Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
From OPNsense in an VM to a bare metal with only 2 NIC, sanity check about VLANs
« previous
next »
Print
Pages: [
1
]
Author
Topic: From OPNsense in an VM to a bare metal with only 2 NIC, sanity check about VLANs (Read 679 times)
jorglodita
Newbie
Posts: 12
Karma: 0
From OPNsense in an VM to a bare metal with only 2 NIC, sanity check about VLANs
«
on:
December 20, 2023, 02:12:09 pm »
Good morning, this week I have finally decided to dismantle a part of my home lab and set up a bare metal OPNsense installation. I've been using this wonderful software for years, but two problems have arisen: I have less and less time to tinker, and my family is increasingly dependent on our home connection. It used to be no problem to take down the network and tinker for hours. Now, that time is non-existent, and I can only do it at night or when the family is out.
I'm in a bit of a hurry, so I bought a small computer (n100 with i226 cards) on Amazon. I know that on AliExpress there are computers with more ports, but I need it up and running now and can't wait that long.
Having virtualized for years, the process seems straightforward to me, but I have a big question: I only have 2 NICs and need to check something about VLANs.
1 NIC will be dedicated to WAN, that's for sure. I want the other to default to LAN and wanted to add VLANs on that interface.
However, I have read many times that for security reasons, "tagged" and "untagged" traffic should never be mixed, and I'm afraid this might be one of those situations, I need confirmation.
In my mind, I will set up some VLANs on the LAN interface, always using VLANs and leaving only the LAN for emergency connections (which I hope to never have to use). Of course, I will use a switch where all the traffic to the firewall port will be "tagged", and in the rest of the ports pretty much the same (except for some like consoles or some IoT devices that have to go "untagged").
What do you think of this approach? Would it violate the "never mix tagged and untagged" rule? I wont create any DMZ or expose anything outside for now, but I need to be sure my idea is solid about security.
Thanks a million in advance
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
From OPNsense in an VM to a bare metal with only 2 NIC, sanity check about VLANs