OPNsense VLANs Configuration with Unifi Flex Switch and U6 Pro AP

Started by ebox, Today at 01:01:57 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 01:01:57 AM Last Edit: Today at 01:21:55 AM by ebox
Hi, I'm totally new to OPNsense and just getting started. I got through the basic setup on OPNsense 25.7.7, but I'm stuck trying to get VLANs working. My setup looks like this:

Hardware:
Protectli Vault (OPNSense)
Unifi Flex Mini 2.5g
Unifi U6 pro Access Point
Dell PC (Ubuntu Media Server)

Physical interfaces:
WAN: Igb4
LAN: igb0

Virtual interfaces:
Mgmt: VLAN99 assigned to igb0
IOT: VLAN20 assigned to igcb0
Media: VLAN50 assigned to igb0
Guests: VLAN100 assigned to igb0

igb0 --(trunk)---> Flex Mini switch ---> UniFi U6 AP
                                                   |
                                                     --> Media Server

All VLANs need access to the internet, and the IoT VLAN needs access to the Media VLAN. I don't mind connecting the media server directly to the OPNsense firewall if it simplifies\hardens the configuration.

LAN0 (igb0) interface:
IP: 172.16.99.1/24
DHCP: 172.16.99.31 - 172.16.99.230

Mgmt (VLAN20) interface:
IP: 172.16.20.1/24
DHCP: 172.16.20.31 - 172.16.20.230

Media (VLAN50) interface:
IP 172.16.50.1/24
DHCP: 172.16.50.30 - 172.16.50.230

Guest (VLAN100) interface:
IP 172.16.100.1/24
DHCP: 172.16.100.30 - 172.16.100.230


Currently, the switch, access point, and any device connected to the AP all receive IP addresses from the LAN DHCP range (I think). However, as soon as I assign a VLAN to a switch port or an SSID on the UniFi device, the client devices won't connect. I'm running the UniFi Network server application on Ubuntu and accessing it through a browser. Everything works correctly on a flat network, but VLANs do not. I first tried configuring a Guest network and created a test firewall rule:

Action: PASS
Interface Guest
Direction: in
TCP: IPv4
Protocol: any
Source: any
Destination: any

Switch Ports:
Port 1 - LAN
Port 2 - LAN
Port 3 - U6 Pro
Port 4 - Media Server
Port 5 - Set PC

I saw somewhere that it's best practice to have a separate management trunk in addition to the LAN connection, but I haven't configured that yet

Can someone point me at what I am doing wrong? Can work out if its the OPNsense config or unifi.

Thanks in advance 
Print
Go Up Pages1
User actions