Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    VLAN : on Opnsense or switch or both?

    Off-topic
    4
    7
    98
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • timconsidine
      timconsidine last edited by timconsidine

      Can’t find good answers by internet search.
      Maybe I’m not seeing wood for trees.
      Thought maybe some wise person here can point me in right direction.

      New leased line to be made live this week (hopefully).
      Installed Opnsense on a mini PC.
      And have a 24 port switch to distribute connectivity (via patch panel to different rooms with wall ethernet ports).
      So leased line —> Opnsense box —> Switch —> patch panel —> rooms.

      I was planning to create VLANs for different groups (rooms) on the switch.
      But I see Opnsense has VLAN functionality.
      So I am confused whether I should set up the VLANs on Opnsense or on Switch … or both ?

      I’m thinking to keep it simple and do it on switch as I am not sure the firewall needs different rules for each VLAN.
      Primary objective of the VLANs is to segregate what devices the different user groups can see/access.

      • "war room” (my office)
      • family users
      • office tenant in building
        Firewall is just to implement basic “nothing in, anything out” policy, until I open up selected apps on server in war room.

      Is that the source of the answer?
      If VLANs have same firewall rules, do it on switch ?
      If a VLAN needs different firewall rule(s), do VLAN on Opnsense or just create rule for traffic to an address.

      Many thanks for voice of experience and wisdom.

      M 1 Reply Last reply Reply Quote 0
      • robi
        robi last edited by

        Depends what you do with the switch..

        Generally it's better to do it at the switch level and have one place to manage all VLANs / rules.

        Upstream to the switch there doesn't need to be any segmentation (VLANs), unless you have special needs which you haven't mentioned.

        Keep it simple and manageable 🙂

        Life of Gratitude.
        Life of Advanced Technology

        doodlemania2 timconsidine 2 Replies Last reply Reply Quote 1
        • doodlemania2
          doodlemania2 App Dev @robi last edited by

          Agree with @robi here - keep it simple, do it in one place!

          timconsidine 1 Reply Last reply Reply Quote 1
          • timconsidine
            timconsidine @robi last edited by

            @robi thank you - agreed 👍

            1 Reply Last reply Reply Quote 0
            • timconsidine
              timconsidine @doodlemania2 last edited by

              @doodlemania2 tahnk you also - good approach 👍

              1 Reply Last reply Reply Quote 2
              • M
                Mastadamus @timconsidine last edited by

                @timconsidine if you want to route between the vlans and push them through the firewall you'll need to do a router on a stick configuration. That is where opnsense vlans will come into play. Unless u have a layer 3 switch.

                timconsidine 1 Reply Last reply Reply Quote 2
                • timconsidine
                  timconsidine @Mastadamus last edited by

                  @Mastadamus thank you

                  Not currently expecting to route between the VLANs but will bear this in mind.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Powered by NodeBB