Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Complicated network topology
« previous
next »
Print
Pages: [
1
]
Author
Topic: Complicated network topology (Read 4247 times)
wizziLalev
Newbie
Posts: 12
Karma: 0
Complicated network topology
«
on:
May 19, 2017, 12:05:58 pm »
Hello to all!
I'm using OPNsense from few mounts now and I love it! But I want to make my home network just a little bit more organized and I need your help because I'm lost...
Recently I've manage to get HP ProCurve 2626 (J4900C) for $10 from eBay and after resurrecting one old HP 6005 Pro (AMD ATHLON II X4 645, 16GB Ram, 2x2TB HDDs) I'm ready to start!
That is old hardware - I know that, also there will be issues like old firmware, etc. - I know that also - but for the moment I can't invest any money to make it better, so I need to work with what I have.
So after few days of cleaning dust, changing thermal paste and preparing small place where to put everything I want to make something which will work and will be practical, so here is my idea:
Proxmox as main OS
OPNsense as guest VM
Another VM for few lightweight WEB apps
So far, so good but here is my problem: My machine have only one NIC and I want to use it for so called "router on a stick"
What is my topology:
ISP up-link enters my apartment - it's a cat6 cable without modem/router and this cable is connected to one of the Gbe ports of my switch
the host machine is connected to the second Gbe port of the switch
few ports are occupied by dummy APs, 2 PC and 3 SBC's
What is my issue:
I don't know how to set all VLANs and briges correctly so the OPNsense VM to act as normal router so, all hardwired/wireless devices to get their IP from OPNsense's DHCP, and all other VMs to be able to access internet also.
So I'm open for any ideas/suggestions/comments!
P.S. Please check attached diagram
Logged
wizziLalev
Newbie
Posts: 12
Karma: 0
Re: Complicated network topology
«
Reply #1 on:
May 20, 2017, 09:07:38 am »
Anyone? As far as I know this setup is not the best approach, but possible.
Logged
Mega32
Newbie
Posts: 36
Karma: 7
Re: Complicated network topology
«
Reply #2 on:
May 20, 2017, 09:23:12 am »
I'm an OpenSense newbie , and even still waiting for my hardware.
But i do know networking, and your setup is as you mention a "Router (fw) on a stick"
For Zone (Lan) separation you need to run 802.1q tagging (Vlans).
Decide what switchport your OpenSense PC would connect to , that would be your "Uplink port" , let's say it's port 24.
You would create a Vlan for each Zone (separate lan) in the switch, and make the ports where you connect your equipment for that specific Zone , an untagged member of that vlan.
If you ie. have 3 ap's in the same Zone , you would just make 3 switchports untagged mebers of the same Zone (Vlan), and plug the AP's into those ports.
For every Zone/Vlan you create on the switch , that is to be handled by OpenSense , you would also need to make that Vlan a tagged member of your "Uplink port" (Port 24).
This means that traffic from all Zones/Vlans would also go via the single "Uplink port (24) to the OpenSense Box , where the OpenSense would be able to do the routing & firewalling between the different Zones.
So all Zone members (PC's) , AP's etc. would connect to an untagged Vlan port on the switch , and all created Vlans on the switch that have to be handled by OpenSense , would have to be a tagged member of the OpenSense "uplink port" (port 24)
Now your L2 (Layer2) network is done , and you'd need to create a matching (Vlan) interface on the OpenSense Box , for each vlan you have tagged in the switch for transport on the fw (firewall) "Uplink port"
/Mega32
«
Last Edit: May 20, 2017, 09:26:53 am by Mega32
»
Logged
If my posts helped you remember to
applaud
Experienced Newbie
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Complicated network topology