vlan + switch opnsense

Started by Scorpion, October 14, 2025, 09:50:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 14, 2025, 09:50:50 PM Last Edit: October 14, 2025, 10:03:34 PM by Scorpion
Hi folks,
I am trying to connect opnsense vlans with my switch but its not working.
TPLINK SG108PE�
Everything is setup correctly on opnsense static ip, , dhcp firewall rules but iam having problems in my switch.
I have 4 vlans configured on my opnsense but iam just trying to make only 1 to work and iam failing.
On port 1 connected my parent network linked to all my vlans directly to opnsense
On port 2 when i try to enable my PVID with my vlan dedicated... i get only apipa
Tryed to manually assign ip but i cant even ping the gateway, if i remove the pvid back to my switch default port everything starts working again but without vlan assigned... again it gets an ip from the parent network.
Any thoughts?
 N help setup vlan + switch opnsense



November 10, 2025, 04:33:06 AM #1
I'm not very adept at setting up VLAN + Switch Opnsense. The Terminal Device Port (PC/AP/etc.) must be ACCESS (untag the VLAN to use and enter the right PVID). You can check.
November 10, 2025, 08:20:42 AM #2
First off, on OPNsense it is not recommended to have untagged and tagged traffic on the same port (port 1 in your case). It may work but it may not. It is mentioned in the 'Read Me First' post: https://forum.opnsense.org/index.php?topic=42985.0 of meyergru.

Second, @jackstaycable is correct in that if you want to connect a computer directly to a port with e.g. VLAN10 (port 7 and 8 in your example), you have to a) set the PVID (which you did correctly) but also b) set these port as `untagged` for VLAN10.
That type of port is called 'access port' (Cisco parlance, as @jackstaycable correctly wrote) or 'native VLAN' (UniFi parlance).

The ports 7 & 8 in your example needs to be set 'untagged' (but leave port 1 'tagged').

Why: A client connected to that port sends traffic untagged (because you have not set any VLAN on the client usually), on that port on the switch the untagged traffic is tagged with the PVID VLAN you set and forwarded in the switch to whereever it has to go.

If PVID VLAN traffic arrives from the switch to the access port, the PVID VLAN tag is removed and the traffic forwarded to the client.


TP-Link has simple an VLAN example that may help https://www.tp-link.com/us/support/faq/3629/

Deciso DEC740
Print
Go Up Pages1
User actions