Hello Guys,
Got my TrueNAS build done and have setup OPNSense and an Access Point. Although, these are working fine as expected, i want to isolate my TrueNAS server and Access Point. After reading a few, i got to know about VLAN. I’m still very new to VLAN.
My question do i setup VLAN on the OPNSense only or on the main switch or both?
Thanks
VLAN == Virtual LAN and is used where you need to have one physical network connection contain multiple (virtual) network connections (local area network).
The way it works is that the default VLAN looks like normal traffic. Any of the additional VLANs will have their ethernet packets tagged with a VLAN ID. In theory, traffic tagged VLAN 2 would not see traffic tagged VLAN 3. The NIC would have to be configured for all the VLANs (default plus all the tagged VLANs) including an IP address on each of the VLANs.
Note that your switches will have to be configured for the VLANs as well.
You can use VLANs with OPNSense as well as with TrueNAS or you can use separate physical ports for each network. I generally use VLANs for internal networks and separate physical ports for DMZ and other external networks.
Note that heavy traffic one VLAN on a port will steal bandwidth from the other VLANs on that port. The port only has so much bandwidth.
Umm, sounds quite complex to me. What I never understood when one is using a single port on the switch, how come multiple devices can connect to the same physical port when each of these devices requires a physical port but one is already connected. I’m so much confused 
Networking (and by that I mean IP based ethernet networking) is not simple, but it is not terribly complex either.
I suggest you look for online resources to learn about IPv4 networking.
Then understand that each separate IPv4 network (address space) can be deployed as a VLAN.
But to get back to your original post, what are you trying to accomplish? The very short answer to your question of where to setup VLAN is on every device that needs to use the VLANs you are creating.
I have 4 separate networks internally at my house, but I am an outlier.
Plus a DMZ for resources exposed to the Internet.
Most home users have 1 internal LAN and the step up from that would be to add an IoT network in my opinion.
Yes, i want to do like that but how?
They cannot be connected directly. But multiple devices can be connected to the same port via a dumb (or smart) switch. Although, a dumb switch won’t help with isolation.
Well, technically you can have different networks on the same dumb switch, but it won’t be a true isolation, as a rogue host would be able to just change its ip (and thus a network).
