Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Dynamic VLAN assignment
« previous
next »
Print
Pages: [
1
]
Author
Topic: Dynamic VLAN assignment (Read 4797 times)
bamus
Newbie
Posts: 3
Karma: 0
Dynamic VLAN assignment
«
on:
March 17, 2020, 01:59:14 pm »
Hey people!
I've started playing with OPNsense and I like it a lot so far. I'm wondering what is the best way to achieve the following scenario for wired devices:
When a device gets plugged in anywhere:
- Trusted devices (by mac address?) get assigned to a "Trusted" vlan
- unknown devices get assigned to an "Untrusted" vlan
Thanks for any insight into the matter!
B.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Dynamic VLAN assignment
«
Reply #1 on:
March 17, 2020, 07:15:38 pm »
Freeradius Plugin, enable vlan assignment, add User where User AND pw is mac address, enable vlan assignment in your switch. Thats it
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
bamus
Newbie
Posts: 3
Karma: 0
Re: Dynamic VLAN assignment
«
Reply #2 on:
March 19, 2020, 11:31:52 am »
Thanks for your answer, much appreciated!
Is there some kind of logic flow behind the assignment of IP addresses?
For example, considering the same switch port that passes all available networks:
Port X serves:
- trusted vlan (192.168.99.1/24)
- untrusted vlan (172.16.0.1/24
- management lan (untagged) (192.168.1.1/24)
If I plug in a device in that switch port, how does the logic flow work to see where it goes? Does it go like this:
1) check Radius for an account, if it finds one -> trusted vlan
2) if it doesn't have an account on Radius -> check other networks
3) if DHCP reservation in mgmt lan, it's probably a switch or AP -> mgmt vlan
4) if no DHCP reservation -> untrusted vlan
I'm sorry if that's completely off the mark. I'm trying to have a system where you can plug your device in anywhere on any (managed) switch and never end up on the wrong network, if that's even possible.
B.
Logged
bamus
Newbie
Posts: 3
Karma: 0
Re: Dynamic VLAN assignment
«
Reply #3 on:
March 19, 2020, 10:47:14 pm »
I've found what I'm looking for and it seems to be a function of the switch or AP: Fallback/Guest VLAN.
So if Radius says no and that device doesn't get assigned the Trusted VLAN, it gets put on the fallback VLAN.
I should be able to make this work now. Cheers for the pointers!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Dynamic VLAN assignment