I am completely new to VLANs and struggling to implement more than 1 on my current router/switch/AP combo.
Router is Intel Celeron J4125 with 4 2.5GB NICs running OPNsense 23.7.10_1-amd64, FreeBSD 13.2-RELEASE-p7, OpenSSL 1.1.1w
Currently 2 NICs are assigned - WAN and LAN
I successfully implemented a Guest VLAN (Tag 20) and setup firewall rules which allows the guest network to access the internet and DNS without being able to interact with "Private networks" (an alias which I setup to contain my LAN Network but can easily add future additional networks to the alias to make future firewall rules simple).
My Switch is a Sodola 9 port 2.5g smart switch which supports VLAN.
AP is a TP-Link EAP660 HD which also supports VLAN on multiple SSIDs - currently a main SSID (2.4 & 5ghz) with no VLAN assigned and a guest 2.4ghz with VLAN 20 assigned
What I want to do is add a second VLAN using the AP for IoT devices using tag 10
I set this up in the AP on a 2.4ghz band using VLAN ID 10
on my switch the AP is connected to port 2, opnsense router is connected to port 1
Currently I have VLAN 20 setup for ports 1-2 (tagged) and VLAN 1 (default) setup for all ports (1-9) untagged. This configuration is functioning as expected and all wired and wireless devices to the main SSID are in the same subnet and have full access to the LAN and WAN.
The guest network SSID is properly being given IPs from the VLAN 20 subpool setup in opnsense and can reach the internet but are succesfully blocked from the private LAN.
Here's where the setup completely breaks down - if I add VLAN 10 (IoT devices) in the AP on a IoT SSID and tag ports 1-2 with VLAN 10 & 20 on the switch I lose all connectivity to the router and WAN on ALL devices.
I assume this has something to do with how I'm setting up the switch ports but I've tried various combos of tagged/untagged and I can only get this to work with the single guest VLAN.
Any suggestions on implementing this successfully?
Router is Intel Celeron J4125 with 4 2.5GB NICs running OPNsense 23.7.10_1-amd64, FreeBSD 13.2-RELEASE-p7, OpenSSL 1.1.1w
Currently 2 NICs are assigned - WAN and LAN
I successfully implemented a Guest VLAN (Tag 20) and setup firewall rules which allows the guest network to access the internet and DNS without being able to interact with "Private networks" (an alias which I setup to contain my LAN Network but can easily add future additional networks to the alias to make future firewall rules simple).
My Switch is a Sodola 9 port 2.5g smart switch which supports VLAN.
AP is a TP-Link EAP660 HD which also supports VLAN on multiple SSIDs - currently a main SSID (2.4 & 5ghz) with no VLAN assigned and a guest 2.4ghz with VLAN 20 assigned
What I want to do is add a second VLAN using the AP for IoT devices using tag 10
I set this up in the AP on a 2.4ghz band using VLAN ID 10
on my switch the AP is connected to port 2, opnsense router is connected to port 1
Currently I have VLAN 20 setup for ports 1-2 (tagged) and VLAN 1 (default) setup for all ports (1-9) untagged. This configuration is functioning as expected and all wired and wireless devices to the main SSID are in the same subnet and have full access to the LAN and WAN.
The guest network SSID is properly being given IPs from the VLAN 20 subpool setup in opnsense and can reach the internet but are succesfully blocked from the private LAN.
Here's where the setup completely breaks down - if I add VLAN 10 (IoT devices) in the AP on a IoT SSID and tag ports 1-2 with VLAN 10 & 20 on the switch I lose all connectivity to the router and WAN on ALL devices.
I assume this has something to do with how I'm setting up the switch ports but I've tried various combos of tagged/untagged and I can only get this to work with the single guest VLAN.
Any suggestions on implementing this successfully?