OPNsense Forum

English Forums => General Discussion => Topic started by: Roemer on August 10, 2021, 11:06:15 pm

Title: New home networking setup with VLANs
Post by: Roemer on August 10, 2021, 11:06:15 pm

Hello all

First time poster and first time opnsense user.

I am planning to redo my whole home network setup. I am currently just using a customer grade router as main router and I want to switch to opnsense in order to be able to use VLANS.

I have actually prepared a small image on how I imagine the network looks like (physically) and added it to the attachments.

Hardware summary:
- Cable modem, well as fiber modem
- IPU445 with opensense (has 4 ports)
- Various switches, all capable of VLAN tagging I hope
- Two Asus routers as Switches / Access points. They will use FreshTomato or ddr-wrtto use VLANs.

Connection summary:
- Cable modem is connected to one port on the pfsense box which is declared as WAN
- One? port from the opnsense box to the next switch
- One trunk per switch so all have a trunk.
- Devices are normally connected to the switches or via wifi.

My main question/insecurity is that my opnsense box has 4 ports, 1 is used for WAN so I have 3 free. Should I have only one of them as trunk port to the next switch (so multiple vlans and data go thru that port) or should I have multiple ports, maybe even with port aggregation? Or should I use multiple and maybe assign each of them a few vlans?

Also is something bad practice in this setup and should be changed?

Many thanks for you input! I will probably come back later with more questions but those are the most important ones so I can start.

Cheers,
Roman

Title: Re: New home networking setup with VLANs
Post by: errored out on August 11, 2021, 12:50:37 am

It depends what your goal is.

If you want easy, put each location on a separate vlan. 
If you want security, place all insecure equipment on a vlan, user on another, and cameras on a third.

Out of curiosity, why does the living room have it's own switch when there is only 1 port used?  You could run the cable directly to the kodi box for easier management.

Title: Re: New home networking setup with VLANs
Post by: Greelan on August 11, 2021, 12:57:59 am

At a minimum the OPNsense dev recommendation is that you don’t mix tagged and untagged networks on the same interface. So for example in my case I have LAN on one port (untagged) and then my VLANs (all tagged) on another port. Other than that there is no particular right answer afaik - will depend on whether you might need extra capacity for certain networks in which case you might want dedicated or aggregated, or how many switch ports you have available to connect to OPNsense, etc