Newbie here setting up OPNsense - Can’t figure out how to assign clients to VLANs

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
L

lombok

New Member
May 31, 2019
5
1
1
I recently installed OPNsense on a new tiny Intel box strictly for OPNsense firewall & routing purpose for the home network.

Here is my setup:

IMG_0330.jpeg

1. I wanted to protect the network by segmenting the traffic & clients via VLANs. So I created 5 VLANs by following YouTube videos.

2. My question is, how do I assign/attach a client to the respective VLAN?

Generally, when I plug in a device, the DHCP server automatically assigns an IP to the device. Here is a screenshot of some devices and the leases it is on:

DHCP Leases.jpeg


As shown in this screenshot, all the devices have been randomly assigned an IP and interface. So for example, how do I “move“ the Google-Home-Max device to the VLAN for IoT? Is this something I need to log into the Netgear switch to configure (it is an unmanaged Netgear ProSafe GS752TP)? Or is this task performed in the OPNsense screen?

Thanks in advance!
 
J

j_h_o

Active Member
Apr 21, 2015
680
193
43
California, US
Your access point would need to assign wireless clients to specific VLANs, and for wired clients, your managed Netgear switch would need ports configured as "access" ports on the VLAN in question.

With your unmanaged switch, you could put all clients on that switch into the same VLAN.

Since it appears you have UniFi wireless, you can create a different SSID for each VLAN, then configure the UniFi AP to assign clients to specific VLANs.

Or you can use RADIUS to "map" each client/MAC address/certificate to specific VLANs.
 
  • Like
Reactions: Stovar
L

lombok

New Member
May 31, 2019
5
1
1
J_h_o > Thank you for the advice and pointing me in the right direction! It turn out I was incorrect in stating the switch was unmanaged… it is indeed a Netgear managed switch that I have.

Having said that, configuring the VLANs were way above my pay grade, so I hired a freelance network engineer to do the VLAN configuration for me. So the basic VLAN framework is now setup. My next project is to play around with the firewall settings and customize it to my needs.

I expect the firewall project to be another head scratcher, but I do enjoy the learning process. Better to learn how to fish now, than to always rely on someone to do it for me.
 
  • Like
Reactions: Stovar
You must log in or register to reply here.
Top Bottom