noob of noobs need help in configuring and placing

[marjohn56]

Image the powerline as just a piece of network cable, it's a link between point a and point b, it's network address agnostic ( unless it has a management interface for wifi ). So you have a big managed switch in the loft; 24 ports. Two of those ports need to be set to trunk, or tagged, it varies what they call it depending on the switch make.


One of those connects to a port on OPNsense that carries all the VLANs, or,  if you have ports to spare on your OPNsense router you could do all the VLAN tagging in that big switch. So there are two ways to do it that. The other connects to the powerline, the powerline is now carrying all the vlans. Now for the other powerline adaptors you connect those to small 5 or 8 port managed switches, again the powerline as it's carrying ALL the VLANs connects to the tagged or trunk port of the switch, there is no specific port, you just select one and set it up to be trunk. The other ports you configure as untagged with VLAN number you set in the main switch or OPNSense. So wherever you are in the house, with a cheap little managed switch you can access any LAN segment.


Does that make sense..

[wbravin]

Image the powerline as just a piece of network cable, it's a link between point a and point b, it's network address agnostic ( unless it has a management interface for wifi ). So you have a big managed switch in the loft; 24 ports. Two of those ports need to be set to trunk, or tagged, it varies what they call it depending on the switch make.  Hi this is what i do not understand If i have 2 trunks do i need to connect i trunk to one powerline and the other to a different powerline? can 2 trunks be assigned to the same port?


One of those connects to a port on OPNsense that carries all the VLANs, or,  if you have ports to spare on your OPNsense router you could do all the VLAN tagging in that big switch. So there are two ways to do it that. The other connects to the powerline, the powerline is now carrying all the vlans. Now for the other powerline adaptors you connect those to small 5 or 8 port managed switches, again the powerline as it's carrying ALL the VLANs connects to the tagged or trunk port of the switch, there is no specific port, you just select one and set it up to be trunk. The other ports you configure as untagged with VLAN number you set in the main switch or OPNSense. So wherever you are in the house, with a cheap little managed switch you can access any LAN segment.

I do have ports to spare on my r710  as i mentioned the 4 ports (in my head) are as follows:
port 1 my wan
port 2 my lan 192.168.1.1
port 3 is free
port 4 is free


I would buy a primary managed switch of 12 or 24 ports (any recommendations?)

so if i understand correctly i would assign to port 3 my vlans and connect this port to the switch or do i assign the vlans to port 2

I understand that within the switch there are Trunks to assign to ports (however i have not learned that far yet)

your recommendation of getting a small 5/8 port managed switch for the living room and the home theatre, (great) connect one port of these switches to the powerline and one port to the AP  (to manage the wifi) and the other ports to the devices . or should i have a separate powerline for the AP (this I can do), but all connected to the powerline in the loft

Thank you it is becoming much more clearer and doable

Does that make sense..

[marjohn56]

OK, so let's do a little configuring.


So you need a 24 port switch, probably not, an eight port in the loft is probably enough.


Port 1 - Trunk - To Powerline
Port 2 - Trunk - To Opnsense VLAN - Main, VLAN IoT, VLAN - Guest Wifi
Port 3 - To Server - Untagged - port set to handle VLANx
Port 4 - Spare
Port 5 - Spare
Port 6 - Spare
Port 7 - Spare
Port 8 - Spare


Lounge - 8 Port Managed Switch


Port 1 - Trunk - From Powerline
Port 2 - Trunk - To WAP ( Not your AC87, sell it! ) TPLINK EA235 or similar that handles VLANs, Ubiquiti also do them. The TP Link ones are much cheaper and work well.
Port 3 - VLAN - Main LAN
Port 4 - VLAN - Main LAN
Port 5 - VLAN - Main LAN
Port 6 - VLAN - IoT
[/size]Port 7 - VLAN - IoT
[/size]Port 8 - VLAN - IoT


Other areas, repeat as required.


It's really pretty simple once you get your head around it.

[wbravin]

how can i thank you for your help . it is greatly appreciated.



amazing and all of this requires 1 port on opnsense, thank you very much for taking the time to explain this to me so clearly.

Now i have a roadmap to follow

I have an opportunity to buy a cisco c2960 managed switch with POE and gb speed. this to me sound alright. what do you think?
 

[marjohn56]

Overkill. Check your local ebay and look for these
https://www.ebay.co.uk/itm/D-Link-DGS-1100-08P-8-Port-Gigabit-PoE-Smart-Managed-Switch-64W-PoE-Fanless/233624010758?hash=item3665138006:g:f~AAAOSwnKJe7Nbn
or the 1210s, cheaper and do the job perfectly. Dlink switches are fine, TP Link managed switches avoid like the plague.


wh

[wbravin]

thank you for the feedback

the cisco is only £50 this is why i was considering it I looked at the tp-link ae235 could not find any information on it . However i did come across of the  the 245 model  and from the looks of things it would be way better than my ac87u

now the only thing i need to do is wait for the new motherboard and psu to start the implementation. hopefully this will happen early next week. can't wait

thank you

[wbravin]

hello all

can you please confirm that i am on the correct path with my configuration. Please have patience with me between yesterday and today i watch 10 hours of youtube on this subject (please have pitty on my i'm old and i do not assimilate as i used to).
Here goes
On my dell r710 which as i mentioned has 4 nic ports. Im thinking of assigning them in the following way
port 1 wan XXX.XXX.XXX.X.X  it need to configured as ppoe because i need to insert username and password for eolo to have access to the internet
port 2 LAN 192.168.1.1
port 3 WIFI  192.168.2.1
port 4 IOT  192.168.1.3.1

I could probably all have them terminate on pot 2

configure 3 vlans

vlan 1 10 my home assigned to port 2
vlan 2 20 wifi assigned to port 3
vlan 3 30 Iot assigned to port 4

in the main switch create 3 trunks
trunk1 vlan10
trunk2 vlan20
trunk3 vlan30

They will all be pointing to 1 trunk to which I will connect the powerline in the loft

my 4 serves will connect directly to the main  switch

the loft powerline will be connected to a local powerline to which a computer will be connected and will have an ip of 192.168.1.xxx

The loft powerline will also connect to a local powerline which be connected an other manage switch
in that manage switch i will need to configure
3 vlans
vlan 10 will be assigned to port 1 on the switch to which the HTPC will be connected
vlan 20 will be assigned to port 2 on the switch to which i will connect an AP for guests
valn 30 will be assigned to port 3 on the switch to which i will connect the TV

i believe that if we take a very high view of this configuration this should work.

I still need to better understand the vlans assignments to ports, a better assignment of the ip ranges and how the demarcation between home and guest is transmitted to opnsens from the AP level.

Thank you for spending your valuable time on this matter.and responding  it is trully  apprriciated

[marjohn56]

Why are you putting the server on the WAN? Its not a firewall and is not secure. Opnsense connects to the WAN, everything else is on the LAN side of Opnsense.

[wbravin]

sorry i i was not clear

the dell r710 (hosting opnsens) will have nic 2 connected to the eolo box Is this not the wan?



the dell r710 connects top a manage switch and the servers are connected to that managed switch as is the loft powerline

sorr for any confusion

[marjohn56]

Ah, ok my bad, you're running opnsense as a VM, yes thats ok.

[wbravin]

hi just to clarify

i will not run opnsens on a vm. in my case i do not see the use case for it plus its is one more thing to learn and for now i have my plate full with opensense..

In your opinion pointing the vlans on opnsens individually to their own nic does it add additional issues or does it simplify it?

In the main switch in your configuration

you pointed all vlans to one trunk and a separate trunk to connect to the powerline

should all valns be assigned to the same port of the powerline?

[marjohn56]

The Dell r710 is a poweredge server, is it your intention to run Opnsense 'baremetal' on that? If so it's a massive overkill.

[wbravin]

hi

yes.

its as huge overkill. I bought this with the intention of developing  a more robust redundant freenas serve to replace the freenas serve built on an old desktop.

once the opensense  i well up and running I plan to install opnsense on a 1U server with 1 cpu and 16gb ram and replace the ac87u .

Good news  my power supply and new Dell  mb will arrive on monday which will allow me to start installing and configuring opnsense.

following your direction I am designing the network on paper .

I am on ver 3. I am adding ip addresses as i am going along and documenting the steps i will need to take to accomplish this. so when the time comes i will be ready.

i am still struggling to understand with your configuration you supplied here above

In the main switch in your configuration

you pointed all vlans to one trunk and a separate trunk to connect to the powerline

should all valns be assigned to the same port of the powerline?

in addition i will have 3 pc wired directly to a powerline will they be part of the main lan (192.168.1.1) or will tyhey be part of Vlan 10

[marjohn56]

Powerlines are just transmission devices, they carry everything, so yes whichever switch port connects to a powerline device is a trunk port. Wherever you have a powerline device you will need a managed switch connected to it.

[wbravin]

thank you very much for the this clarification


Thanks to your patience and help i confirm my choice of opnsense.

I will then need to buy 3 more 4 port manage switches one foe each of the other rooms. could this not be achieved by setting the ip address of each laptop directly connected to a powerline to a static IP . then once the main switch sees its connection it will know what to do with it.

so if i am using my laptop in my bedroom i could assign it a 192.168.1.101 ip address and the switch would recognise it as part of my private lan?