Hi all,
Hoping for some pointers on setting up my network. Below is were I would like to get to, before setting up firewall rules for inter-VLAN routing - to come at a later date.
Current physical setup is a bunch of Ruckus unleashed APs wired into an ICX6610, which has a 10GbE link to an OPNsense router+firewall.
My question right now is basically how to set up the ICX to correctly manage the VLAN-tagged frames coming from the multiple SSIDs to the same port?
I should just set each port connected to an AP as tagged for all VLANs with SSIDs, right? So 10, 20, 30, 35, 50, 100 - yes? Then configure on APs, add firewall rules, and it should just work?
I can do all the above on CLI, but am then thoroughly confused by dual-mode, and comments that "Brocade/FastIron is a bit funny in how it handles Default VLAN when set to "1")
Can anyone help guide me as I learn about all this?
Thanks!
1 - (Default) Mgmt/Infrastructure
10 - Trusted - Normal SSID
20 - Guest - Guest SSID
30 - IOT (internet required to function) - IOT SSID
35 - NIOT (internet not required to function) - NIOT SSID
40 - Video cameras - wired only
50 - Entz (TVs, audio, consoles, Switch, uPNP on) - own SSID
60 - DMZ (anything accessible from WAN, but only specific ports opened) - wired only
100 - Work laptop, separate SSID, no firewall and no Zenarmor
IOT is for Echo, smart appliances, etc. that require internet access to function.
NIOT is for things that should not have internet access because there is no good reason for them to have it, but should be able to talk to themselves or others. ESPHome, homekit, etc.
Hoping for some pointers on setting up my network. Below is were I would like to get to, before setting up firewall rules for inter-VLAN routing - to come at a later date.
Current physical setup is a bunch of Ruckus unleashed APs wired into an ICX6610, which has a 10GbE link to an OPNsense router+firewall.
My question right now is basically how to set up the ICX to correctly manage the VLAN-tagged frames coming from the multiple SSIDs to the same port?
I should just set each port connected to an AP as tagged for all VLANs with SSIDs, right? So 10, 20, 30, 35, 50, 100 - yes? Then configure on APs, add firewall rules, and it should just work?
I can do all the above on CLI, but am then thoroughly confused by dual-mode, and comments that "Brocade/FastIron is a bit funny in how it handles Default VLAN when set to "1")
Can anyone help guide me as I learn about all this?
Thanks!
1 - (Default) Mgmt/Infrastructure
10 - Trusted - Normal SSID
20 - Guest - Guest SSID
30 - IOT (internet required to function) - IOT SSID
35 - NIOT (internet not required to function) - NIOT SSID
40 - Video cameras - wired only
50 - Entz (TVs, audio, consoles, Switch, uPNP on) - own SSID
60 - DMZ (anything accessible from WAN, but only specific ports opened) - wired only
100 - Work laptop, separate SSID, no firewall and no Zenarmor
IOT is for Echo, smart appliances, etc. that require internet access to function.
NIOT is for things that should not have internet access because there is no good reason for them to have it, but should be able to talk to themselves or others. ESPHome, homekit, etc.