"
I am a recent adopter of OPNsense, so I apologize if this has been discussed already under a different name, and/or if it would be considered outside the scope of OPNsense.
I would like to have a "quarantine zone" where new devices would first fall into a VLAN that has no internet access, then can be assigned a different VLAN which would give them tailored access. My motivation is dealing with client devices that randomize MAC addresses while releasing/renewing IPs. I want different types of clients to have different firewall rules applied to them. With the ability to spoof MAC addresses, it seems like relying on subnet rules makes more sense.
My OPNsense router has a Unifi switch connected to it, which in turn has an Omada AP connected to that. I understand that such a solution probably requires support across the hardware stack, but I am still a bit lost at where to start. Does anyone have any pointers about implementing such a solution?
I would like to have a "quarantine zone" where new devices would first fall into a VLAN that has no internet access, then can be assigned a different VLAN which would give them tailored access. My motivation is dealing with client devices that randomize MAC addresses while releasing/renewing IPs. I want different types of clients to have different firewall rules applied to them. With the ability to spoof MAC addresses, it seems like relying on subnet rules makes more sense.
My OPNsense router has a Unifi switch connected to it, which in turn has an Omada AP connected to that. I understand that such a solution probably requires support across the hardware stack, but I am still a bit lost at where to start. Does anyone have any pointers about implementing such a solution?
