I am a beginner with VLANs. My setup is:
broadband modem
|
bare metal firewall: Protectli running OPNsense 25.1-amd64 (static IP of 192.168.1.1)
|
managed switch: Zyxel GS1900-8HP running OpenWrt 23.05.5 r24106-10cc5fcd00 / LuCI openwrt-23.05 branch git-24.264.56413-c7a3562 (static IP of 192.168.1.2) (firewall connected on first ethernet port (lan1) and AP connected on second ethernet port (lan2))
|
dumb AP: Linksys MX4200 running DD-WRT v3.0-r59280M std (static IP of 192.168.1.3)
5ghz (wlan0) wifi SSID home-fast
2.4ghz (wlan1) wifi SSID home-slow
This is all working fine.
I am now trying to set up VLANs.
I have set up a new VLAN with tag 2 in OPNsense and I think I did that right. The VLAN is on a new subnet (192.168.2.1)
In DD-WRT I have tagged home-fast (wlan0) with VLAN ID 2.
When I connect my phone to home-fast it gets assigned an IP in the 192.168.1.x subnet, not the 192.168.2.x subnet. I assume therefore I need to change some settings on the switch to ensure the VLAN tag gets passed through from the AP to OPNsense.
I have tried on OpenWrt on the switch going to
Network > Interfaces > Devices tab > configure the Bridge device > Bridge VLAN filtering tab > Add a new row with the following settings: VLAN ID 2, local ticked, lan1 tagged, lan2 tagged
This broke everything. I had to reset the switch to get it all working again.
What am I doing wrong? Any help greatly appreciated. Thanks!