OPNsense Forum
English Forums => General Discussion => Topic started by: wbravin on June 21, 2020, 03:40:33 pm
-
Hello all; I am a noob of noob. I have been watching on youtube various videos relating to choosing, installing and configuring opnsense.
I live in a very old house in Italy. The house is built in stone and concrete and it has 3 floors. Although i remodelled some of the house infrastructure I have no way of running cables.
At the moment I have 2 servers running freenas and one of the servers is based on a consumer pc architecture. Currently the whole house is connected via gigabit powerline and they are connected to simple switches and it all works well. Currently I have an asus rt ac87u as a router that is sitting in the living room. It currently provides me with my wifi needs.
So because i have too much time on my hands I decided to have a more robust and flexible router. (I have IOT, remote users such as my daughter who lives in the UK and friends in Canada and home automation).
So I buy a dell r710 because it has 4 lan ports. Yes it is an overkill but I will replace it next spring with an R610. I receive my internet service from EOLO (which transmit via radio waves and I receive the signal via a dish in turn connects to a eolo box (which is a small brick that has the satellite feed in and the out goes to the wan port of my current router in the living room.
My next step Is to install all IT equipment in a rack and move it to the loft.
I will move the internet feed from the living room to the loft.
So now opnsense will be in the loft which will be connected to a managed switch which will have direct connection to the server environment. Then I plan going from the switch to a powerline connection which will connect all my pcs in my house fine.
Finally my question:
I want to use current router as an AP (I read that this is possible)
Can I leave the current router in the living room and have it fed by a powerline and still act as an AP?
I fear that moving the asus to the loft i will not have sufficient band strength to feed my guests and I when we are on the ground floor or outside in the yard.
Thank you for taking the time to read this and responding
-
Hello all; I am a noob of noob. I have been watching on youtube various videos relating to choosing, installing and configuring opnsense.
I live in a very old house in Italy. The house is built in stone and concrete and it has 3 floors. Although i remodelled some of the house infrastructure I have no way of running cables.
At the moment I have 2 servers running freenas and one of the servers is based on a consumer pc architecture. Currently the whole house is connected via gigabit powerline and they are connected to simple switches and it all works well. Currently I have an asus rt ac87u as a router that is sitting in the living room. It currently provides me with my wifi needs.
So because i have too much time on my hands I decided to have a more robust and flexible router. (I have IOT, remote users such as my daughter who lives in the UK and friends in Canada and home automation).
So I buy a dell r710 because it has 4 lan ports. Yes it is an overkill but I will replace it next spring with an R610. I receive my internet service from EOLO (which transmit via radio waves and I receive the signal via a dish in turn connects to a eolo box (which is a small brick that has the satellite feed in and the out goes to the wan port of my current router in the living room.
My next step Is to install all IT equipment in a rack and move it to the loft.
I will move the internet feed from the living room to the loft.
So now opnsense will be in the loft which will be connected to a managed switch which will have direct connection to the server environment. Then I plan going from the switch to a powerline connection which will connect all my pcs in my house fine.
Finally my question:
I want to use current router as an AP (I read that this is possible)
Can I leave the current router in the living room and have it fed by a powerline and still act as an AP?
I fear that moving the asus to the loft i will not have sufficient band strength to feed my guests and I when we are on the ground floor or outside in the yard.
Thank you for taking the time to read this and responding
So, do you mean:
OPNSense -- Switch -- PLC -- AP (ac87u)
Is that so? Yes, that´s totally fine. However there would be different topologies you could configure.
If not, maybe if you explain your final l3 topology would be easier to understand.
-
Thank you very much for your prompt reply.
Yes. Just to clarify
OPNsense server > managed switch> powerline adaptor (you called it plc) > ac87u.
What other topologies can i configure?
So Far i designed the 4 ports on the r710 I would have 1 for wan, 1 for lan, 1 for wifi, and the last one for IOT. I still need to install opnsense.
This is a vast learning curve for me
Once again thank you
-
Thank you very much for your prompt reply.
Yes. Just to clarify
OPNsense server > managed switch> powerline adaptor (you called it plc) > ac87u.
What other topologies can i configure?
So Far i designed the 4 ports on the r710 I would have 1 for wan, 1 for lan, 1 for wifi, and the last one for IOT. I still need to install opnsense.
This is a vast learning curve for me
Once again thank you
Ok, so basically there are 2 paths:
Routed:
OPNSense connected to the WAN of the AC87U (same network) and then the WiFi (lan) in a different one
Switched:
OPNSense connected to one of the LAN ports of the AC87U so it´s in the same network as the LAN in the AC87U. WiFi devices should be configured to use the OPNSense IP in that LAN as gateway and that´s it.
Second option is probably the best unless you need/prefer to route it for some reason.
-
Thank you
for my understanding
Option 1
Connect the eolo box to the wan of opnsense then the connection from the powerline to the wan of the router
option 2 connect the eolo box to the wan of the ac87u then connect the acu87u lan to a powerline then the power line to the opnsense. In this case will the ac87u control the the dns and dhcp?
-
I would suggest you use managed switches and VLANs.
Do it like this:
Loft eulo box ->Opnsense -> Managed Switch -> Powerline
Then wherever you have a powerline adaptor you can then go into another managed switch and have separate LANs, WAPs etc etc, becomes very simple.
Yes you can still use your AP87, just disable its own dhcp and only connect the LANs, it will work fine. As you move forward you can also use WAPs such as the TP-Link EAP235 that support VLANs and have multiple SSIDs, thus allowing guest networks and totally isolating them from the rest of your network.
-
Great thank you this is what i needed to know.
Asus ac87u does support 2 ssid one for private and one for guests. so i can leave the wifi function to the asus. I will connect the switch to the powerline which in turn be connected to a lan port on the asus.
However you just made me realise that i need to understand the routing of all this.
As i motioned i will have 1 managed switch. One port of this switch will be connected to the powerline (in the server room) which through the electrical wiring of the house will be connected to a a local powerline. The servers and other components in the loft will be connected directly to the switch. This powerline will be connected to a local simple switch then i will connect the ac87u to a port of that switch.
If this works then i have the wifi i need.
i would be able to connect my HTPC and my TV (which i will set to the IOT lan) in that room to the other ports on the switch.
If this works, great. I will replicate it to my home theatre room with its own power line unit and simple switch.
The rest of the laptops will work off their dedicated poweline which in turn (again through the hose electrical wires) to the main poweline in the server room.
I am spending this morning learning about switches. and from the sound of it, i do not need a managed switch in the rack. I should live with a simple switch.
This would mean (in my feeble mind) that I should have only 1 lan cable from the r710 connected to my switch in the rack.
This would mean that i have one port on the dell r710 connected to the WAN (the eolo box)
1 port connected to the switch this would represent my lan network. (1`92.168.1.1)
Then have a Vlan for the IOT (192.168.2.1 and a Vlan 175.168.1 1 for wifi.
Is this reasoning correct or am i just barking up walls and mirrors or am i biting off more than what i should chew?
Thank for your patience in reading this and for answering and clarifying these issues I have
-
Why are you connecting the R710 to the WAN?
I assume that the WAN you are referring to is in fact the LAN output of the ISPs router?
-
Hello Thank for your reply
yes my ISP router (the eolo box) is the receiver for the from the provide's dish. then from that box w i wold connect it to one the dell r710's NIC *that in my opinion will act as a WAN connection.
However after spending all day yesterday learning about managed switches, Vlans, firewall rules and connectivity issues. I hace come to the decision that i am biting off more than i can chew and if i do manage to chew it i will definitely get indigestion.
Therefore I will install opnsense as a plain vanilla solution with 1 LAN (192.168.1.1) which i will connect this to a 24 port managed switch (that i still need to buy) to which.
To the switch I will connect my 4 serves directly and the home automation server and connect one port to the powerline in the loft. All these components i will set with a static IP address.
then the powerline in the loft will connect to the powerline in each room which in turn will connect either to a computer directly or to a simple switch to which
In the case of the living room i will connect the asus as an AP, my HTPC and my TV in the living room to a small switch. If it would help I can connect the asus AP to it's own powerine. would this be better? then the on the asus i will segregate the home wifi and the guest wifi.
In the case of the home theatre room I will connect the projector and the HTPC to the a simple switch that will be connected to the powerline in that room .
once this is all done and working i will start to develop the firewall rules to further secure my environment. and then learn of to design develop and implement vlan to segregate the IOT from the rest of my environment
Once again thank you for your contribution and I apologise for being so long winded.
-
That will work, the only thing you will not be doing in that scenario is creating totally isolated LAN segments; so although your WAP has a guest access SSID it will be on the same LAN as the rest of your equipment.
The other warning is double NAT. Does your ISP box expose a global address or a private address? Double NAT is really only an issue if you are trying to access your own servers from the Internet when it can be a bit tricky to set up, if you are not going to do that you should be OK.
-
thank you for replying so quickly
I will not be accessing my servers remotely.
The asus will take care of the guest with a separate ssid. Yes it will be on the same lan however will i not be able to create a rule to prevent this.
I would guess that if the AP is on a static ip and with that information i would be able to identify the user ssid name I should be able to prevented from accessing the rest of the lan.
would you consider this to complex for me to develop?
once again thank you
-
That might not work, it really depends on the WAP access point and how it manages the guest SSID. If the WAP gives the guest user an address on the same LAN network as your servers etc, then the guest would be able to connect to them. Traffic on the LAN between devices goes point to point, not via Opnsense. You will need to test that to see if the WAP itself prevents access to other devices on the same LAN.
-
Hi
Many thanks for your patience dedication and availability an not the least for responding.
I am currently on the tp link forum to clarify what is transmitted over the powerline and how could i use that information.
One on the main question is how the powerline read and uses the information it carries and how would identify a pc connected to the powerline and belong to a vlan. I may be fishing here. will see
as i said this for me is a massive learning which i am happy for see to fruition. I will now use baby steps and implement further development once i will feel comfortable that all that is done so far works.
agan thank yuo it is greatly appreciated
-
Powerline devices usually carry VLAN tags, at least mine do. Two thirds of my house network is over Devolo devices and my VLANs work perfectly.
-
hi
Thank you for this information.
does this mean I can connect a nic port from my dell r710 to the managed switch and then a from a dedicated port on the managed switch, i could develop vlans in opnsene the build the same vlan on the manage switch.
where i am stuck in trend of thought this trend of thought is
If my dell r710 has 4 nic ports I understand that one port connect to my eolo box for the wan
assuming that my main lan ip address is 192.168.1.1
Then i connect a second port to the managed switch. so fa so good. I understand that I can connect my 4 servers to any of the switch port . these servers will be on 192.168.1.1 lan with static ip.
I understand that i should connect a different port on the switch and dedicate it to the powerline adaptor.
so far so good (i still need to learn how to do this in the managed switch). This is where i lose the plot
I need that traffic from all my pc connected to the powerline be on lan 192.168.1.1 Fine so far. now i develop a vlan called IOT for the IOT in opnsense and on the managed switch. This vlan address would look like 192.168.53 .1
The i develop a vlan called wifi for the AP i would give an ip address like 192.168.20.10
so i should have the following interfaces once i added them all on interface network
WAN XXX.XXX.XXX.x
lan 192.168.1.1
iot 192.168.53.1
wifi 192.168.20.10
great now i have configured my network environment Now i connect the lan port to the managed switch. fine.
Now i would have to dedicate a ports on the switch. fine
I connect this port to the powerline fine . now i'm lost.
Do you mean that in your case the powerline will provide the necessary information that would enable opnsese to identify the vlan and the lan IP coming from the powerline that would allow me to build rules in opnsense to allow , block or restrict access.
if sow wow this would make my day and entice me to move forward
Many thanks fo your message
-
Image the powerline as just a piece of network cable, it's a link between point a and point b, it's network address agnostic ( unless it has a management interface for wifi ). So you have a big managed switch in the loft; 24 ports. Two of those ports need to be set to trunk, or tagged, it varies what they call it depending on the switch make.
One of those connects to a port on OPNsense that carries all the VLANs, or, if you have ports to spare on your OPNsense router you could do all the VLAN tagging in that big switch. So there are two ways to do it that. The other connects to the powerline, the powerline is now carrying all the vlans. Now for the other powerline adaptors you connect those to small 5 or 8 port managed switches, again the powerline as it's carrying ALL the VLANs connects to the tagged or trunk port of the switch, there is no specific port, you just select one and set it up to be trunk. The other ports you configure as untagged with VLAN number you set in the main switch or OPNSense. So wherever you are in the house, with a cheap little managed switch you can access any LAN segment.
Does that make sense..
-
Image the powerline as just a piece of network cable, it's a link between point a and point b, it's network address agnostic ( unless it has a management interface for wifi ). So you have a big managed switch in the loft; 24 ports. Two of those ports need to be set to trunk, or tagged, it varies what they call it depending on the switch make. Hi this is what i do not understand If i have 2 trunks do i need to connect i trunk to one powerline and the other to a different powerline? can 2 trunks be assigned to the same port?
One of those connects to a port on OPNsense that carries all the VLANs, or, if you have ports to spare on your OPNsense router you could do all the VLAN tagging in that big switch. So there are two ways to do it that. The other connects to the powerline, the powerline is now carrying all the vlans. Now for the other powerline adaptors you connect those to small 5 or 8 port managed switches, again the powerline as it's carrying ALL the VLANs connects to the tagged or trunk port of the switch, there is no specific port, you just select one and set it up to be trunk. The other ports you configure as untagged with VLAN number you set in the main switch or OPNSense. (ftp://it's carrying ALL the VLANs connects to the tagged or trunk port of the switch, there is no specific port, you just select one and set it up to be trunk. The other ports you configure as untagged with VLAN number you set in the main switch or OPNSense.) So wherever you are in the house, with a cheap little managed switch you can access any LAN segment.
I do have ports to spare on my r710 as i mentioned the 4 ports (in my head) are as follows:
port 1 my wan
port 2 my lan 192.168.1.1
port 3 is free
port 4 is free
I would buy a primary managed switch of 12 or 24 ports (any recommendations?)
so if i understand correctly i would assign to port 3 my vlans and connect this port to the switch or do i assign the vlans to port 2
I understand that within the switch there are Trunks to assign to ports (however i have not learned that far yet)
your recommendation of getting a small 5/8 port managed switch for the living room and the home theatre, (great) connect one port of these switches to the powerline and one port to the AP (to manage the wifi) and the other ports to the devices . or should i have a separate powerline for the AP (this I can do), but all connected to the powerline in the loft
Thank you it is becoming much more clearer and doable
Does that make sense..
-
OK, so let's do a little configuring.
So you need a 24 port switch, probably not, an eight port in the loft is probably enough.
Port 1 - Trunk - To Powerline
Port 2 - Trunk - To Opnsense VLAN - Main, VLAN IoT, VLAN - Guest Wifi
Port 3 - To Server - Untagged - port set to handle VLANx
Port 4 - Spare
Port 5 - Spare
Port 6 - Spare
Port 7 - Spare
Port 8 - Spare
Lounge - 8 Port Managed Switch
Port 1 - Trunk - From Powerline
Port 2 - Trunk - To WAP ( Not your AC87, sell it! ) TPLINK EA235 or similar that handles VLANs, Ubiquiti also do them. The TP Link ones are much cheaper and work well.
Port 3 - VLAN - Main LAN
Port 4 - VLAN - Main LAN
Port 5 - VLAN - Main LAN
Port 6 - VLAN - IoT
[/size]Port 7 - VLAN - IoT
[/size]Port 8 - VLAN - IoT
Other areas, repeat as required.
It's really pretty simple once you get your head around it.
-
how can i thank you for your help . it is greatly appreciated.
amazing and all of this requires 1 port on opnsense, thank you very much for taking the time to explain this to me so clearly.
Now i have a roadmap to follow
I have an opportunity to buy a cisco c2960 managed switch with POE and gb speed. this to me sound alright. what do you think?
-
Overkill. Check your local ebay and look for these
https://www.ebay.co.uk/itm/D-Link-DGS-1100-08P-8-Port-Gigabit-PoE-Smart-Managed-Switch-64W-PoE-Fanless/233624010758?hash=item3665138006:g:f~AAAOSwnKJe7Nbn (https://www.ebay.co.uk/itm/D-Link-DGS-1100-08P-8-Port-Gigabit-PoE-Smart-Managed-Switch-64W-PoE-Fanless/233624010758?hash=item3665138006:g:f~AAAOSwnKJe7Nbn)
or the 1210s, cheaper and do the job perfectly. Dlink switches are fine, TP Link managed switches avoid like the plague.
wh
-
thank you for the feedback
the cisco is only £50 this is why i was considering it I looked at the tp-link ae235 could not find any information on it . However i did come across of the the 245 model and from the looks of things it would be way better than my ac87u
now the only thing i need to do is wait for the new motherboard and psu to start the implementation. hopefully this will happen early next week. can't wait
thank you
-
hello all
can you please confirm that i am on the correct path with my configuration. Please have patience with me between yesterday and today i watch 10 hours of youtube on this subject (please have pitty on my i'm old and i do not assimilate as i used to).
Here goes
On my dell r710 which as i mentioned has 4 nic ports. Im thinking of assigning them in the following way
port 1 wan XXX.XXX.XXX.X.X it need to configured as ppoe because i need to insert username and password for eolo to have access to the internet
port 2 LAN 192.168.1.1
port 3 WIFI 192.168.2.1
port 4 IOT 192.168.1.3.1
I could probably all have them terminate on pot 2
configure 3 vlans
vlan 1 10 my home assigned to port 2
vlan 2 20 wifi assigned to port 3
vlan 3 30 Iot assigned to port 4
in the main switch create 3 trunks
trunk1 vlan10
trunk2 vlan20
trunk3 vlan30
They will all be pointing to 1 trunk to which I will connect the powerline in the loft
my 4 serves will connect directly to the main switch
the loft powerline will be connected to a local powerline to which a computer will be connected and will have an ip of 192.168.1.xxx
The loft powerline will also connect to a local powerline which be connected an other manage switch
in that manage switch i will need to configure
3 vlans
vlan 10 will be assigned to port 1 on the switch to which the HTPC will be connected
vlan 20 will be assigned to port 2 on the switch to which i will connect an AP for guests
valn 30 will be assigned to port 3 on the switch to which i will connect the TV
i believe that if we take a very high view of this configuration this should work.
I still need to better understand the vlans assignments to ports, a better assignment of the ip ranges and how the demarcation between home and guest is transmitted to opnsens from the AP level.
Thank you for spending your valuable time on this matter.and responding it is trully apprriciated
-
Why are you putting the server on the WAN? Its not a firewall and is not secure. Opnsense connects to the WAN, everything else is on the LAN side of Opnsense.
-
sorry i i was not clear
the dell r710 (hosting opnsens) will have nic 2 connected to the eolo box Is this not the wan?
the dell r710 connects top a manage switch and the servers are connected to that managed switch as is the loft powerline
sorr for any confusion
-
Ah, ok my bad, you're running opnsense as a VM, yes thats ok.
-
hi just to clarify
i will not run opnsens on a vm. in my case i do not see the use case for it plus its is one more thing to learn and for now i have my plate full with opensense..
In your opinion pointing the vlans on opnsens individually to their own nic does it add additional issues or does it simplify it?
In the main switch in your configuration
you pointed all vlans to one trunk and a separate trunk to connect to the powerline
should all valns be assigned to the same port of the powerline?
-
The Dell r710 is a poweredge server, is it your intention to run Opnsense 'baremetal' on that? If so it's a massive overkill.
-
hi
yes.
its as huge overkill. I bought this with the intention of developing a more robust redundant freenas serve to replace the freenas serve built on an old desktop.
once the opensense i well up and running I plan to install opnsense on a 1U server with 1 cpu and 16gb ram and replace the ac87u .
Good news my power supply and new Dell mb will arrive on monday which will allow me to start installing and configuring opnsense.
following your direction I am designing the network on paper .
I am on ver 3. I am adding ip addresses as i am going along and documenting the steps i will need to take to accomplish this. so when the time comes i will be ready.
i am still struggling to understand with your configuration you supplied here above
In the main switch in your configuration
you pointed all vlans to one trunk and a separate trunk to connect to the powerline
should all valns be assigned to the same port of the powerline?
in addition i will have 3 pc wired directly to a powerline will they be part of the main lan (192.168.1.1) or will tyhey be part of Vlan 10
-
Powerlines are just transmission devices, they carry everything, so yes whichever switch port connects to a powerline device is a trunk port. Wherever you have a powerline device you will need a managed switch connected to it.
-
thank you very much for the this clarification
Thanks to your patience and help i confirm my choice of opnsense.
I will then need to buy 3 more 4 port manage switches one foe each of the other rooms. could this not be achieved by setting the ip address of each laptop directly connected to a powerline to a static IP . then once the main switch sees its connection it will know what to do with it.
so if i am using my laptop in my bedroom i could assign it a 192.168.1.101 ip address and the switch would recognise it as part of my private lan?
-
If you also pass an untagged LAN then yes, but it starts to defeat the whole point of using VLANs. What you cannot do is just connect a PC to trunk and give it an IP in one of the VLANs, that will not work.
What you could do is check to see if your laptop allows you to set a VLAN ID on the network interface properties. On windows you can find that by going to the properties of the network adaptor, where you would set the IP, you'll see a button there for 'Configure', that opens a new window. Select the 'Advanced' tab and see if there is a setting in the properties list for VLAN ID. If there is then you can set that to the VLAN you wish to use and you're done. It also allows you to switch between VLANs, I use it to test my trunks and VLANs are working correctly.
(https://i.ibb.co/xD2svnX/nic-properties-PNG.png) (https://imgbb.com/)
(https://i.ibb.co/BCCwZdj/properties.png) (https://imgbb.com/)
-
thank you for this directive
I have checked my laptops (and because they are old) i do not have a VLAN ID option. however i do have a priority and vlan. clicking on this i have the option of priority and vlan enable, priority and vlan disable. vlan enable
and priority enabled.
i would agree that passing an untagged lan would work. if i think closely to what you are saying it seems to me that i have 2 options.
to a untagged port i would connect one powerline for all my home network
and to a trunk an additional powerline for the vlans then the local managed switch will identify the untagged connection and the vlan connection. i would then assign the port on the local manage switch for that vlan
However, come next week i will install opnsense on the r710 configure it with lan on port 2 of the dell and connect that port to the main managed switch and leave everything as untagged and connect all the servers i have to that switch. and connect a powerline. This would replicate what i have today.
then i would replace the ac87u with and AP
step 1 connect all i have today with 1 ssid
step 2 build a gust network with a second ssid, develop a vlan for the wify and point this vland to the 2 powerline.
so essentially i would have 2 powerline connected to the main switch and for all those pc attached directly to the local powerline.
In this case all iot devices will either be connected to wifi or to a pc that is on a local managed switch and they will not be able to access the untagged network devices.
I truly believe that there is a simpler way to do this. in designing ver 3 of my possible network i come to realise that only 2 devices will be connected by wire to the network. my home automation unit this will be part of the iot and be connected to the main switch so in this case i could build a vlan for ito and assign the vlan to a port on the switch and connect the home automation device to that port. would it not be simpler to just connected to the untagged port and build a rule to control the access from that port. the other device which will be my denon av amp (used only as a preamp) and that will be connected to the local managed switch
once again thank you
-
As I explained before, you cannot prevent a device with an address on a LAN segment from accessing another device on the same LAN segment, if they are within the same address/mask range they will be able to talk to each other without going via the firewall.
-
yes i agree with you however i read that if i put on the main switch a powerline on a untagged port and a second powerline on a trunk hosting the vlans the powerline effectively will consider this having 2 seperate networks
I wrote to d-link forum to ascertain that if i have my local laptops connected to their local powerline with their IP belonging to my private lan.
the main switch should be, once it receives the communication (regardless of the receiving powerline), to identify the sending IP and the sending mac address. from the packet and route it to the right destination based upon the rules for that ip address (or mac address)
The alternative is to put all vlans on one trunk connect to that trunk the powerline and the the end of any powerline install a small manged switch. I would really prefer to avoid this because one of the laptops is in my room and the other in what was a barn that i converted into a summer kitchen and outdoor dining. This laptop only serves to play music when we are eating or drinking outside (like tonight)
-
hello all
i spent the last week fixing the server that arrived damaged. Now its up and running and i installed opnsense on it.
I spent a lot of time designing on paper what my lan. After reading documents and youtube videos I would look like to know if my version 8 i which i wanted to upload my drawing to this message (because a picture equals 1000 words) to no avail because its too large. I also posted on forums for tp link d link and netgear but no response from them.
to recap
i would have
my main lan 192.168.1.x To Connect all my computers and servers
Vlan 20 192.168.2.x to connect my 2 APs
Vlan 30 192.168.3.x to connect my IOT
I will assign vlan 20 vlan 30 and main lan to a port in opnsens connect this port to the loft main smart switch
In the Loft main smart switch I build the same vlans.
to on trunk on the switch i assign vlan 20 vlan 30 and main lan to this trunk i will connect the powerline
to an other port on the managed switch I assign Vlan 20 and valn 30 (to connect the AP) which will have Home and guest networks and i will also assign to the guest network to the wireless projector. Here i still have my doubts.
to an other port on the managed switch i assign vlan 30 *to connect my home automation solution)
to an other port on the managed switch (this will be untagged) i will connect my servers (192.168.1.x) via a switch
now to the powerline connected to the loft smart switch i connect
1 pc via powerline in the office (192.168.1.x)
1 pc via powerline in the bedroom (192.168.1.x)
1 pc via powerline in the barn (192.168.1.x)
Living Room
1 powerline connected to local managed switch which has vlan 20 assigned to a port to which i connect an additional AP, vlan 30 assigned to a port to which i connect the tv and to an un-tagged port i connect the local HTPC
Home Theater
1 powerline connected to local managed switch which has vlan 30 assigned to a port to which i connect connect the Denon and to an un-tagged port i connect the local HTPC
I hope this is clear enough to allow you to please provide me with your opinion or recommendation on this design.
I thank you all in advance for all the help you are providing me