Ok, so new to Opnsense, got my VPN stuff working fine. Now what I'm wanting to hopefully set up is a VLAN for my Smart TVs and other devices to keep my PC isolated from all that IoT noise. Simple enough, but here's the rub: topology.
I currently have my fitlet2 opnsense going to my Nighthawk MR70/MS70 mesh in AP mode. This being a rental house though, everything is carried over that AP and it's acting as a switch. At least I hope it is and not the opnsense. Only wired connections are between the opnsense and the MR70, and the MS70 and my desktop. Opnsense sees all devices when I check my leases. Will I still be able to VLAN just the devices?
You can spread out VLANs via VLAN-capable (i.e. manageable) switches and/or VLAN-capable access points. Among the latter are Unifi and Mikrotik lines of APs, IDK about Nighthawk, but some vendors do "consumer-directed" variants that often lock you in to their infrastructure with limited capabilities.
Quote from: meyergru on April 17, 2025, 05:52:21 PMYou can spread out VLANs via VLAN-capable (i.e. manageable) switches and/or VLAN-capable access points. Among the latter are Unifi and Mikrotik lines of APs, IDK about Nighthawk, but some vendors do "consumer-directed" variants that often lock you in to their infrastructure with limited capabilities.
Looks like I can only do VLANs on my Nighthawk if it's in router mode and not just AP mode.
Then you need a VLAN capable AP.
Options for isolation are:
* Physical with dumb switches and APs.
* Logical (VLANs) with VLAN aware switches and APs.
* A mix, for example, VLAN aware switch and dumb APs (you could reuse your existing HW, but it may not be economically beneficial overall).