Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports

[Yewtink]

I have my wan and lan1 working.  I believe that I need to create a bridge for lan1-lan5 so that I can have a single network accessible any where on the lan.  But from what I have read in the docs that is a bad idea.  I need a single DHCP server that ports 1-5 will send the traffic in different directions on my lan.  Is it possible to setup a virtual switch to do what I want?  I am not good with the proper terminology so if someone can point me in the right direction it would be greatly appreciated.  Basically 192.168.1.1 is the dhcp server and lan1-lan5 distributes to different area of the house with a switch or wireless access point for the clients to connect.

I do plan to use vlans in the future but just need to get the entire network up and running now.

[Patrick M. Hausen]

You probably want to setup a LAN bridge.

https://docs.opnsense.org/manual/how-tos/lan_bridge.html

[Yewtink]

That what I was thinking but I saw somewhere that opnsense can't monitor all 5 lans, that it will only watch the last port.  That is wasn't recommended to be used.  But the PC is serious overkill so it might not matter or that has been patched since I saw the post about avoiding bridged lans?

[Greg_E]

The instructions did say that this is not a recommended way.

Make a backup of the config, then start testing?

I would probably connect a switch to LAN, cascade to the second switch, etc. but trying the bridge would be worth doing just to find out if it works for possible situations that one might run into.

[meyergru]

Setting up a LAN bridge is not technically impossible, but will put a strain on your CPU for cross-traffic.

Considering the low prices for manageable switches these days, it may be preferable using one of these.

[Yewtink]

Setting up a LAN bridge is not technically impossible, but will put a strain on your CPU for cross-traffic.

Considering the low prices for manageable switches these days, it may be preferable using one of these.

Even with a 8 core 3.8 ghz, with 16 gb ram?  I am running a single lan to a managed switch so wouldn't the load be minimal?  Guessing the AP might put a little strain but I typically only run a few wifi devices I try to keep my networks wired.

[Patrick M. Hausen]

Just try it. What bad thing could happen?

[Yewtink]

I finally got it to work.  I am new this and wondering what I should be learning more about. I will make a network topology map later of my goal and maybe get a better understanding what I need to be focusing on.

thanks for the help guys.

[Patrick M. Hausen]

Make sure you follow the documentation to the letter. These two tunables you are supposed to set are essential.  ;)

[Yewtink]

Make sure you follow the documentation to the letter. These two tunables you are supposed to set are essential.  ;)

1000%  a different tutorial I was following didn't include that part.  That was why I pulling my hair out.

[Patrick M. Hausen]

1000%  a different tutorial I was following didn't include that part.  That was why I pulling my hair out.

Why are you following some arbitrary tutorial instead of looking into the official product documentation, first? Serious question - this happens so frequently and I fail to understand it. Whenever I try a new product, documentation is the first stop.

What can the project do to improve this situation?

[chemlud]

see below...

[Yewtink]

Why are you following some arbitrary tutorial instead of looking into the official product documentation, first? Serious question - this happens so frequently and I fail to understand it. Whenever I try a new product, documentation is the first stop.

What can the project do to improve this situation?

Usually it comes down:
1) A web search shows it first.

2) Sometimes I have difficulty following along, the other source is easier to follow or understand. Or it is a video guide that I can follow along with.

Another issues comes to mind.  I don't have an IT background and the documentation is written by someone with in-depth networking knowledge so something that is obvious to the writer is not so obvious to me.  The other guides they will explain in detail why or why not to do something that was skipped over in the "Official Guide".  Another issues I have ran into is the guide will be correct for version 24.1 but minor patch in say version 24.1.1 will change the GUI just enough I can no longer follow the "official doc". (like check box removed, added or totally different GUI all together)  Unofficial guides seem to get updated before the official.

Like right now my network worked flawless for 2 days, suddenly my AP has been denied internet access.  I am getting errors but it is in code lots of numbers but I am unable to click anything to take me to the issue.  Would be nice if there was a link I could click that would take me to the problem.  Maybe it does that now and my pop-up blocker is stopping it??

The other issue I am having is attempting to play a multi-player Xbox game on 3 different devices.  Hosting on the Xbox Series X and joining from my PC works perfect.  But I can't get it to connect going the other way Hosting a game on PC and joining on Xbox X I get failed to connect to host.  Then I tried playing on Xbox One to Xbox X and they will connect fine.  But the game is so unplayable with the lag.  I finally found a site that mention that it was a known issue with Xbox and that the work around was to share the internet connect from my desktop to the Xboxes.  I all ready had ordered a 2.5gb nic card that I am waiting for so I am hoping that will fix that problem.

I am guessing the AP issues is because I don't have a switch and I was hoping to keep the 2.5gb in the house.

Would it require a smart switch for the AP to work or would a dumb switch work fine?
I was playing with Proxmox with OPNsense before I bought the new hardware.  Proxmox has the ability I believe to create a virtual smart switch it that possible with a direct install of OPNsense?

[Greg_E]

The switches in your diagram above, what are they? Do they have enough ports for everything wired and still have a couple left over?

In short, I would not create a bridge.

I would either get a bigger switch (if needed) or do the following:

OPNsense LAN --> switch 1 --> switch 2

AP1 --> switch 1
AP2 --> switch 1 or switch 2

Yes switch 2 is another  hop, as long as switch 1 is not "full" (at capacity) you won't really be losing performance. And most switches in home or light business are not near capacity.


You could also make the above "better" by getting a third switch that is faster to work as the first level, then connect switch 1 and switch 2 to this new switch. Both AP could also connect to this new switch, depending on capability.

[Yewtink]

It is not so much the size of the switch but the speed I wish to keep.  The gaming lan I would like to keep everything 2.5gb.  Everything thing else I am happy with 1gb.  To get a smart 2.5gb switch is really expensive that is part of the reason I chose the mini computer that I did.  I figured one wire = one 2.5gb branch, but I really didn't think the access point would choke like it did.  (cheap junk or limits of mesh technology?)  I use the Mesh Access point as wifi bridge (not possible to set in bridge mode) that my 3rd AP grabs the signal and sends it into my detached wired office.  I have been fairly pleased with the speed and the range of the wifi coverage.  I felt that I was asking way to much from the little Deco hardware and it was over worked and would crash at least once a month and I would have to reboot everything manually until it recovered.

The way it was wired is how it was shown.  I ended up dropping the 2nd access point.  Then I was was having issues with the access point themselves.  They are TP-Link Deco x55 they seem to work nice until they sync up with the cloud and all hell breaks loose.  I reset the OPNsense router to right after I setup the bridge.  Then plugged a dumb switch in front of the AP and walked away.

My original plan was to run wires to: router NICs are 2.5gb (I know I will never see that but my plan was to be available when I am LAN gaming with my nephews. hoping to keep 2.5 from router to game room)
ETH0= WAN
ETH1= lan bridge
eth5= 2.5gb computer I was using to set things up
eth2= 2.5gb living room to (smart switch) 1gb
eth3= 2.5gb game room (dumb switch 2.5gb) 
eth4= 2.5gb was a wire out to the yard where I have an outdoor rated WIFI6 access point that also covers the house and about 300ft away.
eth5= 2.5gb went to another AP I had in the house.  (I believe it was to close to the other AP causing problems, removed it)  The wifi was still missed up so I did a system reset on wifi and still couldn't connect.  That is when I reset the firewall and ever thing is working.  But I have next to no security, right now.

I did have openDNS setup for a while so IDK if it was blocking the TP-link AP from reaching the cloud or another firewall rule I set had blocked it.  I can't find much support from TP-LINK.  But I am kinda worn out with missing with it.  I did find a OPNsense Book 4th gen I just ordered from Amazon and going to start reading and see if I can get caught up.

I feel like I need to draw up my network topology and layout all my goals.  Is their any chance there is an interactive tool or website that I could enter my network and use groups to get a list of recommended settings and plugins to use?

I want to have an office, streaming, (XBOX) gaming, zones and eventually a vlan to connect my sisters network next door to mine to share our printers and my game servers for my nephews.  But I don't want the traffic to go out over the WAN.  My ISP is really slow 25mb/5mb which would making gaming impossible.  But I believe over WIFI6 it should be acceptable.

I attempted to find an OPNsense retailer, partner, tech in my area.  But the nearest place was over hour away and only posted commercial rates.  :(  I am about 2 hours south of Washington DC and about 2 hours North of Richmond Virginia.

sorry for the novel again.  Lots of ideas rolling around in my head and trying to figure out which ones are on track and which ones are just confusing me.