Guidance on new lan set up

[wbravin]

Hello all

I have been tinkering with OPNsense on or off for the last year.


I have OPNsense running (in a vanilla configuration) as a Proxmox VM on a dell r720 and for learning ant trying it out it runs perfectly.

The R720 is then connected to a managed switch (netgear GS724t) and I will my use 2 older ausus routers as wifi access points. These access points all have guest network access control> simple

I have:
2 servers running truenas
2 PCs
2 HTPC
and 2 tablets (running  Home assistant dashboards)
100mbps service from my IP provider 

No Vlans or anything else for that matter (i'm now learning on how to configure vlans and firewalls rules)

 Now is the time that i will deploy it on my network.

This will mean moving the rack to my loft.


The HTPCs the TV, AMP and the PCs to a new local 2.5 gb switch In 3 rooms)  all swithwes will be connected with 6E directly from the OPNsense environment  (the HTPCs will have new NIC installed)

Since the time i started to learn and tinker with OPNsense technology has advanced to the point that I will take this opportunity to upgrade and improve my LAN environment.

My 2 objectives are:

• increase my lan from 1gb to 2.5 gb for my PCs
• Connect my server with a 10gb connection between them and have a 2.5gb access for the PCS
• Allow remote access to my music (Jellyfin) and document environment (considering Tailscale) for myself and a few others

To achieve this, i will need to add/replace my NIC on the r720, the HTPC and some PCs to allow 2.5 and 10gb lan


My question


If i construct VLANs on OPNsense, do i need to connect OPNsense to a smart switch?


or Can i just connect the r720 to simple switches and then connect all my devices to the local switch




Thank you so much for your patience, guidace and help in this matter

[johnmcallister]

YMMV, try it and see, but be prepared to buy or acquire proper 802.1q-capable switches if the non-802.1q unmanaged switches don't work out.

"...The behavior of an unmanaged switch is undefined for 802.1q tagged frames. Therefore, some switches may pass them without issue, others may not pass the tags, and still others may choke entirely and cause major network issues. The behavior can vary considerably from one switch brand/model/version to another..."

See also: https://forum.openwrt.org/t/problem-with-vlan-trunking-using-unmanaged-switch/162198

[wbravin]

Thank You for your reply

therefore. if i understand you correctly,

Once I change the NIC on the dell to accommodate 2.5 and 10gb connections and build my VLANs on OPNsense

I would then connect my servers to a 10gb lan port  each and this would be VLAN10 for servers
Connect to a 2.5gb port my access points (2) and call this VLAN20
Connect my Managed switch to a secondary 2.5gb port of the OPNsense server this will be Vlan30   

i will need to change my GS724T  to a similar managed switch because it does not have 2.5gb capability and connect Vlan20 and vlan30 assign ports from this switch and via cable connect to regular dumb switches (with 2.5gb) in each room. Then all my devices in this room will connect  to the dumb switch in that room.


My IOT devices and friends will connect to the guest point on my access points   

From a  high level view does this work and  makes sense?

Thank you

Replicate the VLANs on this switch and connect my HTPCs 

Then connect each room