How should I segment IOT on a single wireless AP

Sterling · April 5, 2024, 3:20pm

I have a wireless router set in bridge mode behind my home (opnsense) router.
I have about 6 personal devices (tablets, phones) and about 6 IOT devices (switches, TVs).
Only one or two of the personal devices is really much used at all.

I would like to segment the IOT devices onto a separate network just for security purposes.
I could turn on the “guest network” access on the wireless router, but in “bridge” mode I’m not sure how effective that would be.

My mind is racing with ideas. But I don’t have the experience to know which ways are better than others.

I do have a spare port on my home router, and I had an old WAP hung on there (for this purpose), but a bit of a pain to configure and I’d like to eliminate it if I can.

Thanks
Sterling

Paul · April 5, 2024, 3:30pm

Bridge mode normally switches off the wireless on the device, as you have disabled the routing capacity on the router / firewall

Do you have any network switches in the network, as these need to be managed for vlans for work.

Get yourself a wireless access point that supports vlans, on opensense ports configure vlans if the devices connecting to it are vlan aware - switches, access points

If the old wap does support vlans, you can configure vlan for the guest network, you will have to configure the port on opensense to have the same vlans

Have a look at this video - gives you more info on how vlans works https://www.youtube.com/watch?v=fsdm5uc_LsU