How to know, detect or set IPv6 addresses for firewall use ?

[GiantJack]

Ahah just tried VLANs, seems working fine and pretty simple setup 

I made a guest AP on a openwrt device (just wifi AP bridged with eth0.11 for vlan 11).
No DHCP, no firewall rules on WRT, just an "unmanaged" interface.
Then all firewall & dhcp is managed from opnsense.
Looks much more simple than my previous IP management!

I don't have any managed switch except the openwrt device (with the port connected toward opnsense tagged vlan 11).

I have an unmanaged dumb ethernet switch in between.

Something like this (I hope my drawing is not too bad  )

Code: [Select]

[OPNsense LAN/VLAN]-----[unmanaged switch]-----[LAN/VLAN openwrt   VLAN]-----Y wifi guest AP
[_________________]     [                ]     [____________________LAN]-----Y wifi private AP
                        [   Netgear      ]
                        [  GS316-100PES  ]
                        [                ]---other LAN devices
                        [________________]---   ....


[marjohn56]

If you are in the UK, there's a DLInk-DGS1100-05 for sale on ebay for 19.99 or CCL are selling them for £25, only 5 ports but will do the job perfectly for your needs. You can always add more switches and powerline devices later to make your network more advanced.


Might even buy myself a couple at that price to keep as spares!


Check this thread, I posted a map of my network a while back.


https://forum.opnsense.org/index.php?topic=15232.msg70211#msg70211

[GiantJack]

ahah I just discovered that I had a GS108E & GS105E (a little old) from netgear.
Both are manageable!
I never used the management before and used them as unmanaged switches (mostly because on those ones it needs a windows software and when I bought them there was no windows pc at home).
So, one or 2 days ago I "managed" them for 1st time et setup some vlan.
It works perfectly!
It's a much easier solution than my previous setup: AP side is basically an umanaged bridge of VLAN interface & wifi AP (setup ~2minutes on openwrt)...then all dhcp & firewall at same place in opnsense.

[GiantJack]

updated working setup, just in case someone would be interested:

Code: [Select]

[OPNsense LAN/VLAN]-----[ managed switch ]-----[LAN/VLAN openwrt   VLAN]-----Y wifi guest AP
[_________________]     [                ]     [____________________LAN]-----Y wifi private AP
                        [   Netgear      ]
                        [  GS108E        ]
                        [                ]---other LAN devices
                        [________________]---   ....