using a 2nd router for wireless services

[ajoeiam]

Greetings

Maybe it was just 3rd time lucky but I now have a working OPNsense setup.
Its a Qotom Q730G5 that I dropped 8 GB of ram and a 240 GB SSD into (with Intel 2.5 GBit nics).

I would like to offer wireless services.
(Makes things much easier for the TV and cell phones and such!)
I have not been able to find any kind of recipe for adding a second router that is only there for wireless services onto an open port on the OPN box (3 open ports at present).
igc0 is wan
igc1 is lan

do I label igc2 as wireless and then plug the second router into igc2
(using the wireless options in the second router now set to AP (access point) instead of 'wireless router' as it is now)
is this a good solution to providing wireless access ?

Please advise.

TIA

[bartjsmit]

If your WiFi clients are in the same security category as your wired ones (e.g. not IoT) then just add the router in AP mode onto the LAN switch. That will connect everything on Layer 2 and your current DHCP, firewall rules, DNS, etc. will work the same for both types of client.

Bart...

[ajoeiam]

If your WiFi clients are in the same security category as your wired ones (e.g. not IoT) then just add the router in AP mode onto the LAN switch. That will connect everything on Layer 2 and your current DHCP, firewall rules, DNS, etc. will work the same for both types of client.

Thanks for the response - - - and if I would like to increase the security (if its not too onerous)on the wireless stuff?

(I'm finding that the streaming services like to manipulate hardware quite a bit. Also would like to up the privacy on my wireless items. I am developing some IoT items and may need wireless for that although I'm trying hard to keep things wired.)

What options do I have - - - please?

TIA

[Patrick M. Hausen]

Use an access point that can serve multiple SSIDs and map them to different VLANs. Connect to one physical interface on OPNsense. Define as many VLAN interfaces as you have different "zones"/"policy groups".

[CJ]

Wireless routers will work as APs and if you already have one on hand, go ahead and use it.  As mentioned, turn off DHCP and plug the LAN port of the router into OPNSense or your switch, depending on whether you want to separate your wired and wireless traffic or not.

The better method is to pick up a dedicated AP.  They can generally be found for the same cost or less than high end router while providing more functionality and stability.  Unifi gets recommended a lot but there are a bunch of different options depending on how you want to configure them.  Some are cloud only, some give you a website like a consumer router, some allow you to self host a controller and there are various combinations of the three.

Dedicated APs also allow you to run multiples to improve your coverage, but you're best starting with just one.  Adding VLANs to separate your SSIDs in order to secure things like IoT is a good idea but before that it can cause reduced wireless throughput.