News:

Welcome to the Home Network Guy forum!

Main Menu

VLAN DHCP In OPNSense?

Started by Ruok2bu, March 29, 2021, 07:55:14 PM

Previous topic - Next topic

Ruok2bu

I followed your guide at https://homenetworkguy.com/how-to/configure-dhcp-vlans-opnsense/ and i have a DHCP range set up for a network but my pc will not grab an ip address from the range i set up! And i have 2 switches (daisy chained) to the physical switch. My PC only successfully gets and IP when the physical interface itself has DHCP set up.

Whats happening and how do i fix this?

Home Network Guy

Are all of your switches VLAN aware? Also when you daisy chain your switches, you will need to make sure that the ports connecting each switch are configured to be as a "trunk" so that it will pass all of the VLAN IDs between the switches. The terminology for VLAN "trunks" can vary between vendors, but the concept is the same. You need to make sure the VLAN tags can propagate between all of the switches. That is my first thought on why you are not getting any DHCP addresses assigned if you are following the guide without knowing any other information about your configuration.

Ruok2bu

Aha! That was the problem. My switches are dumb and unmanaged.
I'm going to get one 8 port VLAN aware switch instead.

I was looking at https://www.amazon.ca/TP-Link-Ethernet-Unmanaged-Replacement-TL-SG108E/dp/B00K4DS5KU  Is that one good enough or do you recommend something else? Ideally i dont want to spend over $100 on the switch.

P.S. It will be used at home where i need to isolate 5 networks.

P.P.S. I was using Sonicwall SOHO for the last 15 years but got tired of having to pay yearly for access to updated firmware.

Home Network Guy

Yes, that should be adequate to give you basic VLAN support. Unmanaged switches will often pass along VLAN tags, but you can't configure any of the ports to participate in VLANs, which is why you need a smart/managed switch. Once you have the switch, you will set up the same VLAN IDs on both the switch and OPNsense (or whatever router software you are using).

Ruok2bu

So im having a problem, i followed all your guides, got VLAN's set up, enabled the DNS and DHCP rules for them (at the very least my management computer), got a smart VLAN switch. But everytime i enable VLAN on the switch (and set it to use the same VLAN IDs as i have configured on site), i lock myself out of OpenSense.

Any idea how to get around this?

Home Network Guy

Is your computer that you are logging into OPNsense on the same default LAN network? By default OPNsense runs on 192.168.1.1. When working with VLANs, the default untagged VLAN ID is usually 1. So that means all ports on your switch that do not have any VLANs set will be on that default untagged VLAN 1. Make sure the computer you are connecting to OPNsense is on an untagged port.

Also, you will need to sure that the port on the switch that the OPNsense box is connected to is set up to allow all VLAN tags to pass through. Different network device manufacturers use different terms. Some call it trunk ports. The port the router is plugged into needs to be configured to allow all VLAN and untagged traffic if you are using the default VLAN 1 as the management VLAN. I think it's easiest to use the default VLAN.

I know some people prefer to change the management network to a different VLAN since it's easy to make the mistake of plugging a device on an untagged port and have access to the network management network. If you set all of your other ports to be in different VLANs (or may another default unused VLAN ID), then you would not have to worry about that issue as much.

Ruok2bu

My switch is an all or nothing kind of thing. If i enable VLAN support, all ports have it enabled, i cant leave one port un-enabled.

Ruok2bu

HNG, i need your help :(

I followed all the instructions in:

https://homenetworkguy.com/how-to/configure-vlans-opnsense/
https://homenetworkguy.com/how-to/configure-dhcp-vlans-opnsense/

Created the VLAN interfaces (i have 7), enabled DHCP for each of them in a different range, added the firewall rules to access internet (the current version of OpnSense auto adds the DHCP firewall rules).

But when i enable 802.1Q VLAN on the smart switch, my computer fails to get an IP address.

I was told by a friend that i should set VLAN 1 to untagged and the rest to tagged but that doesnt fix it. Find attached what the switch page looks like.

Home Network Guy

It looks like from the screenshot that you didn't create the same VLANs on your network switch. The VLAN IDs you defined in OPNsense needs to match the VLAN IDs on your switch. You need to make sure you have the proper ports selected as tagged and untagged ports for each VLAN you create. It's not a bad idea to configure your OPNsense/network switch from the default VLAN so you don't lose access to the web interfaces.

Ruok2bu

I couldnt get OpnSense to work, even when matching the VLAN ids. So i gave up and bought another Sonicwall (Sonicwall SOHO 250).

Thanks for the help though!