right now I am running a "firewall on a stick" setup with a cable modem connected to the WAN port of my OPNsense machine (Intel NUC) and a managed 8 port switch connected to the LAN port (Netgear GS308T).
I have VLAN for my general wifi devices (VLAN20) that are all connected to a wifi AP (which is connected to a certain port on the switch).
Additionally I have a separate VLAN for IOT devices (VLAN30). Since many of them are also wifi devices I am using the feature "Mac based VLAN" in the Netgear switch to assign the VLAN30 tag to devices that would otherwise get the VLAN20 tag from the corresponding switch port.
The idea that I am developing currently is to replace the NUC and the switch with a 2-in-1 device like this Protectli Vault with 6 nics. https://eu.protectli.com/product/vp4630/
How would I implement the "mac based vlan" feature in that case? Since I wouldn't have a dedicated switch anymore I would assume that I can control this via OPNsense but I don't find the corresponding options in the OPNsense gui.
It should be possible to use 802.1x features in conjunction with Freeradius but in that case all of the client devices would have to support 802.1x which is not the same thing as the simple mac based vlan from my current Netgear switch (this comes without any need for Radius authentication).
But my goal is to reduce the number of network devices to a minimum. So bottom line, I want to separate wifi devices into two VLANs by only using a "dumb" access point (Netgear Orbi) attached to the mentioned Protectli Vault.