Good day. I searched for an answer in the forum but cannot find an answer, maybe because I'm not using the correct terminology so apologies in advance if this has been asked prior. I hope someone can help a newbie home user with the following:
Is it possible to have the following configuration using 3 separate NICS
Lan1 (10gbe SFP) - wired devices using range 192.168.1.1 - 192.168.1.50
Lan2 (2.5gbe Copper) - connected to wireless AP using range 192.168.1.51-192.168.1.100
Lan3 (2.5gbe Copper) - feeding wired device using range 192.168.1.101-192.168.1.102
Reason for doing this is I don't want to add a separate switch for my 2.5gbe devices. I currently have a 1gbe/10gbe switch that isn't compatible with 2.5gbe. In addition, I need all the devices to be able to talk to each other, IE a tablet on wireless can talk to a wired printer.
Thank you for your help.
Short answer: no.
Longer answer: each interface needs its own network - a so called "broadcast domain" or "prefix".
So while it is perfectly possible to use three interfaces to isolate different classes of devices, each interface needs its own network/broadcast domain/prefix.
E.g.
Lan1 - 192.168.1.x
Lan2 - 192.168.2.x
Lan3 - 192.168.3.x
That's simply how IP works.
HTH
Patrick
Patrick,
Thank you for your help, I do appreciate it.
One quick question, since I have to use the following config, will the devices be able to talk to one another, IE 192.168.1.x with 192.168.2.x? If not, is there a way to accomplish my goal without adding a switch? Thanks again.
Lan1 - 192.168.1.x
Lan2 - 192.168.2.x
Lan3 - 192.168.3.x
The devices will be able to talk to each other if your OPNsense has got an IP address in each of these networks, the devices receive the proper default gateway for the network in question via DCHP, and firewall rules on each interface permit them to talk.
Thank you for your help. Will give it a go this weekend. Take care.
Quote from: pmhausen on February 22, 2023, 09:44:39 PM
Short answer: no.
Longer answer: each interface needs its own network - a so called "broadcast domain" or "prefix".
Lan1 - 192.168.1.x
Lan2 - 192.168.2.x
Lan3 - 192.168.3.x
HTH
Patrick
Is it possible to access the same opnsense gui by both 192.168.1.x and by 192.168.3.x ?
For example I already access by Lan1 192.168.1.x (as set in the setup wizard)
But I also want to access by plugging into physical interface 3 aka Lan3 and I can use https://192.168.3.1 (or https://192.168.1.1) to access the same guy?
Quote from: wotcha on March 01, 2023, 06:06:31 PM
Is it possible to access the same opnsense gui by both 192.168.1.x and by 192.168.3.x ?
Yes, sure - why wouldn't it? As long as there is a firewall rule on that interface permitting the traffic.
HTH,
Patrick
You can access it via 192.168.3.1 provided that it is allowed per firewall rules. For 192.168.1.1, you will need firewall rules and routing in place (i.e. the devices on Lan3 must have 192.168.3.1 set as gateway for at least 192.168.1.1).
If the sole purpose of this is to use existing OpnSense ports instead of buying a switch, you could configure a LAN bridge and only one subnet.