TRB500 gateway: General usage question VLAN

PetaH · May 24, 2025, 8:27pm

I have recently got a TRB500 gateway and would like to use it with my OPNsense.

My OPNsense configuration has so far been run in a simple default setup. However, I would now like to get to know my network a little better and slowly increase my network knowledge and learn more about VLANs.

So please be patience with me if I come here with what is probably a stupid beginner’s question…

As already mentioned, my setup is an OPNsense, and I have set up a VLAN101 there as well as on my Unifi switch. The ports on the switch are tagged. The devices in VLAN101 are either assigned an IP via DHCP or static. I have assigned a fixed static IP to the TRB500.

Within the VLAN101 everything seems to work perfectly, ping successful, access to the GUI of the TRB500 without problems.
I have also set up a rule for the VLAN on the OPNsense that allows general access for everything. Ping, access (SMB) from or to the VLAN seems to work between devices that are in VLAN101 and also outside VLAN101.

Only the access/ping to the TRB500 only works within the VLAN101.

Do I have a basic error in my thinking or a lack of basic network knowledge here or does the TRB500 have a basic (protective) function that it can only be accessed or may only be accessed within a subnet?

MatasR · May 26, 2025, 7:30am

Hello!

Thanks for the inquiry. To get to the point, to access a device locally, you need to be in the same subnet as the device itself.

For example, your TRB500 might have the LAN IP address of 192.168.1.1, which is the default for most of our devices. In that case, your PC should also be in the 1.0 subnet to access the TRB device successfully. The same goes for your phone, or any other device that you might use.

Just so I understand your current configuration better, could you perhaps provide a topology and include the LAN IP addresses with any additional information that you think might come as useful to help you out?

Thank you,
M.

PetaH · May 26, 2025, 6:47pm

Current configuration until purchasing the TRB500.

OPNsense, automatic standard configuration.

Interfaces
[LAN] 192.168.1.1/24, static IP address, DHCP service running
[WAN] PPPPOE, Vigor Draytek modem, Deutsche Telekom

The TRB500 could simply be used as a replacement for the Draytek modem via bridge or passthrough, connected directly to the [WAN] interface of the OPNsense. Got that, it’s clear to me.

However, I would like to be able to access the GUI of the TRB500, that’s why I’m thinking about the [VLAN].

The [VLAN101] is now set up as an additional interface on OPNsense, address range 192.168.101.1/24, static, no DHCP. The [TRB500] has static IP 192.168.101.2

The [VLAN101] has three (untagged, by the way, not tagged as written before) assigned ports on my Unifi switch. Within the [VLAN101] are connected

[TRB500] 192.168.101.2
[Notebook] 192.168.101.3

The [notebook] can ping itself 192.168.101.3, the interface [VLAN101] 192.168.101.1 and the [TRB500] 192.168.101.2 and of course also access the WebGUI of the [TRB500].

Another computer [DESKTOP] OUTSIDE the [VLAN101] is located in my standard [LAN] and has any 192.168.1.x address and can ping all IPs of the [VLAN101], but NOT the [TRB500].

In short:
Notebook@VLAN101
ping 192.168.101.1 = ok
ping 192.168.101.2 = ok
ping 192.168.101.3 = ok

Desktop@LAN
ping 192.168.101.1 = ok
ping 192.168.101.2 = failed
ping 192.168.101.3 = ok

I also have further questions about the bridge/passthrough mode, but one after the other.

MatasR · May 27, 2025, 6:40am

Hello,

As I’m unfamiliar with any Draytek devices or OPNsense, I’m not sure what I could suggest changing there.

From our end, however, I’ve remembered that we have a VLAN Inter-zone configuration example, which might come in handy: VLAN Inter-Zone accessibility control configuration example - Teltonika Networks Wiki

I guess since we’re 90% of the way there (only 1 ping doesn’t go through, according to what you said), we need to play around with the firewall rules to see if that’s the issue. If not, then it could also be some settings (for example, default gateway settings) that have to be changed on the other devices.

Let me know if anything changes.
M.