MAC limiting

[New2Opn]

Can MAC limiting be accomplished with OPNsense? (It's my understanding MAC limiting is different than MAC filtering).

[netnut]

What are you trying to achieve? MAC learning and limiting is normally a switch port feature, even better you can use MAC filtering to limit MAC's ;-).

You can configure a bridge with OPNsense which is basically a (software) switch, but if you looking for features like MAC filtering, Port Security, DHCP Snooping and other stuff you should use a hardware switch. Common is to use a firewall (like OPNsense) with a fast (10Gb / 25Gb) LAGG to a switch where you configure all your port security features.

[New2Opn]

Thanks for your comments. 

I am not using Opnsense yet.  I am just trying to figure out which features would be best for my network use, and see if they can be done with Opnsense.  I'd like to have some vlans, some firewall rules, and whatever provides similar features as PFsense's PFBlocker, which I believe is Zenarmor (please correct me if I'm wrong). I'm also potentially interested in using a VPN if it won't slow everything too much. It was suggested to me that if I add vlans with a switch, I should also look into adding Mac Limiting, which seems to limit the number of address that can connect to a switch port. I am wondering if vlans can be set up like this in Opnsense.

Please let me know if there are other features you'd recommend for a home set up. Is Suricata recommended for a home setup, or will it be too advanced to monitor, and understand, for the average home Joe with only a very basic understanding of home networks?

[netnut]

Please let me know if there are other features you'd recommend for a home set up.

There's no single home network to rule them all. It all depends on requirements and purpose, would you just like provide some lan/wifi for wife and kids or do you want to learn and experiment with different network technologies.

My only advice would be to dream big and build small. Those big dreams helps to select the right equipment when you start, firewall hardware and switches can be expensive and many times used for >5 years.
After purchase the building start, this will depend on your specific OPNsense and generic network/firewall knowledge. Build in small steps, piece by piece and try to understand what you build.

MAC limiting would be one of my last concerns in a home network ;-). If you want to dive deep into port security, things like Dynamic ARP inspection, IP Source Guard (ipv4/ipv6), ND inspection are far more relevant. Hence the "Dream Big", this requires a more advanced (and more expensive) switch