English Forums > General Discussion

WiFi VLAN question with existing hardware

(1/1)

irrenarzt:
Good evening!

First off, I apologize since I know this may seem like a repetitive question seen here, but I'm a very visual learner and limited on what I can experiment with right now.

My issue:
I will soon be getting a Protectli VP2420 with OPNSENSE for a home router/firewall. I've been reading through guides ahead of time so the setup process can hopefully go as quickly as possible... if my network is down for too long, I have kids and a wife that are going to be very upset with me.

For my WiFi set up, I currently have FIOS and utilize their G3100 router and E3200 extender. This is hardware that I would preferably like to keep since the built-in MOCA capability is a necessity (this is how I connect the G3100 and E3200 between separate floors). One of my objectives with the new router is keeping certain IoT devices on my WiFi separate from others. The way I can manage that on my current setup is through the Guest WiFi network, which creates an SSID on a separate subnet (192.168.200.xx) from the main WiFi network. Based on other people's experiments with the G3100, I know the guest network is VLAN tagged as "VLAN 10"... but it's not a setting I can see or change.

When I get the VP2420, my intention is to connect the FIOS ONT to port 2 (WAN), and then disable DHCP on my G3100 and connect it to port 1 (LAN). Since DHCP is now being managed by OPNSENSE, my assumption is any devices on the guest wifi will either A) Have all their IP addresses assigned in the same subnet as the main network, or B) Have a conflict and not work at all.

My *hope*, and this is where I need people a lot smarter than me, is that through OPNSENSE I can have port 1 on the VP2420 configured for both "VLAN 10" and the main network. If the world is rainbows and unicorns, then this would hopefully allow me to keep two different SSID's that aren't able to communicate with each other. Is this possible, or am I an idiot in need of a new plan? If this won't work, what is the best solution for separating wifi traffic noting the concerns mentioned above?

cookiemonster:
I have no knowledge of your equipment but the principle is this: all devices on a port in OPN will be by default on the same network segment.
OPN supports VLANs of course, but because they are expected to be on the same interface ie. port, then that interface needs to receive all the traffic tagged. In other words, it has to be set downstream from it as a trunk.
So if you were to send the traffic with tag 10, it should also send the rest of the traffic on the same port with another tag. You need to investigate the behaviour of that equipment. You could have problems if it sends tagged and untagged traffic. FreeBSD is not happy with it.

Navigation

[0] Message Index