Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Configuration of multiple Interfaces and VLANs
« previous
next »
Print
Pages: [
1
]
Author
Topic: Configuration of multiple Interfaces and VLANs (Read 1645 times)
cbass
Newbie
Posts: 4
Karma: 0
Configuration of multiple Interfaces and VLANs
«
on:
May 31, 2024, 02:53:34 am »
I have a Qorum PC with 5 interfaces and an HPE managed switch. Currently I have igb0 configured for WAN and igb1 configured for LAN. I would like to configure VLAN's and looking for best practice recommendations. Should I configure each interface in Opnsense for the specific VLAN and connect it to untagged port on the switch? Or should I configure one interface in Opnsense to support multiple VLAN's and I'm assuming this would need to be a trunk port on the switch?
Logged
yourfriendarmando
Full Member
Posts: 103
Karma: 8
Re: Configuration of multiple Interfaces and VLANs
«
Reply #1 on:
June 01, 2024, 06:23:22 am »
Hi There
There are some things you can do with the additional ports.
At home, I have a system with 6 Ports, but a switch with fewer ports. Everywhere else, with 4 or more ports, that switch will usually have at 24-48 ports.
igb0: WAN
igb1: MGT
igb2: WRK
igb3: OoB (untagged), GST (tagged)
The MGT port is not connected to a Switch, but rather, is an emergency port to help you diagnose issues. It should have the least amount of Block rules.
Because I don't want the Guest or Out Of Band networks to have the greatest amount of priority, I don't mind stacking them on the same port.
From the FW perspective, there is just the GST tagged VLAN.
The switch just sees access ports, with exception of the one from igb3.
That one is native/untagged OoB (VLAN1 in my case), and GST tagged/trunked across.
Logged
cbass
Newbie
Posts: 4
Karma: 0
Re: Configuration of multiple Interfaces and VLANs
«
Reply #2 on:
June 01, 2024, 09:18:55 pm »
Thanks for the suggestions. I like your idea of having a MGT port there for "emergency". I probably should have given more context to my scenario but those posts tend to turn into long stories. Anyway, this is a home setup, and my Qotom mini pc has 5 ethernet nic's. Been running OpnSense on it for 7-8 years now and it's still going strong. I'm in the process of migrating from a Dell PowerConnect 2816 and non-managed netgear prosafe switches to a HPE OfficeConnect 1820 switch. I also have a Unifi US-8-150W switch that I'll continue to use mainly for the POE. For wireless I have a Unifi UAP-AC-Lite which I'm not looking to replace at this time.
This is my thought of how to configure the interfaces in Opnsense as it's similar to how I've had it configured for some time now with the addition of the IOT and MGMT (per yourfriendarmando's suggestion) ports.
1 WAN
1 LAN
1 IP Cameras
1 IOT
1 MGMT
I guess I was just thinking of configuring a VLAN perhaps for the IP Camera and IOT networks or perhaps a LAGG and VLAN and wasn't sure if it's best practice to physically separate the networks like my example above or go the VLAN route?
Logged
yourfriendarmando
Full Member
Posts: 103
Karma: 8
Re: Configuration of multiple Interfaces and VLANs
«
Reply #3 on:
June 02, 2024, 04:16:49 am »
You can certainly spread them out, unless you are stacking more than one network over the same interface, your Firewall does not need to have VLANS set explicitly on it. It is the switch that is doing that job at the Layer 2. Your Firewall will connect them, and rules will govern what from which network, can traverse elsewhere to another network.
You can assign an interface to a NVR network, and on your switch make that access switchport its own default VLAN just for your Cameras.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Configuration of multiple Interfaces and VLANs