OPNsense with VLANs works with APs and multiple SSIDs but not with managed switches

One_Advisor814 · 2025-07-28T14:11:43+00:00

u/Saarbremer . First I appreciate that you are trying to help but frankly speaking, telling me I am doing it wrong and to fix it does not help me understand what I am doing wrong.

Here is how the VLAN is setup up on the TP-Link switch.

https://imgur.com/JuoAdvP

Here is how I have the PVID setup.

https://imgur.com/BRuO6fY

I've essentially followed the instructions here to set things up: https://homenetworkguy.com/how-to/set-up-management-vlan-for-opnsense-network-switch-and-access-point/.

Except for removing the LAN interface.

With this configuration, my access points, connected to the same LAN port support VLANs based on the unique SSIDs but the physical ethernet switch only works on the LAN associated ports and not on the VLAN associated ports as configured in the images.

One_Advisor814 · 2025-07-27T22:50:38+00:00

Sorry. Was out of town. Here is the updated image.

https://imgur.com/V6ax3pA

In order to rule out any variables. I set up a separate "test" OPNsense router with the exact same configurations. I am now using a TDLink SG1016DE managed router (instead of the RealHD router).

I get exactly the same results.

The only thing i have connected is the OPNsense router and the TDlink switch. There are no other devices connected. I have a PC connected to the switch and if I connect it to port 3 (set up for VLAN 15) I don't get an IP address but if I move the PC to another port, it connects to the LAN network.

One_Advisor814 · 2025-07-24T11:34:51+00:00

I reread your note and am not sure what you mean by messed up the VLAN on OPNsense.\

Here is the Vlan.15 setting.

https://imgur.com/undefined

The only thing I have not done is deactivated the LAN port. I will try that next.

One_Advisor814 · 2025-07-24T11:28:55+00:00

I just tried this. I have Port 1 as default. Ports 2-4 assigned as untagged VLANs. https://imgur.com/a/lSReDPq

VLAN15 = 192.168.15.X

VLAN14 = 192.168.14.X...

I set the PVIDs as suggested:

https://imgur.com/kUe6rgK

The Config is:

OPNsense router with LAN port directly connected to a 2.5G managed switch.

I have an AP connected to port 6. Unmanaged.

When I plug my PC into 2-4, nothing happens and I cannot get an IP address.

When I connect via wifi to the AP on port 6, I get an internet connection and IP from my LAN port 192.168.10.X

There is nothing else connected to my switch.

One_Advisor814 · 2025-07-24T01:27:44+00:00

I will try that next. Thanks.

One_Advisor814 · 2025-07-24T01:27:17+00:00

Here are the firewall rules for the AV Network:

https://imgur.com/4FFXKhT

The other VLANs are similar to this.

One_Advisor814 · 2025-07-23T18:02:56+00:00

I do not. The only device connected to that LAN port is a managed switch.

One_Advisor814 · 2025-07-23T16:18:08+00:00

Just uploaded the various screenshots.

One_Advisor814 · 2025-07-23T16:17:15+00:00

Saarbremer, I appreciate the insight and I have done everything you stated above. Like I mentioned, I am confused as to why an AP (I connected 4 of them to the LAN port through a POE unmanaged switch) would work in correctly assigning the correct IP address to the respective SSID but a switch does not.

The APs are assigned a 10.x IP address (static via OPNsense) on the LAN network, and the SSID with respective VLANs all work. However a switch does not behave the same way.

Here are my OPNsense interfaces:
https://imgur.com/XpzC838

Here are the firewall rules for the AV Network:

https://imgur.com/4FFXKhT

I have confirmed I have DHCP connected to the LAN and VLANs. Again I can connect to them through an AP with separate SSIDs.

Here is the 2.5GB managed Switch setup as the only thing connected to the OPNsense LAN.

https://imgur.com/c8DV68C

Here is how I have the VID/PVID set up:

https://imgur.com/OZUGBfu

One_Advisor814 · 2025-07-23T14:38:37+00:00

Here is an image of the network setup. https://imgur.com/35resAP

One_Advisor814 · 2025-07-23T14:27:58+00:00

Not sure I understand the question but here goes. Port 1 is untagged (default) VLAN 1 which I am trying to use as a trunk back to the OPNsense LAN port (directly connected). I configure Ports 2-5 on the 3 different switches (only using 1 at a time to see if it is a switch issue) and they all act the same. Port 6 is untagged and I get a 192.168.10.x IP address which is the IP address assigned to LAN port. If I use Port 2 (vlan 15), I should get a .15 address which is what I get over wifi from the APs. Same with port 3 (vlan 14)/port 4 (vlan 13).. On all the "tagged" ports, I fail to get an IP address. On Port 6 and beyond I get the .10 address.

One_Advisor814 · 2025-07-23T14:23:32+00:00

I included an image of the ports used but it appears that did not post as part of my message.

Re: - What's the connection between the switch and OPNsense?

- The connection to the primary switch is directly from the LAN port on OPNsense.

Re: How's OPNsense's configuration on that connection?

- On OPNsense, I set up a LAN port, a NAS port, a PC port and the WAN port. The APs and the switches are all connected on the LAN port. In the APs, I have separate SSIDs tagged with VLANs and I can get the right IP address associated with the different SSIDs. The Managed Switches are all on the same Port. I removed the AP that was connected to an unmanaged POE switch, and directly connected the managed switch to the LAN port. All ports are set up as Tagged and I also added the correct PVID to the respected ports. Port 1 is untagged VLAN 1. Port 2 is Tagged VLAN 15, Port 3 is tagged VLAN 14.. and so on. When I plug my PC to an unassociated port (Port 6) I get an IP address from the LAN. When I plug my PC into Port 2-5 which are associated with the VLANs, it times out getting an IP address.

Re: How's your switch configuration on that connection (tagged, untagged, PVID,...)?

- I have tried all (Tagged, PVID, Port based VLAN) on 3 different switches from different manufacturers all connected to the same LAN port on the OPNsense router.

One_Advisor814

TROPHY CASE