Then enter a range of IP addresses that you wish the clients in the VLAN to use. Click the “Enable DHCP server on the DMZ interface” checkbox. Go to “Services > DHCPv4 > ” or whatever you named your interface. Enable DHCP on VLAN InterfaceĪfter enabling the VLAN interface, you will need to enable DHCP services on the interface in order for devices on the VLAN to obtain a IP address automatically. It is easier to remember that a “.1” address is the gateway IP address for the VLAN rather than a randomly assigned address – much like how most consumer-grade routers will default to something like 10.0.0.1, 192.168.0.1, or 192.168.1.1. Typically, you would simply assign it a .1 address. In the “IPv4 address” box, enter the IP address you wish to use for the interface. After selecting this option, a new “Static IPv4 configuration” section will be displayed at the bottom of the page. You should select “Static IPv4” for your VLAN unless you are using the VLAN for other purposes which is beyond the scope of this article. I usually name the interface the same name as my VLAN to keep the names consistent. Once you click on the new “OPT8” interface (or whatever your interface was named), you can then enable it, prevent it from being removed (unless you later uncheck the option), and give it a proper interface name. It will also show up in the “Interfaces” section in the navigation panel: You may see “OPT2” or some other number depending on the number of interfaces you already have defined: You can see in my case it is called “OPT8” by default. The interface will show up in the list of assigned interfaces. The VLAN parent interface may not necessarily have to be a physical interface since I noticed that I could select my OpenVPN interface as the parent interface, but for the most part, it is easy to think of the VLAN parent interface as the physical interface in which you want your VLANs to traffic to reside. Select the newly created VLAN beside the “New interface:” text and click the “+” button. The physical interface for the VLAN was already selected when you selected the parent interface. The next step is to assign a new logical interface for the VLAN. You need to give it a tag number (something other than 1), the priority of the VLAN traffic, and a short description of the VLAN. You may have previously defined this interface as “LAN”. You would want to select the port on the router where your switch is connected as the parent interface. For a home network, you will most likely have a single switch plugged into the router for extra ports. This is the physical port where the VLAN should reside. The first option you need to select is the parent interface. To configure VLANs, you must go to “Interfaces > Other Types > VLAN”. The setup process makes it convenient by prompting to plug in a network cable to the port you wish to enable the WAN or LAN to help detect the proper network interface. You have the option to configure it later, but it makes sense to at least set up those two interfaces since that is the bare minimum that you will typically use. The OPNsense software walks you through setting up a WAN and LAN interface when you first install it. Although you can use a single interface for the WAN/LAN connection (which reminds me of the dial-up Internet connection sharing days…), it is recommended to have at least two network ports/adapters on the device you have OPNsense installed. One interface needs to be used for the WAN which provides the Internet connection from your modem/router and at least one other interface needs to be used for your LAN for your internal network devices. It is economical since you do not need to purchase extra hardware and convenient since your network devices can be physically located anywhere yet still be grouped in logically separate networks.īefore we can configure VLANs in OPNsense, you will need to configure all of the interfaces on your router that you plan to use. VLANs are both economical and convenient. The biggest difference is that you do not need to put network devices on physically separate switches or other network hardware. Think of them as logically separate networks that are similar in concept to physically separated networks. For the uninitiated, VLANs are Virtual Local Area Networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |