Hi all,
I've decided to upgrade my home network and take the deep dive into networking. However, I have run into some issues regarding network segmentation with VLANs and I'm hoping you can help me out as it is probably a no-brainer for an experienced network engineer
In my current setup I'm running PVE on a small industrial computer with 6 network ports. On this PVE host two VMs are running, one OPNsense box that acts as router and one Omada controller to manage a single EAP245 AP. The goal is to have multiple wireless networks that have their corresponding VLAN as well as having some LAN networks, also with their dedicated VLANs. Without VLANs everything is working fine, and I'm now slowly transitioning to VLANS.
To start small I'm trying to get one of the LAN ports on a separate VLAN (vmbr3 with VLAN tag 30), however I do not seem to get this to work. In PVE I've configured the networking as shown in the screenshot.
OPNsense is configured with the same VLAN tag with vmbr3 as it's parent interface. A DHCP server is configured to run on the WORKVLAN interface.
The setup above is working if the connecting device (my laptop in this case) tags all traffic with VLAN tag 30. However, if untagged network traffic is send through the physical LAN port it seems that it is dropped, and no IP address is obtained from the DHCP server.
After reading up a lot on the subject the common scenario dictates that a managed switch should be in-between the LAN devices and the router port. The switch would then tag all traffic accordingly and everything would work. However, as I'm just managing a small home network and the 6 NICs on the router are more than adequate, I do not want to buy a switch just to provide the VLAN tagging and would instead use proxmox for this job.
So the real question is; how can I make sure that all traffic that arrives from the LAN port (enp4s0) is tagged with VLAN tag 30 before being passed to the OPNsense box through vmbr3.
I've tried adding the VLAN tag option in the net3 network device in the OPNSense VM configuration, but this seems to drop all traffic, even if I tag the data from my laptop.
The ideal flow would look something like this:
Laptop -----[untagged network]---->enp4s0------>vmbr3.30------[vlan 30 tag]---->vmbr3------>OPNsense WORKVLAN
If there if information missing, please let me know!
Thanks in advance!
I've decided to upgrade my home network and take the deep dive into networking. However, I have run into some issues regarding network segmentation with VLANs and I'm hoping you can help me out as it is probably a no-brainer for an experienced network engineer
In my current setup I'm running PVE on a small industrial computer with 6 network ports. On this PVE host two VMs are running, one OPNsense box that acts as router and one Omada controller to manage a single EAP245 AP. The goal is to have multiple wireless networks that have their corresponding VLAN as well as having some LAN networks, also with their dedicated VLANs. Without VLANs everything is working fine, and I'm now slowly transitioning to VLANS.
To start small I'm trying to get one of the LAN ports on a separate VLAN (vmbr3 with VLAN tag 30), however I do not seem to get this to work. In PVE I've configured the networking as shown in the screenshot.
OPNsense is configured with the same VLAN tag with vmbr3 as it's parent interface. A DHCP server is configured to run on the WORKVLAN interface.
The setup above is working if the connecting device (my laptop in this case) tags all traffic with VLAN tag 30. However, if untagged network traffic is send through the physical LAN port it seems that it is dropped, and no IP address is obtained from the DHCP server.
After reading up a lot on the subject the common scenario dictates that a managed switch should be in-between the LAN devices and the router port. The switch would then tag all traffic accordingly and everything would work. However, as I'm just managing a small home network and the 6 NICs on the router are more than adequate, I do not want to buy a switch just to provide the VLAN tagging and would instead use proxmox for this job.
So the real question is; how can I make sure that all traffic that arrives from the LAN port (enp4s0) is tagged with VLAN tag 30 before being passed to the OPNsense box through vmbr3.
I've tried adding the VLAN tag option in the net3 network device in the OPNSense VM configuration, but this seems to drop all traffic, even if I tag the data from my laptop.
The ideal flow would look something like this:
Laptop -----[untagged network]---->enp4s0------>vmbr3.30------[vlan 30 tag]---->vmbr3------>OPNsense WORKVLAN
If there if information missing, please let me know!
Thanks in advance!
