<![CDATA[VLAN : on Opnsense or switch or both?]]>Can’t find good answers by internet search.
Maybe I’m not seeing wood for trees.
Thought maybe some wise person here can point me in right direction.

New leased line to be made live this week (hopefully).
Installed Opnsense on a mini PC.
And have a 24 port switch to distribute connectivity (via patch panel to different rooms with wall ethernet ports).
So leased line —> Opnsense box —> Switch —> patch panel —> rooms.

I was planning to create VLANs for different groups (rooms) on the switch.
But I see Opnsense has VLAN functionality.
So I am confused whether I should set up the VLANs on Opnsense or on Switch … or both ?

I’m thinking to keep it simple and do it on switch as I am not sure the firewall needs different rules for each VLAN.
Primary objective of the VLANs is to segregate what devices the different user groups can see/access.

  • "war room” (my office)
  • family users
  • office tenant in building
    Firewall is just to implement basic “nothing in, anything out” policy, until I open up selected apps on server in war room.

Is that the source of the answer?
If VLANs have same firewall rules, do it on switch ?
If a VLAN needs different firewall rule(s), do VLAN on Opnsense or just create rule for traffic to an address.

Many thanks for voice of experience and wisdom.

]]>https://forum.cloudron.io/topic/7579/vlan-on-opnsense-or-switch-or-bothRSS for NodeTue, 10 Mar 2026 01:02:36 GMTSat, 27 Aug 2022 13:02:50 GMT60<![CDATA[Reply to VLAN : on Opnsense or switch or both? on Fri, 16 Sep 2022 09:55:32 GMT]]>@Mastadamus thank you

Not currently expecting to route between the VLANs but will bear this in mind.

]]>https://forum.cloudron.io/post/53504https://forum.cloudron.io/post/53504Fri, 16 Sep 2022 09:55:32 GMT<![CDATA[Reply to VLAN : on Opnsense or switch or both? on Fri, 16 Sep 2022 03:41:52 GMT]]>@timconsidine if you want to route between the vlans and push them through the firewall you'll need to do a router on a stick configuration. That is where opnsense vlans will come into play. Unless u have a layer 3 switch.

]]>https://forum.cloudron.io/post/53490https://forum.cloudron.io/post/53490Fri, 16 Sep 2022 03:41:52 GMT<![CDATA[Reply to VLAN : on Opnsense or switch or both? on Sat, 27 Aug 2022 19:02:55 GMT]]>@doodlemania2 tahnk you also - good approach 👍

]]>https://forum.cloudron.io/post/52757https://forum.cloudron.io/post/52757Sat, 27 Aug 2022 19:02:55 GMT<![CDATA[Reply to VLAN : on Opnsense or switch or both? on Sat, 27 Aug 2022 19:02:27 GMT]]>@robi thank you - agreed 👍

]]>https://forum.cloudron.io/post/52756https://forum.cloudron.io/post/52756Sat, 27 Aug 2022 19:02:27 GMT<![CDATA[Reply to VLAN : on Opnsense or switch or both? on Sat, 27 Aug 2022 14:09:50 GMT]]>Agree with @robi here - keep it simple, do it in one place!

]]>https://forum.cloudron.io/post/52752https://forum.cloudron.io/post/52752Sat, 27 Aug 2022 14:09:50 GMT<![CDATA[Reply to VLAN : on Opnsense or switch or both? on Sat, 27 Aug 2022 13:15:52 GMT]]>Depends what you do with the switch..

Generally it's better to do it at the switch level and have one place to manage all VLANs / rules.

Upstream to the switch there doesn't need to be any segmentation (VLANs), unless you have special needs which you haven't mentioned.

Keep it simple and manageable 🙂

]]>https://forum.cloudron.io/post/52751https://forum.cloudron.io/post/52751Sat, 27 Aug 2022 13:15:52 GMT