PfSense network topology question
-
Hi friends!
I came here to ask a question about the proper way to set up a network with a server running pfSense. My problem is than I have a server running pfSense. This server has one WAN and one LAN interface. Now the LAN interface is connected to a Fast Ethernet switch. A few ports on the switch are connected to LAN ports on wireless routers, using them as APs. Now, the question would be, is there a method with which i can connect my wireless routers to the switch using the routers WAN port instead of the LAN ports. Also, if possible, would there be a difference in performance, stability etc. Thank you in advance for your replies. Have a nice day!
-
Why would you want to use the wifi routers WAN ports if your using them as AP? Do you want to nat all your different wifi connects? Or are you asking how to bridge the wan to the lan to get a extra port? What model of wifi router are you using, many have this feature or if using 3rd party firm its possible.
The 1 wan and 1 lan is a very common setup of pfsense..
You ask about proper way, but then just ask about using WAN port on your AP??
-
Hi!
My current setup uses the routers as APs, but it is not a requirement. The routers are TP Link TL-WR841N. I would like to use the WAN port to gain an extra LAN port, and to see if it is possible to use the WAN port instead of the LAN port.
-
What does that have to do with network topology?
Well don't see anything in the manual - but looks like that is supported by dd-wrt, this should allow you leverage the wan physical port as just another lan port.
But if you ask me if you need more ports, just get a switch.. You state you only have fast, why not go gig.. To be honest even gig is getting slow for the home - I don't see how anyone could be using 100mbit on their local network.. I would go insane.. Unless you like watching paint dry, or grass grow sort of thing
-
So if I understand correctly, there is no way of using the WAN port for what it is built for. It bugs me a lot that I have to plug my cable to the LAN port instead of the WAN port, like a small home network. It just feels weird. Also, while we are here, can you clarify as for why i can not use the WAN port like a LAN port(on stock firmware)? What is the difference?
-
TL-WR841N is meaningless. There are like zillions of revisions of this… Useless info. (You cannot install DD-WRT or pretty much anything else on the überjunky variants with 2MB of flash.)
why i can not use the WAN port like a LAN port(on stock firmware)
Dude, ask TP-Link. Not us.
-
"like a small home network. It just feels weird. "
What??? Its a FREAKING port that since your not using it as a router, your not using.. Who cares.. Are you using all the other lan ports?
Any wifi router can be used as AP, as I expect you know turn of its dhcp, connect it to your network via lan = AP.
While it might not be exactly like the tp suff - here is example breakdown of internal wifi router
So you see how the wan port is in a different vlan of the other switch ports. This is why you can not use it like normal port - if the native firmware does not allow you to change that setup, or 3rd party does not then you can not use it. As dok so gracefully stated - ask them!
Its possible the cheap little devices your using do it a bit different, but this is one example of why you can not use them, unless you have way to change the config.
Again - get a real switch, not some 100mbit thing if you need ports. Get some real AP if you don't like having that WAN port stare out at you - real AP don't have "WAN" ports ;)
-
Thank you for your contribution johnpoz!
Your answer and drawing made it clear to me as why I can not use the WAN as LAN. BTW we are currently planning the upgrade to our system, that is why I wanted to make some things clear.
-
What is the stuff your looking for upgrade? What kind of budget do you have.. Can really get some good stuff for home budgets these days..
Huge FAN of the sg300-10 switch from cisco, $180 on amazon is a steal! Unifi make some very reasonable priced almost enterprise level AP $70, loaded features - controller in software, etc. etc..
-
We are planning on going all wireless. Having one server running pfsense and a switch (not cisco grade), and wireless routers would connect to a GE switch and act as APs probably. This would be the network of a dormitory with ~170 people. We think 10 routers would be enough for 50 rooms each having 3-4 people. What do you guys think? The budget is unknown. they told us to plan it and they will see. I think the routers would be TP-Link TL-WR1043ND.
-
so you would buy wifi routers to use for AP.. When your going to have 170 people?? WTF???
Get REAL AP, with REAL controller..
And does not cisco grade me like a dumb switch, not managed? Dude those wifi routes are not even 5ghz??
I would be looking a POE switch and real AP to setup such a network..
-
I've had great success with e2000 linksys with DDWRT using all 5 ports including the WAN, as LAN switch with wireless also.
I do agree with other's comments though - For so many people I would get a serious switch and a serious AP.
DDWRT doesn't make the best use of the hardware's ability where wireless is concerned.
It works, but not as well as a good dedicated AP that hasn't been tampered with would work.
-
People sweat the strangest shit.
-
We are planning on going all wireless. Having one server running pfsense and a switch (not cisco grade), and wireless routers would connect to a GE switch and act as APs probably. This would be the network of a dormitory with ~170 people. We think 10 routers would be enough for 50 rooms each having 3-4 people. What do you guys think? The budget is unknown. they told us to plan it and they will see. I think the routers would be TP-Link TL-WR1043ND.
You only need one router. You probably need about 10 access points. Maybe a couple more. Depends on the building construction and your flexibility in radio placement.
In that situation you can use just about any AP. Your problem is going to be coverage, noise, and signal strength, not density of clients. In a dorm/apartment/hotel scenario, you can't get enough clients connected to a decent AP to stress it (compared to, say, a stadium or a ballroom full of people).
Look at Ubiquiti. UAP-ACs (or UAP-PROs) will be more than good enough. In fact, with a bunch of walls between your APs, You might even be able to get 4 (or even 8) channels together in a reasonable manner and actually take advantage of AC.
-
"People sweat the strangest shit."
Depends on budget usually and application. I use DDWRT for small home purposes only.
Its definitely not an industrial strength solution.
-
I did some research about the mentioned UAP-AC and other APs and just wow… Amazing performance, specs etc. They claim that this AP can support 200+ users(if that is what concurring user means) at a time (if i read this correclty http://dl.ubnt.com/datasheets/unifi/UniFi_AP_DS.pdf). The building is a 90m long and is a two storey building with 50 dorm rooms and some other rooms. With these specs one UAP-AC would be enough but wouldn't that limit the bandwidth of one user (if we assume all people are on the network at one time) to 450 Mbps / 170 people = 2.65 Mbps? Because that is very low. This is of course when looking at the 2.4 GHz spectrum. Since we have a gigabit connection our theoretical maximum is somewhere around 0.75 MBps. I know we can not exceed this limit, when everybody is on the network. However i believe if we had only one router it would be under heavy load. I think 5 APs would be enought (tell me if not) to cover the whole building (not because of the range, these babys support up to 120m each) decently. The final setup would be something like Internet -> pfSense server -> 8 port GE switch -> POE adapters -> APs. Is this viable, what do you guys think? I need to plan this good because these cost 300 USD a piece.
-
If it were me i would stay away from PoE injectors, makes for a messy install. First your switch something like this will do: http://www.amazon.com/NETGEAR-ProSAFE-M4100-D10-POE-Ethernet-Managed/dp/B00AUEYX0Y/ref=sr_1_7?ie=UTF8&qid=1423997096&sr=8-7&keywords=poe+switch although me myself I would use this : http://www.ebay.com/itm/HP-Procurve-Switch-J8762A-2600-8-PWR-8-PORT-PoE-10-100-1x-Gigabit-Mini-GBIC-/171667808257?pt=LH_DefaultDomain_0&hash=item27f832e001
as far as the access point I have this one and it works quite well : http://www.newegg.com/Product/Product.aspx?Item=N82E16833168150 But choose what ever you like.
Wireless can be a little tricky so you have to do your homework. What you need is a site survey, So if you have a android phone get a app called "wifinder" and install it on your android phone. Then get a dual band Wi-Fi router and plug it in on your top floor and then wall around the floor and see how your signal is, if anywhere it falls down to 1 or 2 bars then I would mark the ceiling with a sticker or something indicating that a access point is needed there. If you are all good then go down the next floor and repeat the steps. You want to have a 10% - 15% overlap of your Wi-Fi signal that way your users will never drop a connection (If you name your SSIDs the same across APs)
-
I would like to know that can i use a poe switch with just regular devices? I think yes, but just wanted to make sure. I looked at the items you linked. They are good, but I can't just by them on ebay, they have to be sourced publicly. This network architecture has to be good for at least 5 years, that is why I think I will need the ac support and 5 GHz support.
-
If you want to take benefit of POE you need devices which is POE enabled. A POE switch can be used for none-POE devices but remember to disable POE on the ports in question.
-
I get it now, thank you.
