Switch in front of WAN

Started by gglockner, October 26, 2025, 01:45:28 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 26, 2025, 01:45:28 AM
I would like to put a network switch in front of the WAN gateway, so that:

Modem --> Switch --> Opnsense

I have a dual WAN configuration: WAN1 is cable (using DHCP) and WAN2 is DSL (using PPPoE).

To keep things simple, let's say the switch looks like the follows:

Switch port 1: native VLAN 101, connected to cable modem
Switch port 2: native VLAN 102, connected to DSL modem
Switch port 3: VLAN 101 and 102 are tagged, connected to OPNsense

On OPNsense, I configure WAN1 and WAN2 to use VLAN 101 and VLAN 102, respectively. (To be specific, I configure WAN1 to use VLAN 101 directly, while I configure PPPoE to use VLAN 102).

This works perfectly for the WAN2 on the DSL modem. However, for the cable modem on WAN1, the OPNsense gateway initially gets the private IP address for the cable modem (192.168.100.1), but then it is unable to get the DHCP address for the internet and it marks the gateway as unavailable. Note that WAN1 works correctly if I connect the cable modem directly to OPNsense on a physical port.

Any advice would be appreciated.
October 26, 2025, 04:48:29 AM #1
I've read that some ISPs use VLAN for their access stuff, so it would seem logical to assume that your VLAN setup conflicts with their VLAN and unless you pick the proper one (there's a list where some are listed: https://habbie.github.io/isp-vlans/) or they don't use VLAN it can't communicate just as you describe.
October 26, 2025, 05:55:52 AM #2
Have you tried entering 192.168.100.1 into Reject Leases From? That's specifically to prevent cable modems from assigning a private address to OPNsense.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
October 26, 2025, 06:28:14 AM #3
Thanks for the tips. I rechecked all the settings and tried it again, and it's now working with both modems connected to the switch, which is connected to the router. @maurice, I'll look at that DHCP client setting if I see this problem again in the future.
October 26, 2025, 03:21:07 PM #4
I should add: what I think fixed it was to completely isolate the WAN traffic on the switch. When it wasn't working, I suspect the VLAN configurations  on my switch were leaking WAN traffic to other ports.
Print
Go Up Pages1
User actions