English Forums > Tutorials and FAQs

Help network newbie with a simple setup - DDWRT as secondary with multiple VLANs

(1/1)

hxdai:
First time user of OPNsense, and network newbie in general, please be gentle roasting.

Attached is what I'm trying to achieve, pretty straightforward, and the trusted side can reach internet just fine.
 
I'm trying to get untrusted side to reach internet before setting up firewall rules for isolation, but there is a twist on the untrusted side:

I'm hoping to set up 2 SSIDs, each with a VLAN tag. One SSID for IoT, the other for guests. I want the OPNsense box as DHCP server(s) for each network. I followed the DDWRT guide on setting up as AP, as well as adding VLAN tags, I also tried to set up OPNsense VLAN interfaces with matching VLAN tag IDs, but my device can't get an address when connected to either SSID...

My question is: do I even need VLANs to isolate IoT/guests/trusted networks? Where can I find logs to see if the DHCP request even reached OPNsense? A tutorial involving DDWRT would be greatly appreciated.

Demusman:
Yes, use vlans.
The interface going to the AP, we'll call it OPT1 since you didn't mention it.
Add the vlans in opnsense using OPT1 as parent interface.
Go to Interfaces/assignments and assign the vlans as interfaces.
Assign IP's, name, and enable those interfaces.
Add firewall rules on those new interfaces.
Enable DHCP server on those interfaces

hxdai:
more information:
The interface assignment looks like attached picture.
The Trusted_Devices interface has IP address range of 192.168.5.0/24. DHCP server is giving out 192.168.5.100-150 addresses.

IoTdevices interface has IP address range of 192.168.15.0/24, DHCP server giving 192.168.15.2-254.
Guestdevices interface has IP address range of 192.168.30.0/24, DHCP server giving 192.168.30.2-254.

The DDWRT AP has a LAN IP of 192.168.5.152(set within DDWRT), from Trusted_devices interface I can't reach the DDWRT webgui, and my wireless device can't get an IP address.

I'm not sure what kind of firewall rules are needed? can you give some pointers? I'm assuming some kind of "allow iot interface to access WAN", "allow iot interface to access DHCP server"(not sure if this is even needed?), "block iot interface from initiating transfer to trusted", "allow trusted interface to initiate transfer to iot", etc?

Navigation

[0] Message Index

Go to full version