I am about to buy 2 or 3 AP 6 Pro access points. Everything I read here makes me enthusiastic about these devices but I do have a couple of questions.
My current setup is:
Server running OPNsense directly connected to a Huawei ONT (fiber)
OPNsense is DHCP and DNS server for everything in my home.
Firewall rules separing networks are defined in OPNsense
I have different SSIDs on the DAP-2695s , all of them with a different VLAN ID
Based on that VLAN ID, I separate the different networks wifi networks:
Guest : cannot connect to Lan / Internet only
Captive Portal on OPNsense allowing access using vouchers (username/password)
IoT: can only be reached by some of the systems on the LAN, but not all
IoT devices can connect to the internet.
Lan: the network for the in crowd
Can connect to LAN, Cameras, Internet etc
So in my current setup, VLANs are defined on the access points, everything else is defined on OPNsense (static leases, firewall rules, dns entries, etc)
Can someone confirm that this setup is also possible on the AP 6 pro?
Welcome to the community! Yes, this definitely would work, especially if the AP is really only handling VLANs and the rest of the logic is handled on the server running OPNsense.
You can assign a VLAN per SSID in the traditional method, as you did with the DAP-2695s. Alternatively you could assign VLANs (and more) to different passwords on the same SSID. That could allow you to reduce the amount of RF overhead by cutting back on SSIDs, if that was desirable.
Please let us know if you have any further questions, happy to help!
For the multiple password /vlan on single SSID feature : would it be possible to assign a vlan when NO password is provided, which would then transfer a guest to the captive portal? (where vouchers are used)
I ordered 2 but only ended up needing 1! These AP 100% outdo my old Unifi kit.
I personally use 2 SSIDs, 1 for IoT as some devices didn’t like switching between 5Ghz and 2.4. So forced them on 2.4. Then a main SSID with multiple passwords for different VLANs (MGMT, Guest, Main LAN). For ref my router is a PaloAlto with multiple VLANs with PiHole for DNS.
As for your question, I don’t believe you can have one SSID that has Passwords and No Passwords. So it would need to be a separate SSID. I think you can sign up to the controller so you can have a play whilst you wait for them to arrive!
No problem! @WhyAydan is correct, there is one authentication mode per SSID. You would need a second SSID in that case, and you would then set the default VLAN as desired.
Well, you were right about that. I spend more time on arranging a free port on my PoE switch and setting up VLANs on that same switch than on actually getting my new access points to work. Your reply taught me that you can actually setup your network without a device.
So once the access points arrived, it was a matter of:
Connect to RJ45
See device appear in the management interface
“Color the device”
Done
And I could have skipped step 3 : I made all my networks green in stead of black (as that is my favourite color )
The next Switch that I am buying will most certainly be an Alta (pfff, how I struggled with the Cloud interface of my current switches (of another brand)
)access points, D-link DAP-2695-A1 running OpenWrt.
)
.