I think it would be nice (and useful) if OPNssense had a topology view somewhere.
For example you could use a description linked to the MAC address / DHCP lease and build a table that describes the topology and what is connected to what.
Would this be interesting? I think it can be very useful for both small and larger networks, it could also be expandable with links to firewall rules, traffic stats, etc....
+------------+------+----------+---------------------------------+
| The ether | WAN | OPNsense | Switch48p_VLAN1 |
| | | +--+------------------------------+
| | | | | LAN |
| | | | +--+---------------+-----------+
| | | | | | server01_file | |
| | | | | +---------------+-----------+
| | | | | | server02_www | |
| | | | | +---------------+-----------+
| | | | | | workstation01 | |
| | | | | +---------------+-----------+
| | | | | | workstation02 | |
| | | +--+--+---------------+-----------+
| | | | Switch48p_VLAN2 |
| | | +--+------------------------------+
| | | | | OPT1_PUB |
| | | | +--+---------------+-----------+
| | | | | | server03_file | |
| | | | | +---------------+-----------+
| | | | | | server04_www | |
| | | | | +---------------+-----------+
| | | | | | server05_ftp | |
| | | +--+--+---------------+-----------+
| | | | Switch48p_VLAN3 |
| | | +--+------------------------------+
| | | | | OPT2_WIFI |
| | | | +--+---------------------------+
| | | | | | rpi_ap1 |
+------------+------+ | | +---------------+-----------+
| Cosmos | WAN2 | | | | | Cellphone |
+------------+------+ | | | +-----------+
| Multiverse | WAN3 | | | | | Laptop |
| | | | | +---------------+-----------+
| | | | | | rpi_ap2 |
| | | | | +---------------+-----------+
| | | | | | | Guest01 |
+------------+------+----------+--+--+---------------+-----------+
There are tools available which can do this, to run them on OPN would be overkill :(
Quote from: mimugmail on April 21, 2020, 05:58:11 AM
There are tools available which can do this, to run them on OPN would be overkill :(
And exactly why would this be overkill?! If you can disable and/or set a polling interval it should not consume much resources.
Besides - OPNsense is made to be extended right?
What other tools can easily achieve this?
It's a job for network managment and monitoring systems. They usually search arp tables, lookup cdp and lldp via SNMP to create network maps.
A firewall should not scan your network. It should protect it.
Quote from: waxhead on April 21, 2020, 01:47:19 PM
Quote from: mimugmail on April 21, 2020, 05:58:11 AM
There are tools available which can do this, to run them on OPN would be overkill :(
And exactly why would this be overkill?! If you can disable and/or set a polling interval it should not consume much resources.
Besides - OPNsense is made to be extended right?
What other tools can easily achieve this?
LibreNMS or Netdisco e.g. but they have too many dependencies to run inside OPNsense
Somebody who has so many devices, that he needs a tool for topology mapping, should be able to afford a dedicated server for this tool easily.
Netdisco really rocks. I use it a lot to lookup mac addresses and like the history function for former connections.