Giving DHCP to a VLAN TAG?
-
I love it! I think I might add that to my signature ;)
-
LOLZ too funny the picture
anyways, @johnpoz well my idea is to have the WIFI in the same subnet as my LAN 192.168.3.1/24 and then use VLAN tagg for another subnet 192.168.10.1/24. So if I understood correctly I would connect my AP to vr0 then would i enable DHCP? Because for my main subnet the DHCP is handled by windows server. Well I practically have my Nighthawk as a Switch i thought i could ditch it :(
-
so you want guest wireless while your normal wireless is on your lan segment..
then get a switch that understands vlans plug your AP into a switch port.. Trunk that port. Setup your ssid for whatever vlan you want, setup a relay/helper on the pfsense vlan to send the dhcp request to your AD dhcp server.. Not sure why wouldn't just let pfsense run dhcp for a guest vlan.
Why do you want to run 2 wireless networks if one of them is not a guest and isolated from your other network?
My guest network I don't even allow to query pfsense for dns or talk to pfsense in anyway other then ping for testing connectivity and pfsense hands out dhcp in this guest vlan.
-
allright im trying to replicate what i had on DDWRT see picture. The Unifi AP can handle VLAN TAGS, which therefore the AP would get the main WIFI 192.168.3.1/24 which is connected to vr0 then a tag VLAN(10) 192.168.10.1/24. The DHCP would handle windows server ONLY for the main WIFI 192.168.3.1/24 and for the guest 192.168.10.1/24 pfSense could handle the DHCP. The only part which im stuck is giving it DNSMasq for the DHCP on 192.168.10.1/24, or maybe im confusing myself or something? I was wondering how come i can do it on DDWRT but not on pfSense.
Thank you
-
you have "servers" on wifi?? WTF?? Why??
I run multiple vlans on pfsense without a problem - very common setup.
I have 2 physical networks lan 192.168.9.24 and wlan 192.168.2/24. On the wlan interface there are 2 vlans as well wlanguest 192.168.4/24 and ps3 192.168.5.24
How do you have this connected to pfsense and on what interfaces with what switch? The switch port to pfsense em2 is trunked allowing those vlans. The port connected to my AP is also trunked so it can carry the vlan 200. The port the ps3 is connected to is access in vlan 100
-
oooo snap…I think i get it now..see picture of your setup if im right. So your AP is broadcassing 3 SSID your wlan (192.168.2/24), your wlanguest (192.168.4/24) and PS3 (192.168.5/24). I guess i could try that but I was wondering if its possible for the wlan be 192.168.9/24 same as the LAN?
Thank you
-
https://forum.pfsense.org/index.php?topic=88942.msg491700#msg491700
-
Thanks Derelict So all i need is a managed switch that supports VLANS?
-
And an understanding as to what you're doing. Buying gear is easy…
http://www.amazon.com/D-Link-EasySmart-Gigabit-Ethernet-DGS-1100-08/dp/B008ABLU2I
-
no ps3 is not over the wifi, its a wired connection - I just leverage that physical interface vs my lan interface. The yes my normal ssid is on different vlan than my guestssid
And derelict is correct, just having a switch that supports vlan is not a lot of help if you don't understand the basics of vlans.
-
oooo allright, so in theory it would possible to have my LAN and WIFI in the same subnet if I would get a switch that supports VLANS?
EX: LAN:192.168.3/24–----- DHCP WINDOWS SERVER
WIFI:192.168.3/24------DHCP WINDOWS SERVER
GUEST WIFI: 192.168.10/24 (VLAN 100)-----pfSense DHCPAlso on a side note @johnpoz on your WIFI 192.168.2/24 did you enable DHCP? Because in my case the DHCP is handled by windows server so everything on the LAN and WIFI 192.168.3/24. Then I would let the pfSense handle the DHCP for the guests.
-
No. Different VLANs get different subnets. If you want them on the same subnet put them on the same VLAN or just use a dumb switch.
Look at the diagram I linked to again. It describes exactly how to put wifi together with some LAN hosts (VLAN 100) with a separate wifi VLAN for guests (VLAN 200).
-
What your dhcp server is doesn't matter as long as its on the same vlan, if you don't have a dhcp server on that vlan then you need a helper/relay that sends the dhcp request it sees on that vlan to whatever dhcp server has the scope for that network/vlan
this can be done on the switch or pfsense can do it as well, you just can not run a dhcp server if your running a relay. And keep in mind there are not automatic firewall rules if running relay. While if you run dhcp server on pfsense it auto creates the firewall rules that are hidden from the gui to allow dhcp server to get the traffic no matter what other rules you might have in place that would block it.
Yes you can do what your asking where your lan and wifi are on the same vlan, if you don't actually setup one then its vlan 1 or the native vlan without any tags.. Your vlan guest wifi vlan would be tagged.
Again without basic understanding of vlans your in for a bumpy ride..
Do some vlan basics
https://www.thomas-krenn.com/en/wiki/VLAN_Basics
http://www.firewall.cx/networking-topics/vlan-networks/214-vlan-concept.html
http://www.alliedtelesis.com/media/fount/how_to_note_alliedware_plus/overview_vlans.pdf
http://www.smallnetbuilder.com/lanwan/lanwan-howto/30071-vlan-how-to-segmenting-a-small-lan -
Thanks I will give it a try and keep you posted. But first i need to buy me the Switch. Right now I have the nighthawk r7000 ddwrt as switch and works fine with VLANS. But having it only as a switch is wasteful that why I would want to do the other method.
Thank again for everything
-
Hi,
Its me again ;D So i got me a EdgeRouter X which supports VLAN tagging. So what I did was to added 2 VLANS on my LAN (EM1)-
VLAN 2–--192.168.5.1/24-----on em1
-
VLAN 3----192.168.2.1/24-----on em1
Then on the firewall I would let all traffic pass just for now but when i connect to Guests Wifi i get the DHCP but no internet Also cannot ping pfSense 192.168.3.254 but I can ping my windows server 192.168.3.253
Did I miss something?
Thank you
See pictures
-
-
Are eth 0 (to pfSense) and eth2 (to the AP) tagged ports? Note that the way you have it, LAN is untagged and OPT1 and OPt2 are tagged.
My preference is to make everything on a trunk port tagged unless absolutely necessary.
-
hi there thank again for the reply derelict funny thing somehow DHCP was enabled on the ER-X so I turned if off and everything is now working i made a guide for anyone who needs help plus the other link on my signature for other guides
http://www.mediafire.com/view/fkrerw81szqat5t/Tutorial_on_Creating_VLANS_On_pfSense.docx
