OPNsense Forum
English Forums => Tutorials and FAQs => Topic started by: kagbasi-wgsdac on August 23, 2019, 09:00:08 pm
-
Hello folks,
I'm new to OPNSense and I'm loving every bit of it. Trying to setup a small network for my church and I'm running OPNSense version 19.7.2 on this 6-port Firewall Appliance (https://amzn.to/2KT7kw5).
My setup calls for a Wireless network which I've currently connected by simply plugging the APs into a switch on my LAN. Ideally, I want to put all the APs in their own switch, and then connect that switch up to an available interface on my OPNSense box. The goal is to keep the Wireless Network separate and on its own VLAN.
Is this possible to do in the way I'm envisioning it? If so, can someone please point me in the right direction? I would very much appreciate it, thank you.
-
See link below. Info is in docs. https://docs.opnsense.org/manual/how-tos/guestnet.html
-
Thanks, I will definitely go through the official documentation that you've pointed me to.
The problem I'm running into, though, is not the setup of the Guest Network per-say. But rather, the VLAN. It seems after I create the VLAN and assign it to a physical interface then create a DHCP pool on it, for some strange reason, the inbound DHCP Request (i.e., 0.0.0.0:68) is getting blocked by the "Default Deny All" policy. I've done everything I know to do but can't seem to get past this - I must be missing something.
-
Thanks, I will definitely go through the official documentation that you've pointed me to.
The problem I'm running into, though, is not the setup of the Guest Network per-say. But rather, the VLAN. It seems after I create the VLAN and assign it to a physical interface then create a DHCP pool on it, for some strange reason, the inbound DHCP Request (i.e., 0.0.0.0:68) is getting blocked by the "Default Deny All" policy. I've done everything I know to do but can't seem to get past this - I must be missing something.
Are you using a managed switch ? If so, the uplink and downlink interfaces will need to be tagged. If port 1 is connected to your OpenSENSE router from switch, add VLAN tag to interface. If port 2 is connected to your AP from switch, add VLAN tag to interface.
-
I added an attachment to my previous post. I have a managed Netgear switch at home. Port 1 is connected to my firewall and port 2 is connected to my access point. As such i tagged port 1 to allow ALL VLANs on port (mainly because i do a lot of testing) and port 2 to do the same. So all VLANS defined on the firewall will be passed to my access point. My VLAN network for WIFI is on VLAN 2.
Since i use an UNIFI AP, i have to go into the Wireless settings for the SSID i want to assign to the VLAN and update the network setting to connect to VLAN 2 for that particular SSID ( see attached screenshot).
-
So do you have this working or not? I can't tell from the last post. I have OPNSense and Unifi with 4 wireless VLANs no problem. Also a NetGear Smartswitch, but I am using 802.1Q VLANs instead of port-based. Should be pretty much the same though.
It sounds like you have it right: your firewall and AP ports need to be 'trunked', or all the VLANs tagged, as it sounds you did. Are you really seeing that as an error on the OPNSense?
One thing I notice is that I don't have 'Block LAN to WLAN multicast & broadcast...' checked on my UniFi SSIDs. Try unchecking that and see what happens. That may be blocking something.
edit for clarity: Was misreading the more detailed info. To OP, do you have this working, and what about more specific details from your setup including AP and switch type? I was misreading the Netgear and Unifi comments from other poster.
I concur have this working with Unifi AP and Netgear SmartSwitch, but have also setup VLANs on Cisco Catalyst devices as well as small smartswitches from TP-Link and Linksys. All of them can successfully tag and/or trunk to support multiple VLANs.
My home setup includes OPNsense with a single internal Gig link trunked with 8 802.1Q VLANs: 4 for wired networks and 4 for wireless. All the wireless is running on Ubiquiti Unifi controller and APs. Traffic goes from OPNsense > Cisco Catalyst > Netgear > APs.