Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Help network newbie with a simple setup - DDWRT as secondary with multiple VLANs
« previous
next »
Print
Pages: [
1
]
Author
Topic: Help network newbie with a simple setup - DDWRT as secondary with multiple VLANs (Read 2001 times)
hxdai
Newbie
Posts: 2
Karma: 0
Help network newbie with a simple setup - DDWRT as secondary with multiple VLANs
«
on:
September 22, 2022, 02:27:02 am »
First time user of OPNsense, and network newbie in general, please be gentle roasting.
Attached is what I'm trying to achieve, pretty straightforward, and the trusted side can reach internet just fine.
I'm trying to get untrusted side to reach internet before setting up firewall rules for isolation, but there is a twist on the untrusted side:
I'm hoping to set up 2 SSIDs, each with a VLAN tag. One SSID for IoT, the other for guests. I want the OPNsense box as DHCP server(s) for each network. I followed the DDWRT guide on setting up as AP, as well as adding VLAN tags, I also tried to set up OPNsense VLAN interfaces with matching VLAN tag IDs, but my device can't get an address when connected to either SSID...
My question is: do I even need VLANs to isolate IoT/guests/trusted networks? Where can I find logs to see if the DHCP request even reached OPNsense? A tutorial involving DDWRT would be greatly appreciated.
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Help network newbie with a simple setup - DDWRT as secondary with multiple VLANs
«
Reply #1 on:
September 22, 2022, 04:59:12 am »
Yes, use vlans.
The interface going to the AP, we'll call it OPT1 since you didn't mention it.
Add the vlans in opnsense using OPT1 as parent interface.
Go to Interfaces/assignments and assign the vlans as interfaces.
Assign IP's, name, and enable those interfaces.
Add firewall rules on those new interfaces.
Enable DHCP server on those interfaces
Logged
hxdai
Newbie
Posts: 2
Karma: 0
Re: Help network newbie with a simple setup - DDWRT as secondary with multiple VLANs
«
Reply #2 on:
September 22, 2022, 02:53:34 pm »
more information:
The interface assignment looks like attached picture.
The Trusted_Devices interface has IP address range of 192.168.5.0/24. DHCP server is giving out 192.168.5.100-150 addresses.
IoTdevices interface has IP address range of 192.168.15.0/24, DHCP server giving 192.168.15.2-254.
Guestdevices interface has IP address range of 192.168.30.0/24, DHCP server giving 192.168.30.2-254.
The DDWRT AP has a LAN IP of 192.168.5.152(set within DDWRT), from Trusted_devices interface I can't reach the DDWRT webgui, and my wireless device can't get an IP address.
I'm not sure what kind of firewall rules are needed? can you give some pointers? I'm assuming some kind of "allow iot interface to access WAN", "allow iot interface to access DHCP server"(not sure if this is even needed?), "block iot interface from initiating transfer to trusted", "allow trusted interface to initiate transfer to iot", etc?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Help network newbie with a simple setup - DDWRT as secondary with multiple VLANs