• October 31, 2024, 11:33:45 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DGS-1210-24 VLANs With OpnSense Help For Those Trying  (Read 6910 times)

edz2k21

  • Level 1 Member
  • *
  • Posts: 1
DGS-1210-24 VLANs With OpnSense Help For Those Trying
« on: February 16, 2021, 06:54:29 AM »

Hi All

Just posting this (as my first post) as it took me some back and forth to understand D-Links ways of doing things. This isn't supposed to be the best way (you shouldnt combine untagged and tagged traffic not use these addresses etc) but I couldn't find any clear documentation or guide on how to set this up so thought i'd post up some notes.

Below is a simplified (and obscured) version of what I wanted to do, pretty typical, segment my network so my cameras that are fed via a separate POE switch (not shown here) can be in a separate segment of my network, can work with my DVR and other devices as I allow it in my OpnSense router but cannot go out to the internet unfettered. I named the VLAN IOT in this example it will be my cameras VLAN and named appropriately when finished.

I won't go into setting up OpnSense for VLAN as that's well documented out there. My configuration for this example VLAN is

OpnSense EM1 LAN 192.168.0.1

VLAN
Name IOT
VID 100
Gateway 192.168.100.1, set up DHCP with Range 192.168.100.50 - 192.168.100.200

I tested and knew that was working ok as I have Omada based WIFI points and set up a VLAN SSID which got an IP address from the VLAN DHCP correctly.

Setting up the DGS-1210
So on the switch I wanted port 16 to go to the OpnSense box as it does now (but also route the VLAN 100 based traffic) and ports 9 and 10 to be VLAN 100 devices.

The way to do this is not entirely clear in the documentation or guides due to a slightly confusing interface and not entirely clear documentation. I followed them but either ended up with no routing or nothing out from the VLAN ports.

This is the setup I eventually have working in this example.

Connections:
Port 9 - Camera / IOT device
Port 10 - Camera / IOT device
Port 16 - Existing connection to EM1 LAN OpnSense Interface

-----------------------------------------------------------------------

Under
   VLAN -> 802.1Q VLAN

Asymmetric VLAN Enabled (ensure you hit apply / save config after enabling it!)
   
For VLAN 1 - default
      UNTAGGED Ports 1-8,11-28 (I have 28 ports with the 4 uplink / extra RJ45 sockets on my DGS-1210-24)
      TAGGED NO PORTS TAGGED - DO NOT tag the uplink port or it will not route to the default LAN (unless this is what you want to do!)
      NOT MEMBER 9,10

For VLAN 100 - IOT
      UNTAGGED Ports 9-10
      TAGGED Port 16
      NOT MEMBER Ports 1-8,11-15,17-28

-----------------------------------------------------------------------

Under
   VLAN ->    802.1Q VLAN PVID   

Port - PVID
Port 01 - 1
Port 02 - 1
Port 03 - 1
Port 04 - 1
Port 05 - 1
Port 06 - 1
Port 07 - 1
Port 08 - 1
Port 09 - 100
Port 10 - 100
Port 11 - 1
Port 12 - 1
Port 13 - 1
Port 14 - 1
Port 15 - 1
Port 16 - 1 <----------- Uplink / TRUNK belongs to VLAN 1 do not change this
Port 17 - 1
Port 18 - 1
Port 19 - 1
Port 20 - 1
Port 21 - 1
Port 22 - 1
Port 23 - 1
Port 24 - 1
Port 25 - 1
Port 26 - 1
Port 27 - 1
Port 28 - 1

Make sure you apply your changes as you go and then after everything is set select save - save configuration from the drop down menu.

Once I did that I had to disconnect my uplink port (16) plug it into another port and then plug it back into 16, not sure if that was a quirk or a coincidence but it seemed to need it before the new config took hold.

As I say the above IS mixing untagged and tagged traffic on port 16 which is not best practice, you could always have a tag only uplink port (16) and an untagged traffic port to avoid this, it's not my final config but since I didn't find any postings online with details or video guidance I though I'd share in case it helps someone out.

Cheers

Edz






Logged

brians

  • Level 1 Member
  • *
  • Posts: 5
Re: DGS-1210-24 VLANs With OpnSense Help For Those Trying
« Reply #1 on: May 22, 2021, 08:52:16 PM »

What is purpose of you enabling Asymmetrical VLAN? I never do this and doesn't seem to be needed for what you are doing unless I missed something. I would not enable this because its for making private ports using same subnet and isolating devices while allowing them to access shared resources on specific ports like printers, servers etc. It appears you are using a different subnet for IOT devices and will set firewall rules in your OpnSense.

I configure this all the time on pfSense boxes... don't worry about mixing untagged and tagged VLANs because this is how VLANs work. If you have extra NIC port on your router you could apply your VLANs to it and then use a dedicated port on Switch for your VLANs and just make VLAN one not a member, and use tagging for all. otters VLANS. This way the VLANs all share their own bandwidth on their own port.
Logged