Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Guest Network on VLAN or OPT1?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Guest Network on VLAN or OPT1? (Read 3214 times)
jeremiah
Newbie
Posts: 14
Karma: 0
Guest Network on VLAN or OPT1?
«
on:
November 21, 2019, 06:48:35 pm »
Hello,
I want to set up a guest AP using a separate piece of hardware than my LAN AP. My switch and AP are VLAN capable but I want to use one of the two open ports on my NIC since I figure I use them instead of leaving them to gather dust.
Is it possible to set up a new interface on OPT1, one where the traffic is sequestered to that network with zero interaction with the LAN? I want to block access to the webGUI, and to the other functions available on my LAN. With that set up, would I still be able to use unbound to resolve DNS queries on that network?
I did try to find what I was looking for in the documentation but wasn't able to find anything, and I saw these two threads:
https://forum.opnsense.org/index.php?topic=1769.msg6736#msg6736
,
https://forum.opnsense.org/index.php?topic=450.msg1587#msg1587
. They are both very old so I figured I'd ask on here to see if there have been any changes to the way that OPNsense functions now vs. back then.
Thanks!!
Logged
gpb
Full Member
Posts: 234
Karma: 13
Re: Guest Network on VLAN or OPT1?
«
Reply #1 on:
November 21, 2019, 08:32:15 pm »
Generally speaking, VLAN is the better choice for a small network. What's the advantage to building a second physical network when you have equivalent isolation on a VLAN? Remember, each VLAN gets its own DHCP server, etc. Firewall rules can allow interaction...as needed. Use both APs for both VLANs and achieve better utilization...assuming the APs support VLAN. Unless you have some peculiar special requirements...assuming this is a home network.
Logged
HP T730/AMD RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: Guest Network on VLAN or OPT1?
«
Reply #2 on:
November 21, 2019, 10:03:01 pm »
From a layer 3+ perspective, it doesn't matter whether you use two physical ports or one with VLANs. If you have spare ports and the OPNsense box is close to your switch, using two cables isn't a bad idea. Higher throughput, no VLAN configuration in OPNsense required. If you have limited experience with VLANs this would also make testing and troubleshooting easier.
Whether you use separate APs or not isn't relevant for the OPNsense configuration. And no matter what, you will always have to configure VLANs on the switch.
Cheers
Maurice
«
Last Edit: November 21, 2019, 10:17:46 pm by Maurice
»
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Guest Network on VLAN or OPT1?