Giving DHCP to a VLAN TAG?
-
Thanks Derelict So all i need is a managed switch that supports VLANS?
-
And an understanding as to what you're doing. Buying gear is easy…
http://www.amazon.com/D-Link-EasySmart-Gigabit-Ethernet-DGS-1100-08/dp/B008ABLU2I
-
no ps3 is not over the wifi, its a wired connection - I just leverage that physical interface vs my lan interface. The yes my normal ssid is on different vlan than my guestssid
And derelict is correct, just having a switch that supports vlan is not a lot of help if you don't understand the basics of vlans.
-
oooo allright, so in theory it would possible to have my LAN and WIFI in the same subnet if I would get a switch that supports VLANS?
EX: LAN:192.168.3/24–----- DHCP WINDOWS SERVER
WIFI:192.168.3/24------DHCP WINDOWS SERVER
GUEST WIFI: 192.168.10/24 (VLAN 100)-----pfSense DHCPAlso on a side note @johnpoz on your WIFI 192.168.2/24 did you enable DHCP? Because in my case the DHCP is handled by windows server so everything on the LAN and WIFI 192.168.3/24. Then I would let the pfSense handle the DHCP for the guests.
-
No. Different VLANs get different subnets. If you want them on the same subnet put them on the same VLAN or just use a dumb switch.
Look at the diagram I linked to again. It describes exactly how to put wifi together with some LAN hosts (VLAN 100) with a separate wifi VLAN for guests (VLAN 200).
-
What your dhcp server is doesn't matter as long as its on the same vlan, if you don't have a dhcp server on that vlan then you need a helper/relay that sends the dhcp request it sees on that vlan to whatever dhcp server has the scope for that network/vlan
this can be done on the switch or pfsense can do it as well, you just can not run a dhcp server if your running a relay. And keep in mind there are not automatic firewall rules if running relay. While if you run dhcp server on pfsense it auto creates the firewall rules that are hidden from the gui to allow dhcp server to get the traffic no matter what other rules you might have in place that would block it.
Yes you can do what your asking where your lan and wifi are on the same vlan, if you don't actually setup one then its vlan 1 or the native vlan without any tags.. Your vlan guest wifi vlan would be tagged.
Again without basic understanding of vlans your in for a bumpy ride..
Do some vlan basics
https://www.thomas-krenn.com/en/wiki/VLAN_Basics
http://www.firewall.cx/networking-topics/vlan-networks/214-vlan-concept.html
http://www.alliedtelesis.com/media/fount/how_to_note_alliedware_plus/overview_vlans.pdf
http://www.smallnetbuilder.com/lanwan/lanwan-howto/30071-vlan-how-to-segmenting-a-small-lan -
Thanks I will give it a try and keep you posted. But first i need to buy me the Switch. Right now I have the nighthawk r7000 ddwrt as switch and works fine with VLANS. But having it only as a switch is wasteful that why I would want to do the other method.
Thank again for everything
-
Hi,
Its me again ;D So i got me a EdgeRouter X which supports VLAN tagging. So what I did was to added 2 VLANS on my LAN (EM1)-
VLAN 2–--192.168.5.1/24-----on em1
-
VLAN 3----192.168.2.1/24-----on em1
Then on the firewall I would let all traffic pass just for now but when i connect to Guests Wifi i get the DHCP but no internet Also cannot ping pfSense 192.168.3.254 but I can ping my windows server 192.168.3.253
Did I miss something?
Thank you
See pictures
-
-
Are eth 0 (to pfSense) and eth2 (to the AP) tagged ports? Note that the way you have it, LAN is untagged and OPT1 and OPt2 are tagged.
My preference is to make everything on a trunk port tagged unless absolutely necessary.
-
hi there thank again for the reply derelict funny thing somehow DHCP was enabled on the ER-X so I turned if off and everything is now working i made a guide for anyone who needs help plus the other link on my signature for other guides
http://www.mediafire.com/view/fkrerw81szqat5t/Tutorial_on_Creating_VLANS_On_pfSense.docx
