[Solved] 3 WAN's / 6 LAN's - Any recommendations?

Started by svord, June 17, 2023, 12:47:08 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 17, 2023, 12:47:08 AM Last Edit: June 19, 2023, 12:55:37 AM by svord
I have a setup where I have 3 different wans (running a multi-wan setup) and 6 different lans. 

Most of the really solid OPNsense appliances only have 6 ports.  So what is the best way to approach this?  My guess is that vlan'ing is the answer - but it would be good to get some confirmation of that before going down that path as I have limited experience with vlan's.

June 17, 2023, 09:45:52 AM #1
Yes, VLAN separation meets your requirements. I run OPNsense on an i3 NUC ESXi with one physical NIC and about a dozen VLAN's which appear to the firewall as vNIC's.

Plenty vids on VLAN https://onion.tube/search?q=vlan
June 17, 2023, 12:08:59 PM #2
The way to go would be to use VLANs, but since you say you have limited knowledge about VLANs, I do not quite understand what you want to accomplish?

If your aim is to separate 6 physical LANs like in a rental house for different with a LAN connection to their infrastructure, then obviously a VLAN-capable switch is something you probably do not want on top. In that case, you probably want a firewall with at least nine ports.

On the other hand, if all of the network infrastructure behind the firewall is yours, then either you have 6 (V)LANs already or you don't, but why 6 LANs then?
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
June 18, 2023, 07:35:02 AM #3
Quote from: meyergru on June 17, 2023, 12:08:59 PM
If your aim is to separate 6 physical LANs like in a rental house for different with a LAN connection to their infrastructure, then obviously a VLAN-capable switch is something you probably do not want on top. In that case, you probably want a firewall with at least nine ports.

On the other hand, if all of the network infrastructure behind the firewall is yours, then either you have 6 (V)LANs already or you don't, but why 6 LANs then?

My aim is to separate 6 physical LANs and ideally, I would have a firewall with at least nine ports as this makes the most sense to me - but most of the really solid OPNsense appliances that I have found only seem to have 6 ports.  Are there any good appliances available on the market with 9+ ports? If not, then it sounds like vlan'ing is the way forward.
June 18, 2023, 08:58:27 AM #4
The closest you'll get with an appliance would be a ZimaBoard with USB ethernet adapters and a quad PCI-e NIC but that would not be very tidy.

Mini-ITX tops out at a single PCI-e as well so for small form factor you would have to build something with Mini-ATX or (rare) Mini-DTX, boards. Close to an appliance in size but no longer ready-made.

VLAN is easiest by far and cleanest. It allows you to have groups of networks some distance away over trunk connections. Your megaNIC appliance would need nine devices hanging off it like a spider in a web. ;)

Bart...
June 19, 2023, 12:55:00 AM #5
Thanks Bart & meyergru.  That answers my question.  Appreciate your advice.
Cheers.
Print
Go Up Pages1
User actions