Bedhedd's opnsense and wireless networking adventure

Wikis & How-to Guides
, ,
1

introduction

purpose of the post

I wanted to improve my home internet, as the wifi channels of my building was flooded with the ISP provided modems of my neighbors. The goal of this post is to explain my process, as well as, show how a newbie into networking can get into home networking with the help of the internet research. This can potentially be a lab that applies the concepts of the 099 networking series.

prerequisites

To be successful following this guide, you will need be comfortable with the following:

  1. Research on the internet (searching concepts in this guide or forum posts, watching tutorials, and reading forum posts)
  2. Installing a operating system to a computer
  3. Changing your OS’s network settings
  4. Doing firmware/bios/os updates

hardware used

This is the hardware I used for my home network.

https://support.ruckuswireless.com/products/79-ruckus-r710
There’s probably newer, better, or cheaper hardware, on ebay this is purely for your reference.

For this guide my computer is running Fedora 41 with cinnamon desktop. The network setup might be different for your computer. Use the internet to search for how to configure a static ipv4 address.

high level steps

If you already have this same combo of hardware and software running, you can follow these steps:

Otherwise, if these aren’t detailed enough, feel free to keep reading the steps further below. If you need help setting up the tech, I’ll link some guides I referenced from the original thread below

helpful resources

To get VLANs configured on the same type of hardware, you will need to have OPNSense installed, the network switch configured and accessible, and the unleashed firmware from ruckus.

OPNSense setup

I followed NetworkChuck’s guide and setup where my modem plugs into a port I designate as the WAN port and the other port plugs into the router I designate as the LAN Port

network diagram
network diagram1920×1080 253 KB

NetworkChuck uses PFSense, but the process is very similar for OPNSense

For the firewall setup in the later steps, this guide from Jim’s Garage was very helpful in setting up my subnets and dhcp.

netgear switch setup

Although this isn’t the same switch, the interface is very similar to the GS108PEv3
These videos show the interface and give a brief primer into setting up VLANS. For now watch and follow the setup section. You can just watch VLANs section to get a idea of it

To access the switch, you will want to plug in a ethernet cable from your switch to a computer. With the ethernet plugged in change the adapter’s ipv4 settings with a static ip address of 192.168.0.210 and a netmask of 255.255.255.0.

This page has guide for introducing vlans, if either of the videos did not make sense, you can read this

If you encounter any issues and lock yourself out of your switch when configuring the VLANs from the video or in the later parts, factory reset the switch using the following guide

ruckus r710 wireless access point setup

If you also bought a used r710 Wireless Access Point and flashed the unleashed firmware. To get unleashed setup, you’ll also want to do a factory reset. Follow the instructions from Ruckus’s support page
https://support.ruckuswireless.com/articles/000012418
Then follow the instructions to get the unleashed firmware
https://support.ruckuswireless.com/articles/000005720

If you encounter issues logging into the Access Point portal with the guide above, you will want connect your computer’s ethernet directly to a separate ethernet port (from the poe port) of the Access Point (AP). When connecting the access point over ethernet, make sure the power cable is plugged in (with ac power or poe ethernet port).

I learned how to set this up using this guide. If the link doesn’t work, use the internet archive version of the blog
https://www.florisbrunet.com/blog/recovering-a-ruckus-access-point-using-the-serial-port/

I used this setup

With your access point connected, set your computer’s ethernet connection with a static ip address of 192.168.0.100 and a netmask of 255.255.255.0

If you continue to get issues, make sure to find the firmware version closest to your current firmware

detailed steps

With your OPNsense router, Wireless Access Point, and Switch up and running, you can now setup VLANs. We are going to start with the Wireless Access Point, followed by the switch, and end with the OPNSense Router

  1. Configure the Wireless Access Point
    1. Log into the ruckus access point
    2. Create a new wireless network (SSID) within the Wi-Fi networks tab. Give it a name and password that you will remember. I used IOT as a test
    3. Click Show Advanced Options, within the menu, select WLAN Priority
    4. Navigate to the Access VLAN row, enter a number and note it down. In my case, I entered 30
    5. Save and apply the settings
  2. Configure the VLAN and tagging on the switch
    1. Log into the switch access point. Note down the ports that the Wireless Access Point and router are connected to
    2. From the home tab, click the VLAN tab
    3. Within the VLAN tab, select 802.1Q
    4. Within the left tab, navigate to Advanced and click on VLAN Configuration
    5. Select Enable within the Advanced 802.1Q VLAN Status under the Advanced 802.1Q VLAN
    6. Within the VLAN ID box in the VLAN Identifier Setting, enter the value you noted down in the previous section
    7. Navigate to and click the Add button. A new line item within the table will be added
    8. After adding the VLAN ID, navigate to the VLAN Membership section
    9. Within the Options tab, navigate to VLAN ID drop down menu. Select the VLAN ID. In my case it is 30
    10. Within in the VLAN ID, navigate to port and click on it until the port shows T. In my case, it is Port 2 (AP) and 8 (Router)
    11. After selecting the options, click the Apply button
  3. Configure OPNSense’s VLAN interface
    1. Navigate to the Interfaces tab, select the Other Types, and click on the VLAN option (selected in red)
    2. Click the red + boxed in red in the commands column
    3. Within the box, navigate to the Parent section, select the lan interface. In my case, it is igc1 ... [LAN]
    4. Navigate to the VLAN tag section, enter the VLAN ID we set previously on the netgear switch and ruckus ap. In my case it is 30
    5. Feel free to populate the Device and Description sections with names and descriptions that make sense to you
    6. Click save once you are finished populating the vlan fields.
    7. After adding the vlan, OPNSense will return to the Interfaces: Other Types: VLAN page, make sure to click the orange Apply button
    8. Within the Interfaces tab, navigate to the Assignments tab. Within the Interfaces: Assignments page, select the vlan we just created within the device drop down menu. In my case it is called vlan03 with the Tag:30 See the screenshots for reference
    9. Set a description that makes sense and click the orange Add button
    10. If you set a name or description, the vlan will show up as a interface with the name/description. In my case the default is OPT3
    11. Within the Interfaces tab, navigate to the newly created vlan interface. In my case it is OPT3
    12. Click the Enable Interface
    13. Scroll down to the Generic configuration section and click the IPv4 Configuration Type drop down menu.
    14. Within the drop down menu, select Static IPv4 option
    15. Scroll down to the Static IPv4 configuration section. Within the IPV4 address box, set a ip address that has the same first two values, within your network. If you have a default ip of 192.168.1.1, make sure the first half is 192.168. you can set the others values to ones you desire. Then click the orange Save button
    16. After setting the static ipv4 address, you’ll be prompted with this message, and click the orange Apply changes button
  4. Setup DHCP rules
    1. Navigate to the Services tab, select Kea DHCP [new], within the new Kea DHCP, select Kea DHCPv4. See the red box for the selection
    2. Ensure that the Kea DHCP service is running by checking if the following boxes are checked.
    3. Navigate to the subnets tab
    4. Create a new subnet by clicking the orange + button
    5. Upon clicking the orange button you’ll be prompted to edit the subnet. For the subnet, use the address we set in the previous section. In my case it is 192.168.20.0/24. For the ranges, use a address structured similarly to your subnet address. In my case, it is 192.168.20.100-192.168.20.199
    6. With the subnet and ranges setup, you can click the orange save button
    7. After saving the subnet, you’ll be prompted to apply changes click the orange Apply to apply the subnet
  5. Setup Firewall rules
    1. Navigate to the Firewall tab, select the Rules section, within rules, select the vlan interface created within the previous section, in my case it is OPT3
      • image
        image1600×900 73.1 KB
      • Note: by default, OPNSense will have a block rule for a newly created vlan interface.
      • Note: for this guide, we will allow all traffic to pass through
    2. Click the orange + button to add a new rule
    3. The page will redirect to the following page
      • image
        image1920×1001 70 KB
      • On this page, select the source drop down and select the interface name + net, in my case it is OPT3 net
    4. After selecting the source option, scroll to the bottom of the page to hit save
    5. With the options saved, you’ll be redirected back to the previous page and prompted to apply your changes. Click the Apply changes button
1 Like