Want to Attach Synology WiFi Access Point to OPNSense Box? Easiest way?

[Sinister Pisces]

Hello,


I've currently got a network set up like this:

{Fiber Internet} --> {OPNSense Firewall} --> {Core Switch} --> {Wifi Access Point}

{Core Switch} is attached to the single Primary LAN local network hardware interface. I have another open hardware interface RJ-45 jack available.

I'd like to move the WiFi AP so it's directly connected to the OPNSense Firewall, but I'm not quite ready to set up VLANs yet. I've never done it before, and wanted to wait until I finished a few other projects.

Is there any way at all to create new Interface, plug the WiFi AP into it, and have it be part of the Primary LAN interface defined in OPNSense?

If not, what's the easiest way to set up the new interface to (for now) make sure any clients on it can see all the clients on Primary LAN? I'm not ready to segment my network yet, but do need to re-wire some things, which is why I want to do this.

[bartjsmit]

You need a bridge if you want two (or more) OPNsense interfaces on the same network.

https://docs.opnsense.org/manual/how-tos/lan_bridge.html

You may also need a crossover cable to your AP and you may not get the full speed out of the link since there is no switch that will auto-negotiate the best parameters. Caveat magister reticulum.

Bart...

[WN1X]

Connecting to your switch would be a better option. Move your existing LAN connection to the switch along with the AP.

[Sinister Pisces]

Thank you both. This is very helpful. :)


Why is bridging not recommended? I've read elsewhere, more than once, that it's to be avoided, but I'm not sure why. Is it based on the assumption that the hardware isn't up to the task?


Jim, that's what I want to do eventually. I was trying to ease into it. My wireless network is almost entirely devoted to my non-technical roommates; they stream all their media over it for recreation and use it for work and personal stuff. If it gets wonky at all, it will be a Bad Time®.


I was trying to isolate it while I start redesigning my physical ethernet network (upgrading/replacing switches, etc.--I have a new core switch to deploy and my old core switch will live under that).



So, I guess what I really need is an idiot's guide to creating a separate wifi VLAN in OPNSense that can get out to the internet and access physical devices (printers, etc.) on the primary LAN. I can get fancy with it later.

[WN1X]

Why is bridging not recommended? I've read elsewhere, more than once, that it's to be avoided, but I'm not sure why. Is it based on the assumption that the hardware isn't up to the task?

Performance can suffer when using a bridge because the firewall's CPU has to handle all of the traffic passing between systems on the two (or more) bridge ports. Using an ethernet switch eliminates that bottleneck and let's the switch handle all intra-LAN traffic.

[Sinister Pisces]

Thanks! That makes a lot of sense.

On reflection, I think I'm better off upgrading my switch hardware first, before I change anything else about how my router is configured.

I'd been trying to postpone that because of the cost to buy the new hardware, but making myself do the switch-out now would simplify a lot of things I want to do later.


Thanks for talking me through this. :)