Having a bit of trouble with my network setup. I'm mostly a noob with very light understanding of what I'm working with, so bear with me.
I've got my opnsense box setup with mostly defaults set for rules. The opnsense box is hooked directly to an MB8611 modem on the WAN interface, with LAN interface running to an 8 port managed netgear switch on port 1 of the switch. I have port 2 of the switch hooked up to a vlan-aware access point. Other ports are occupied by physical links to some servers.
Everything on LAN works fine, including the access point. I have the access point setup with 3 SSIDs, all that can connect clients no problem. Some of the clients on the network are game consoles/gaming PCs that run into connectivity issues with some titles, I believe because of a strict NAT. Rather than just assigning outbound rules by static addresses, I opted to create a VLAN to house all gaming devices and segment them from the network. I don't need them to talk to each other or other devices.
I have created VLAN10, assigned it a gateway address of 192.168.10.0/24, setup DHCP and assigned the LAN as the parent interface. I created a new SSID on the access point and gave it the VLAN 10 tag. All of the ports on the switch are now assigned to default vlan1 with untagged traffic, and then ports 1 and 2 are assigned to vlan 10 with tagged traffic. Testing with an iPhone, this works totally fine. I get assigned the correct leases and can make outbound connections to the internet. Testing on a windows 11 gaming PC, previously connected to an untagged SSID and now switched over to the tagged SSID, I am unable to make outbound connections to the internet. Another android device that I connected with to the new SSID also worked fine, so I'm not sure what's up with this PC. I haven't tested other gaming devices yet.
Your switch and AP configuration seem to be fine, so I would guess that the issue is on the routing/firewall side in OPNsense. Do I understand correctly that you assigned 192.168.10.0 as the IP address for OPNsense on the VLAN10 interface?
That might pose an issue, since in a /24 sized subnet in IPv4, the .0 address is the network identifier. Some software historically would wrongly disallow using this as an IP address, either as a source or as a destination. You might try changing your address to 192.168.10.1/24 to see if that works for your devices.
So correction again, I do have vlan10 assigned with an IP of 192.168.10.1/24, so that does appear correct.
I have enabled ipv6 on both the vlan and the main LAN. I get assigned leases on both with the correct prefix I have set, and I have a requested prefix delegation of /60 on the WAN side, which also appears to have applied correctly. LAN I can pass all ipv6 tests, but the vlan I'm never able to pass any of the devices.
Are you familiar with using Wireshark for traffic analysis? I think the next step is to figure out what is getting through and what isn't, to the Windows machine to start with.
Focusing on IPv4 for now, I would hope the network trace shows the DHCP request being sent out, the DHCP response with an IP for the Windows machine, and then some outbound web TCP traffic (eg google.com), followed by some sort of TCP response. But since it's not working, I imagine the latter would be replaced by -- ideally -- ICMP error messages that will describe the problem.
Edit: so correction, the android and iphones can resolve certain domains, but I get timeouts with others. I'm running unbound as as the local resolver and have set the rule to allow traffic from the vlan to the DNS port.