Newbie Restrict device to specific DHCP

Scarecrow4798

Newbie question

I've just started using pfSense and I'm trying so split up my network.

I have pfSense installed on an old desktop machine with a single network card so I'm using vlans to create a couple of interfaces.

VLANs
1 Main Lan network
99 Incoming internet connection
100 IOT

The problem.
Everything in the main VLAN gets an ip from the main DHCP server and can access the internet fine but I'm wanting to separate my IOT devices from the main network and not to be able to access the internet. I've set up a DHCP server on the IOT vlan but I'm unable to get them to get ip addresses from the IOT DHCP server. All my IOT devices are wireless and connect to an old Linksys router that I'm using as an AP.

Everything that connects through the AP gets an address from the main DHCP server but I'm wanting my IOT devices to use a different DHCP

Is there any way to do this or do I need another AP that sits on the IOT vlan?

newtork layout.png

viragomann

@Scarecrow4798 said in Newbie Restrict device to specific DHCP:

Everything that connects through the AP gets an address from the main DHCP server but I'm wanting my IOT devices to use a different DHCP

So did you configure the VLANs on the switch properly?
This let me suspect, that port, which the AP is connected to, is not cleanly segmented from the LAN.

Also you should not use VLAN ID 1. Some switches give this out on all ports. Maybe this is also applied to yours.

Scarecrow4798

@viragomann
Yes everything on the switch is configured correctly. If i plug a lan cable into the normal vlan port my pc shows up in the correct dhcp server and gets its address, if i then plug it into my IOT vlan it again gets a new ip on the IOT DHCP range.

My AP is just connected to a basic port with only vlan 1 and nothing tagged as my AP does not have any vlan capability.

viragomann

@Scarecrow4798
Is the DHCP server on the AP still enabled by any chance? And are the connected devices getting their IPs from it?

Scarecrow4798

@viragomann
No the only dhcp servers active are on pfsense.

Jarhead

@Scarecrow4798 said in Newbie Restrict device to specific DHCP:

Is there any way to do this or do I need another AP that sits on the IOT vlan?

No, you can't do that. The AP will need to support vlans since you're trying to push both vlans through it.
So you will need another AP, or did you try to install OpenWRT on it? That would support vlans.

Scarecrow4798

@Jarhead

Might have to look into dd-wrt as apparently it supports vlan stuff and I know I've an old router that I can flash with different firmware

viragomann

@Scarecrow4798
I was assuming, that all your AP-connected devices should be within IoT VLAN and there is no other VLAN available on the switch port. In this case, the AP would not need to support VLAN, you only have configure the switch properly.
But if you want to have multiple wifi VLANs, then of course you need a VLAN-capable AP.

Scarecrow4798

@viragomann
Flashed my spare d-link dir-615 with openwrt and after watching a couple of videos I've managed to get it working. It's now running 4 vlans each with there own said and thus means each AP has its own rules making it much easier to split up my network.

Thanks for the help.everyone