1 FW. 1 LAN. 1 Switch. 1 AP. Easiest possible setup. Is it wrong?

Started by DragD, August 29, 2022, 10:41:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 29, 2022, 10:41:31 PM
I'm a newbie with OPNsense and I don't have enough experience with networking. This is what I've got working:

- the ISP provides an WAN UTP cable into the apartment, i.e. no DSL modem or other device
- DEC750:
  - the default WAN interface assigned to the default port 2, get IP from the ISP DHCP. The WAN UTP cable into port 2 
  - the default LAN interface assigned to the default port 1, leases IPs through DHCP
- D-LINK DGS-1100-08V2 switch:
  - factory defaults, only set to get dynamic from DHCP
  - UTP connected to DEC750 port 1, gets IP from LAN
- Asus RT-AC87U Router
  - set to Access Point mode
  - set to get dynamic from DHCP
  - UTP connected to the D-LINK switch, gets IP from LAN
- Wireless devices connect to the Asus RT-AC87U AP and get IPs from LAN
- Wired devices connect to the D-LINK switch and get IPs from LAN

@pmhausen Please, let me know if the above setup is wrong, why and how to set it up right. Thank you!
QuoteBut please forget this "firewall in fron of router" nonsense. Which it is.
August 29, 2022, 10:59:09 PM #1 Last Edit: August 29, 2022, 11:03:50 PM by pmhausen
This looks exactly as it should be. Now what was your problem again?  ;)

Seriously

- OPNsense connected to ISP
- OPNsense in charge of LAN, DHCP etc.
- Some more or less arbitrary switch connected to LAN
- A wireless AP connected to that same LAN

is exactly how I would set up my network if I had that same hardware as you do. The Asus router stops being a router when you configure it to "AP mode". OK, that's a guess, I don't know that product. But "AP mode" is sufficiently self evident. So this Asus thingy is now not a router but a bridge and OPNsense is in charge of everything related to layer 3 (IP).

Good. Unless you have a reason to change anything, just don't, and enjoy.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 30, 2022, 12:40:56 PM #2
Thank you for the confirmation, @pmhausen!

There is no problem. I just got confused by your comment from another thread:

Quote from: pmhausen on August 25, 2022, 01:54:43 PM
But please forget this "firewall in fron of router" nonsense. Which it is.

And yes, the Asus router stops being a router in Access Point mode.

The things I'm going to change are the FW rules and other configuration. Still, I'll keep the topology as it is.
August 30, 2022, 12:49:16 PM #3
That other person insisted on using a wired router with two interfaces behind their OPNsense and a separate AP, too. I don't understand why, but then I don't need to.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions