//nbkelley /homelab

VLAN Configuration: OPNsense & Netgear MS308E#

What Was Established#

Configuration pattern for implementing tagged (trunk) and untagged (access) VLANs using OPNsense as the router and a Netgear MS308E managed switch.

Key Decisions#

  • VLAN Naming/ID: Example VLAN “Incánus” assigned ID 20.
  • Trunking Strategy: The port connecting OPNsense to the Netgear switch must be configured as a Tagged port for all active VLANs.
  • Access Port Strategy: Ports for end-devices must be Untagged for the specific VLAN, with the PVID (Port VLAN ID) set to match that VLAN.

Current Configuration#

OPNsense Setup#

  1. Create VLAN: Interfaces → Other Types → VLAN (Assign Parent Interface and Tag ID).
  2. Assign Interface: Interfaces → Assignments (Add the new VLAN interface).
  3. Configure IP: Set a static IPv4 address (e.g., 192.168.20.1/24 for VLAN 20).
  4. DHCP: Enable DHCPv4 under Services → DHCPv4 → [VLAN Interface].

Netgear MS308E Setup#

  1. VLAN Membership:
    • Trunk Port (to OPNsense): Set as Tagged for all VLANs (e.g., VLAN 20, 30).
    • Access Port (to Device): Set as Untagged for the target VLAN.
  2. PVID Configuration:
    • For Access Ports, the PVID must be updated to match the VLAN ID (e.g., Port 1: PVID 20).

Historical Notes#

Configuration established during the rollout of the “Incánus” network segment.

OPNsense DHCP Configuration, Cloudflare Integration: SSL & DNS, Network Infrastructure & VLANs

Sources#

Adjust IP Assignment Range in OPNsense · ingested/chats/adjust_ip_assignment_range_in_opnsense.md

Backward OPNsense DHCP Configuration Projects Forward