Hey people!
I've started playing with OPNsense and I like it a lot so far. I'm wondering what is the best way to achieve the following scenario for wired devices:
When a device gets plugged in anywhere:
- Trusted devices (by mac address?) get assigned to a "Trusted" vlan
- unknown devices get assigned to an "Untrusted" vlan
Thanks for any insight into the matter!
B.
Freeradius Plugin, enable vlan assignment, add User where User AND pw is mac address, enable vlan assignment in your switch. Thats it
Thanks for your answer, much appreciated!
Is there some kind of logic flow behind the assignment of IP addresses?
For example, considering the same switch port that passes all available networks:
Port X serves:
- trusted vlan (192.168.99.1/24)
- untrusted vlan (172.16.0.1/24
- management lan (untagged) (192.168.1.1/24)
If I plug in a device in that switch port, how does the logic flow work to see where it goes? Does it go like this:
1) check Radius for an account, if it finds one -> trusted vlan
2) if it doesn't have an account on Radius -> check other networks
3) if DHCP reservation in mgmt lan, it's probably a switch or AP -> mgmt vlan
4) if no DHCP reservation -> untrusted vlan
I'm sorry if that's completely off the mark. I'm trying to have a system where you can plug your device in anywhere on any (managed) switch and never end up on the wrong network, if that's even possible.
B.
I've found what I'm looking for and it seems to be a function of the switch or AP: Fallback/Guest VLAN.
So if Radius says no and that device doesn't get assigned the Trusted VLAN, it gets put on the fallback VLAN.
I should be able to make this work now. Cheers for the pointers!