val 🖤have recently been trying to work on revamping my home network. it's making me realize just how much networking knowledge I've forgotten and I'm really considering fully diving back into some books/courses to (re)learn.
got a Cisco Catalyst 1000 switch earlier this week to try to work on building out VLANs, and set it downstream from an existing opnsense appliance. immediately broke things in several ways.
first issue:
my plan was to use a brand new Asus router (one of the ones where you can use both UI and CLI to configure stuff) with just the 5Ghz radio enabled for my trusted VLAN, and then a second older TP-Link router with the 2.4Ghz radio enabled for my IoT stuff. idea was that i could easily sort them into VLANs since each would be connected to a single switch port and each served a distinct use case.
what i forgot was that when i upgraded routers earlier this year, i reused the same settings. so both routers had the same SSID/creds/etc and had both 5Ghz+2.4Ghz radios active. but i had already set the switch port for the old router to the appropriate IoT VLAN. this leads into the second issue that i discovered.
second issue:
when i configured the interfaces and VLANs on the opnsense appliance, i knew that it would create them as "separate" networks, but forgot that it would mean each would need their own firewall rules set up or they'd fall back to default deny.
so the laptop that i was using connected to the old router, which was behind a different VLAN than my regular LAN network that just had default deny rules in place. it took me entirely too long to figure out the problem and get everything set.
didn't help that a bit of the opnsense firewall rule configuration was confusing.
one would think that applying a direction of "in" would imply that the rule would apply only to traffic coming into the interface for the rule, but apparently it's the opposite. which meant that i kept setting up the rules incorrectly and wondering why the hell it wasn't working as expected.
MaazJitsu@valthir lol wait really? Is this how ACL rules are on opnsense?