![]() You could assign unused ports to the GUEST network or to a sinkhole network with no network access. When using the default “VLAN 1” as your management network, you need to be sure to assign all unused ports to a VLAN to avoid unwanted devices on your management VLAN. The primary reason is the security concern of users plugging devices into ports that are not assigned to any VLANs since they would have access to the most sensitive part of the network. Some users prefer to set up a dedicated management VLAN where all network infrastructure can be managed and avoid using the default untagged network, which is often depicted as “VLAN 1” on network switches. ![]() In the example described above, it is important to note that the management LAN interface (where all of the critical network infrastructure will be managed) will only have untagged network traffic while the LAGG interface will only have tagged VLAN traffic. The network will use dual stack IPv4 & IPv6*.Other devices will be connected to the network switch in various VLANs.A wireless access point with VLAN support will be connected to the network switch to provide wireless for the networks.Two interfaces on the OPNsense box will be set up as a LAGG (link aggregation) to the network switch to provide extra bandwidth/redundancy across networks and will only contain tagged VLAN traffic.The LAN interface will be connected to a smart/managed network switch to be used as a dedicated management interface and will only contained untagged network traffic.The modem is connected to the first port of a four port OPNsense box for the WAN interface.The connection from the ISP will utilize a modem or a modem/router in bridge mode (to avoid double NAT).The example network will assume the following architecture: In the end, you have to decide what meets your needs the best. I am not endorsing or claiming that this architecture is the best way to implement your home network – it is simply one way you could implement it. In some cases I may refer to other guides I have written if you wish to go into more depth about a particular topic.ĭisclaimer: Please consider that I am merely presenting one network architecture that may be used as a reference. I personally prefer to use managed network switches which have a web interface for configuration rather than switches which only provide a command line interface (even though I am not personally afraid of using the command line).īecause there is so much to cover, I will attempt to be more concise than usual in certain areas. ![]() Therefore, you will have to adapt this guide to the hardware you are using. When it comes to the network switches and wireless access points, I cannot include an example of all varieties of those products. Much of this guide will be focused on OPNsense configuration since it lies at the core of the network infrastructure, but I will also discuss managed switches and wireless access points. While beginners may follow this guide, this guide is aimed towards individuals which already have some background knowledge on networking but wish to take their home networks to the next level. However, I thought it would be helpful to create one comprehensive guide which pulls together many concepts to demonstrate how all the pieces fit together using a real world example. I often write about specific networking topics in an effort to limit the scope of each topic being discussed. I feel this would be a good first step in learning how to build a more advanced home network since it provides a basic foundation on which to build upon. In that guide, I only demonstrate using the LAN interface with a single VLAN where untrusted devices may be placed. The beginner’s guide focuses more on the bare minimum requirements to get started with building a full network using OPNsense. Since the publication of this guide, I have written a new guide which is aimed more towards beginners. Connect switch to OPNsense and the AP to the Switch. ![]() Change the Switch’s Interface IP Address.Physical Diagram of Network Infrastructure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |