Issues with migration to OPNsense setup

Started by Sclaud, December 12, 2023, 06:57:48 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 12, 2023, 06:57:48 PM
Hi all.
My existing setup: 1 x Tp-link ER605 with 1 WAN connection (1Gb PPPoE) on WAN port; 1 x UniFi USW-Lite-8-PoE on one LAN port; 1 x UniFi USW-Flex-Mini on another LAN port and 1 x AP Unifi U6 Pro on another LAN port. Setup also include 1 x UCK G2 Plus connected in one port from UniFi USW-Lite-8-PoE.
Existing vlans: MGMT (with all router, switches, AP and cloud key MGMT IP addresses), admin vlan 10 with trusted devices, IoT vlan20 with IoT devices, DMZ vlan 40 with some servers, guest vlan ... all distributed among this unifi devices (wireless and wired).
Because of security reasons (IDS/IPS firewall etc) I want to migrate existing Tp-link ER605 -> to one OPNsense box. For this purpose I aquire one Hunsn RJ38 box with 16Gb ddr5 and 250 Gb NV2 storage.
So far so good - my fault was that I did not read enough before - in order to prepare for this migration.
In my mind I never though that my biggest problem would be the fact that: this minipc's are not switches !
So my initial ideea, to connect existing switches + AP to one of each 2.5Gb intel ports from Hunsn RJ38 box goes very wrong from the begining.
I found out that the ideea of trunking some vlans on each LAN interface from this box its not so easy because basicaly each of this physical interface its basicaly a layer 3 interface with his own IP subnet behind.
After reading more today I found out a posible solution with concept of LAN bridge but also this solution its not recomended (even by OPNsense - https://docs.opnsense.org/manual/how-tos/lan_bridge.html).
So please if you have any ideea - how can I replicate my existing setup in a way simmilar on this OPNsense box - please give me some ideeas.
Thanks
December 12, 2023, 09:40:40 PM #1
Don't be scared of bridges, the most important is that you understand it's not a "normal" interface. The second sentence of your link says:

QuoteThat being said, if the CPU is fast enough then it will easily cope with the extra load placed upon it by the bridge.

So if you aren't a "High Frequency Trader" or guiding rockets to Mars nothing prevents you from using a "software" bridge. If your use-case really suffers from software switch performance, 5 port "hardware" switches start at $9.99
Print
Go Up Pages1
User actions