Wireless card compatibility with pfsense
-
1, 2/ You do NOT want DHCP running on your AP, so just scratch it.
-
1, 2/ You do NOT want DHCP running on your AP, so just scratch it.
So… how would I send DHCP data to the wireless clients connecting to the AP? Are are you referring to the actual IP of the AP - that would be static. To be clear, it's the DHCP daemon I am referring to - not the client - on the AP itself.
-
Uhm, you enable DHCP server on pfSense.
-
Uhm, you enable DHCP server on pfSense.
I have a feeling you're trying to be helpful, rather than condescending.
I also have a requirement for MSSID, with each instance mapped to a unique VLAN/subnet. Not sure pfSense can accommodate this with regard to DHCP.
So, to simplify things, perhaps this would call for a solution where the AP itself is also a router (rather than a bridge), with its WAN NIC on the pfSense LAN subnet. An extra hop is added, I guess, but it's internal, so it should be negligible. This would resolve the DHCP "issue".
Thanks for your input.
-
Rather depends on the AP wifi and firmware. I can imagine this would be doable with some Atheros-based box and DD-WRT.
-
I also have a requirement for MSSID, with each instance mapped to a unique VLAN/subnet. Not sure pfSense can accommodate this with regard to DHCP.
Why not? The usual arrangement here would be to have the access point mapping each virtual access point to a different VLAN with all the VLANs trunked to pfSense. pfSense is then configured with those VLANs such that each VAP appears to be a separate interface complete with DHCP server, firewall rules etc.
Steve
-
I also have a requirement for MSSID, with each instance mapped to a unique VLAN/subnet. Not sure pfSense can accommodate this with regard to DHCP.
Why not? The usual arrangement here would be to have the access point mapping each virtual access point to a different VLAN with all the VLANs trunked to pfSense. pfSense is then configured with those VLANs such that each VAP appears to be a separate interface complete with DHCP server, firewall rules etc.
Steve
OK great - then I have some reading to do. Not quite sure where the .1q trunks are set up in pfsense, and how they correlate to the number of sub-interfaces I will require on the physical NIC (on the pfsense box) associated with the AP.
-
Not quite sure where the .1q trunks are set up in pfsense,
Nowhere as such. If you are using a particular physical interface as a "trunk", go to Interfaces -> (assign), click on the VLANs tab, click on "+" to create a VLAN you wish to add and fill in the details, click Save then click on the Interface assignments tab and click "+" to add the VLAN to the pfSense pool of interfaces. Your VLAN interface will now have an OPTx style name (OPT1, OPT2, etc) and you then go to Interfaces -> OPTx and fill in the details such as IP address etc then go to Firewall -> Rules to add rules to control traffic and then (optionally) go to Services -> DHCP Server to configure DHCP services on the VLAN.
-
Not quite sure where the .1q trunks are set up in pfsense,
Nowhere as such. If you are using a particular physical interface as a "trunk", go to Interfaces -> (assign), click on the VLANs tab, click on "+" to create a VLAN you wish to add and fill in the details, click Save then click on the Interface assignments tab and click "+" to add the VLAN to the pfSense pool of interfaces. Your VLAN interface will now have an OPTx style name (OPT1, OPT2, etc) and you then go to Interfaces -> OPTx and fill in the details such as IP address etc then go to Firewall -> Rules to add rules to control traffic and then (optionally) go to Services -> DHCP Server to configure DHCP services on the VLAN.
If I am understanding you correctly, this method sounds analogous to a method for creating a sub-interface on the physical NIC in other products. Therefore, I should create each additional "Optx" interface that I require, ensure that the MAC matches the original physical NIC, and map the isolated VLANs (and the subnets contained within each VLAN) to what I have created in my AP via the trunk. And then create a suitable policy/rule set for each one I create.
Having the ability to run a distinct DCHP daemon per sub-interface is an awesome option!
Thanks very much! Can't wait to try it out!
-
Sounds like you have the idea. Have fun! :)
Steve
