@as-21 said in DD WRT router as guest network with limted bandwidth:

What i basically want to do is DD WRT as separate network

Well that is not what you did - you just put in dd-wrt as a downstream nat router...

If you want it as a GUEST network - then use it as just an AP and connect it to another network on pfsense be it another physical interface on pfsense or via a vlan.

Use one of dd-wrt lan ports to connect it this new guest network, turn off its dhcpd and put its lan IP on whatever guest network you create on pfsense.. Setup the firewall rules to allow this guest to do what you want.

Does that switch you list do vlans?

Which is exactly what I was saying ;)

Correct, the patches above are copies of the changes made in the repository that will be used to build pfSense 2.4.4-p1. So not "hacks" exactly.

If it's all working for you now then there shouldn't be anything to worry about. When you upgrade to 2.4.4-p1 the manually edited files will be replaced with the copies from the new release, which already contain these changes.

Thanks for letting us know.

I would not waste money on dumb switch.. What you talking a couple of bucks difference? Dumb switch can work if you need to add ports to a specific vlan... But your not going to be doing your future self any favors.. You never know when you might want to put a port on a different vlan if you just use smart switches you can put any vlan on any port..

https://www.amazon.com/D-Link-EasySmart-Gigabit-Ethernet-DGS-1100-08/dp/B008ABLU2I/ref=sr_1_2?s=electronics&ie=UTF8&qid=1541606386&sr=1-2&keywords=dgs-1100-08
$35

https://www.amazon.com/D-Link-Gigabit-Unmanaged-Desktop-DGS-108/dp/B000BCC0LO/ref=sr_1_5?s=electronics&ie=UTF8&qid=1541606450&sr=1-5&keywords=dlink+switch
$30

Your going to kick yourself about that $5 if you need a vlan on that switch ;)

Is the switch's default gateway pfSense?

0_1541528363979_pfSense-Layer-3-Switch.png

lol, so many VLAN issues & misconfigurations in my lab (home network) now that I finally have a router online. Thanks for getting me pointed in the right direction on that roadblock that was killing me for days.

@it_dept thank you. I've been up for a couple days without sleep trying to figure this one out. The entire site with APs is back online.

You can try it and test it. I've never done it.

thank you for your inputs....

Ok my bad it works, if you look up last screenshoot you will know what I screwed up

@johnpoz

I have an automatic deployment system for my Cloud computing infrastructure and VPS. Then the system has a IP pool, this IP pool had been configured before in the pfSense, usually it is a VLAN. With private subnet I can easily create the VLAN of course and the ip allocation works really good. The problem is with Public IP, because my system that perform the automatic deployment was not made to go to the pfSense and perform an NAT 1:1, this is why I need the VLAN to be configure with the Public subnet. In the other hand I can not just create a new interface in pfsense and add there the public IP subnet, because since it is outside of a vlan, the clients using this subnet and interface will be able to see all traffic going through this interface and it does not looks good for anyone.

Do you have any suggestion? beside of moving out of OVH :D

thanks and all the best

Thank you. It looks like I managed to do what I wanted concerning VLANs & LAGG. Parent interface is deleted and I have connectivity.

I'll have to get a console cable as I bricked my switch management but.. could be worse ☺

Cheers

Does anyone know if this can be done with the SG-3100? I was trying to put the wan/opt1 ports into a lag, but it wont let you put any of them in a lag.. I'm guessing this is something you need custom hardware and dedicated nics for?

@johnpoz said in Is 2 NIC on one LAN on 2 different switch doable?:

Being limited to 100mbps at home would be like being force to go back to dial up internet.

Also, more and more gear now supports Gb, so might as well use it.

Natting your IP to your MAN ip not really the best way to do it to be honest. Both sides should just use the man as transit network. But if the other side not going to create the route then sure you can nat.

How many users will there be? NAT works by exchanging ports for individual addresses. If you have enough users and they're busy enough, you could run out of available ports. Large networks would use more than one public IP to avoid this.