How Many Concurrent Wirelessly Connected Devices Can pfSense handle at once?
-
@coltonyyz yes pfSense can route for 200+ concurrent clients. I have personally managed pfSense with 1000+ concurrent users.
Take a look at the minimum hardware requirements https://docs.netgate.com/pfsense/en/latest/hardware/minimum-requirements.html
And Hardware Sizing Guide - https://docs.netgate.com/pfsense/en/latest/hardware/size.html
You don't really need big extensive hardware to route 1GB network. Need enough RAM for state table but even 8GB would be considered plenty for most. Although depends if you want to run VPN or packages such as Snort.
-
@coltonyyz
Hey there,
Are all those IoT devices bound for wlan (and can be managed)?
What must pfsense provide for them, do they need any contact with pfsense at all, since it is quite commen having home assistant and devices share the same vlan / network? -
@coltonyyz said in How Many Concurrent Wirelessly Connected Devices Can pfSense handle at once?:
So I have installed pfSense and I am now hoping I can figure out a way to have all our IoT devices connect to (1) SSID. What am I to do?<<
Do you have switches and APs that support VLANs?
I would create VLAN for IoT devices and assign the SSID to this VLAN.
For comparision here is Unifi lineup
https://ui.com/wi-fi#compare
-
So I am embarrassed to admin, I am a noob at all this. I've used pfSense a couple years ago to create a network that utilized my VPN, using a Dell Optiplex machine I had laying around. That's as far as I went with it - eventually going back to my Velop system.
At this point, I basically have a blank canvas. What I mean is, looking at hardware by the manufacturers, there doesn't seem to be a router (or access point) by itself that can handle 200+ concurrent devices. This is when I realized that perhaps using pfSense because with it, comes added security and VPN if we so chose to use them. Like a complete package all built into one "pfSense Router".
For this to work, Home Assistant will be utilizing Tuya's developer account for Smart Life devices. We have TPLink (Tapo), Zigbee, and Zwave devices, just to name a substantial list of device manufacturers.
We are open to buy a small mini-PC or something that would handle all this traffic. The unit I have installed pfSense on right now would not work long term, but it will at least allow me to learn and then transition this knowledge to a permanent machine.
So that's where we are at. LOL
-
@coltonyyz hey there,
Well, it is never too late to use pfsense.
:)
Zigbee devices i.e. use their own network. Devices that are permanently connected to your electric system act as routers, sensors and such (running on battery) are not. Together they build their own mesh. You do not (and cannot usually) mange them as to configuring wlan and such.
Other IoT stuff uses wlan (like your mobile devices) and can be configured.
There are a handful of protocols being used...zigbee being a very common one.
Since you cannot mange those they find no place in pfsense gui to work with. Same for APs...they do their own.
Wlan devices you can manage and configure pfsense (dhcp i.e., vlan, rules...). In most user cases I have read about, these are in the same network or vlan as your home assistant device. So pfsense would not even see that traffic, it does not need to be routed.
So, in case all your IoT devices would use wlan...you would need a good set of APs...and a rather normal router. -
@coltonyyz said in How Many Concurrent Wirelessly Connected Devices Can pfSense handle at once?:
or access point) by itself that can handle 200+ concurrent devices.
Not sure where you came up with to be honest.. The unifi AP can handle 300+ connection even the U6 lite.. Just keep in mind what sort of bandwidth requirements are needed.. Wifi is shared bandwidth, so its not like 200 clients going to be able to all download at gig at same time ;)
And then from the AP to the network, even when wired has limitation of normally a gig. the Enterprise model can have a 2.5ge uplink.. Some models of AP might do link aggregation and use say 2 wired connections.
How big of area do these 200 some devices cover? More than likely you would be spreading their connections over multiple APs..
Even in my small home with 30 some wifi devices - they all don't connect to 1 AP.. I have 3 APs in different areas of the home. Devices on one side of the house connect to the AP in the guestroom, stuff in the center of the house connect to the center hallway AP, stuff on the other side of the house connect to the Kitchen AP.
Now there is overlap and devices are normally in range of multiple APs - they connect to the one with the better signal, etc. And the AP have a min rssi set, so devices that have a shitty connection, the AP tells them to go away ;)
Stop thinking in terms of some device that does it all.. like your typical soho wifi router - which have always sucked to be honest when it comes to good wifi in anything but very small home.. Sure you can connect to it on the other side of the house - but the connection is going to suck, and a sucky connection only drags down performance of other devices on the same AP..
Do you think offices have only 1 AP? Or a plant floor - no there are multiple AP spread across the service area.. For 1 single AP to cover hundreds of connections you prob in a very dense setup.. And while sure the AP can handle the amount of connections - bandwidth shared with even 100 wifi users on their phones for example prob going to suck from a users perspective.. Now if these devices are iot sort of things that only need a few kbps or mbps of bandwidth that is another story, and sure can be done.
If you have a really dense device deployment - they make say the XG model
https://store.ui.com/products/unifi-xg-access-pointHas a 10ge interface, and says it can handle like 1500 connections.
-
@johnpoz Hey, thanks for reply! I spoke with TPLink and Linksys today and both advised me that they didn't have a device that could handle 200 IoT devices concurrently. So I am not surprised hearing contradicting info from you. And by the sounds of it, you know more about this than the agents did.
Anytime I have tried setting up an access point, it seems as though it's using the DHCP server from the main router. In the past couple days, I have learned (now don't make fun of me cause I have never taken any courses on DHCP) that there are many subnets outside of 255.255.255.0 and using those other subnets, for example /23 (255.255.254.0) will give me just over 500 IPs. So I would use 10.0.0.1 to 10.0.1.254.
If I was to setup 3 access points (basically one in each bedroom and one in the living room - which is probably overlapping a fair amount), I could tell each one to use a range within the /23 subnet. Now would each access point bare the workload - spreading out the workload I mean, versus the main router baring all of them itself? If true, in theory, the router sees the access point as 1 device and not 51 devices (AP and 50 IoT devices) correct?
-
@coltonyyz There are a few levels going on here.
An access point can handle "n" devices depending on its hardware. More expensive = faster = more.
A router doesn't particularly care about the number of devices. It cares more about the number of connections, i.e. does each device connect out every 10 seconds or every 10 minutes. Also how much bandwidth is it using per connection, as moving packets quickly takes more CPU. pfSense doesn't have limitations like cheap routers....thousands of simultaneous connections (a.k.a. "states") are fine. By contrast some ISPs limit that in their routers...AT&T business Internet at least used to do that. So for pfSense there is RAM and CPU power, and a fairly old PC is sufficient for both.
Most people would set up a mesh system so devices could connect to any of the APs, and move around. Alternatively you could set up 3 different wireless networks and connect each device to one of them. That's fine for IoT but less fine for, say a laptop or cell phone which may remain connected to the second floor AP and have a weaker signal when downstairs.
In short, whether 50 devices are plugged into a switch or funnel through a wireless AP is irrelevant to pfSense.
HTH,
-
To be clear though you have posted this in the wireless section and I would not try to do this using a wifi NIC in pfSense directly. I doubt any supported wifi hardware would support 200 wifi clients dircetly without issues.
That's no problem for a decent external AP though, or several perhaps.
pfSense itself would have no problem with that number of connected devices as a router/firewall.Steve
-
@coltonyyz said in How Many Concurrent Wirelessly Connected Devices Can pfSense handle at once?:
As the title states, I am looking to find out how many devices pfSense can handle concurrently. Can pfSense can handle 200+ concurrently connected devices?
There are more points then this we should know first
about all you needs or the use case of your clients.Do they only email and surf or watch they all video
and push big files or much files?If your equipment is strong (powerful) enough you have no problems at all with pfSense.
At the WiFi section you may go with Layer3 Switches they route the entire WiFi traffic and some wifi ap´s from ubiquiti or less but more strong ruckus or aruba wifi
ap`s depending on the area you need to cover up.But building a pfSense with captive portal and voucher
system and the vouchers will be send over sms is also
nice to handle that amount of clients fast and fine.What is your equipment and what is your budget will
round up all the points at least.