Assigning Clients to DHCP Pools by MAC Address

Started by Pocket_Sevens, August 02, 2020, 07:46:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 02, 2020, 07:46:29 PM Last Edit: August 02, 2020, 08:26:27 PM by Pocket_Sevens
I hope this is in the right thread; apologies if not.

I have a friend that has a mesh router and he's connected all of his devices to it (IoT and computers/iPads/etc.).  He wants to separate IoT devices from his home devices; however, his Mesh router will not allow for multiple VLANs or SSID's.  I'm thinking we could put his Mesh Network into AP mode, put his IoT devices on the 2.4GHz network and all of his home devices onto the 5GHz network. 

There's still the problem of separating the devices.  Is it possible in OPNsense to separate the devices into DCHP pools or different VLANs by MAC address?  E.g. if the MAC addresses are X, Y and Z, put on this DHCP pool (or VLAN); all else defaults to the other DHCP pool (or VLAN)?  Then, have firewall rules so that one set of devices cannot talk to the other?  (Bonus question: can we set it up that the IoT devices can only talk to the internet and not each other?)

I'm only thinking DHCP pools or VLANs because I'm most familiar with those.  If there are other alternative methods, I'm definitely open to them - all I ask is be patient with me as I ask more noobish questions.   :)

Thanks.

—EDIT— I think I just figured it out: static IP mappings by MAC address. Would that work?
August 03, 2020, 01:59:47 AM #1
My limited knowledge tells me that one can reserve IP addresses through full (not partial/prefix) MAC addresses. I am not competent enough to participate in any VLAN discussion but each DHCP server must always have non-overlapping address pools.

Kind regards.
August 03, 2020, 09:20:35 AM #2
Quote from: Pocket_Sevens on August 02, 2020, 07:46:29 PM
I hope this is in the right thread; apologies if not.

I have a friend that has a mesh router and he's connected all of his devices to it (IoT and computers/iPads/etc.).  He wants to separate IoT devices from his home devices; however, his Mesh router will not allow for multiple VLANs or SSID's.  I'm thinking we could put his Mesh Network into AP mode, put his IoT devices on the 2.4GHz network and all of his home devices onto the 5GHz network. 

There's still the problem of separating the devices.  Is it possible in OPNsense to separate the devices into DCHP pools or different VLANs by MAC address?  E.g. if the MAC addresses are X, Y and Z, put on this DHCP pool (or VLAN); all else defaults to the other DHCP pool (or VLAN)?  Then, have firewall rules so that one set of devices cannot talk to the other?  (Bonus question: can we set it up that the IoT devices can only talk to the internet and not each other?)

I'm only thinking DHCP pools or VLANs because I'm most familiar with those.  If there are other alternative methods, I'm definitely open to them - all I ask is be patient with me as I ask more noobish questions.   :)

Thanks.

—EDIT— I think I just figured it out: static IP mappings by MAC address. Would that work?

The proper way to do this is to assign SSIDs to specific VLANs this way separating traffic and networks, run separate DHCP servers from OPNSense on those VLANs each with their own MAC/IP reservations which will be available for you to make through GUI. Afterwards if you want to have some kind of communication between those networks you will need mDNS/Avahi. Good luck!
Print
Go Up Pages1
User actions