Help with simple home config

gjaltemba

Confused with that statement by gjaltemba - pfsense is more than capable of running multiple dhcp servers as long as pfsense has an interface in that network be it physical or a vlan..

Agreed but pfSense is limited to one subnet per interface (physical or vlan). Correct?

Asuswrt gui gives the false impression that a Guest Network in AP mode will restrict access to your LAN but it does not.

So a no cost solution would be to define vlan in switch. Asuswrt gui does not support vlan but I am going to try with ssh and script.

I have a computer that could use a dual port pcie x1. Thanks for the link.

guest.PNG_thumb

Derelict

Agreed but pfSense is limited to one subnet per interface (physical or vlan). Correct?

In pfSense one physical interface can host multiple VLAN interfaces.

Example

Create VLAN 10, 20, and 30 on eth0

Assign OPT1 to VLAN 10 on eth0
Assign OPT2 to VLAN 20 on eth0
Assign OPT3 to VLAN 30 on eth0

Create a switchport with tagged VLANs 10, 20, and 30 and patch it to eth0.

gjaltemba

Sorry I meant that pfSense dhcp server is limited to one subnet per interface. Correct?

Derelict

Yes. If that's insufficient use helpers and another DHCP server.

tax4p

That IO CREST card it's the first dual PCI-E x1 NIC I've ever seen, I thought they were only available in PCI-E x4.
Anyway, I can't buy it from amazon spain, and the cheapest price I've found (buying it from spain) it's > 50€.
I can get an IBM PRO/1000 PT Dual Port PCI-E for 25€ with 1 year warantee, but I will have to sacrifice one of the PCI-E x16 ports I'm using, so I'll think about it. I've got an LSI card in passthrough for a NAS4free VM that is using just 3 sata HDDs in RAID Z1. If nas4free can use those same disks in RDM (Raw Device Mapping)
http://vm-help.com/esx40i/SATA_RDMs.php
without losing their data in ESXi, I will probably replace the HBA card for a dual NIC card, I have to see if that is possible, I've never used RDM disks in ZFS before.

@gjaltemba:

@johnpoz:

Confused with that statement by gjaltemba - pfsense is more than capable of running multiple dhcp servers as long as pfsense has an interface in that network be it physical or a vlan..

Asuswrt gui gives the false impression that a Guest Network in AP mode will restrict access to your LAN but it does not.

So a no cost solution would be to define vlan in switch. Asuswrt gui does not support vlan but I am going to try with ssh and script.

I don't understand what you mean, at least now in my Asus DSL-N16U the wifi guest networks (I can have 3 apart from the regular wifi) are isolated from each other and from the main LAN if I mark "Intranet Access". Or aren't they really isolated?. I can access this router through telnet, but no ssh access

@Derelict:

Agreed but pfSense is limited to one subnet per interface (physical or vlan). Correct?

In pfSense one physical interface can host multiple VLAN interfaces.

Example

Create VLAN 10, 20, and 30 on eth0

Assign OPT1 to VLAN 10 on eth0
Assign OPT2 to VLAN 20 on eth0
Assign OPT3 to VLAN 30 on eth0

Create a switchport with tagged VLANs 10, 20, and 30 and patch it to eth0.

this seems a no cost solution that would let me have two separate LANs.

I really apreciate all your help, guys..many different points of view always open new perspectives.

johnpoz

"this seems a no cost solution that would let me have two separate LANs."

?? Been talking about vlans as options since first post. But your AP has to support them if you want more than 1.. You could put the wifi on its own vlan if you want via just your switch and pfsense.. But that does not allow you to have say ssid Users on vlan 10 and ssid Guest on vlan 20 unless your AP support that..

But sure if you just want to isolate your AP to its own vlan - then sure create the vlan on pfsense, do the vlan on your switch and connect the AP to a port on switch in the wireless vlan..

As to the x1 nic - there are a few other options, that was just 1 found.. If you want to play with vlans - get a AP that supports them.. I know for sure you can get unifi AP pretty much every country..

http://www.amazon.es/UBNT-UniFi-Access-Point-Standard/dp/B00HYW94J0/

tax4p

I wanted (I still want) to know which are my options. For example, using the switch I can have 2 LANs if I also use both routers behind it (The Asus and the old Xavi 7968 I mentioned before, or the Asus and the Raspberry Pi 2 etc…).

On the other hand, there's probably some option around here (in iptv or guests wifi) I could use

At the openWRT wiki there's a page for the Asus DSL-N16U where they talk about its VLANs:

http://wiki.openwrt.org/toh/asus/asus_dsl-n16u

Derelict

Why are you asking for help with those devices here?

johnpoz

Those devices guest networks only work when they are the GATEWAY!!! If you had them NAT all traffic from that device no matter what ssid they were on or wired would still just like the wan IP of that device.

If you use it as AP and turn off its dhcp and connect it to your wired network that is on a pfsense network that is the network your clients will be on.. Be it your lan, or a vlan you setup on your switch and connect to pfsense.

If you WANT to have multiple vlans based upon SSID then you need a AP that supports doing that, switch that supports vlans and setup the vlans in pfsense..

It always confuses me when users have lots of hardware, lots of computer clients and then they balk at spending a couple more bucks to do something correctly.. Get an AP that supports vlans and your all set.. Its 70 euro in that link I provided, this seems very low cost if you add up all the other costs of hardware you have already spent money on and this is something you want to do.. Vs some wifi dongle in a raspberry pi as your AP???

tax4p

@johnpoz:

You could put the wifi on its own vlan if you want via just your switch and pfsense.. But that does not allow you to have say ssid Users on vlan 10 and ssid Guest on vlan 20 unless your AP support that..

But sure if you just want to isolate your AP to its own vlan - then sure create the vlan on pfsense, do the vlan on your switch and connect the AP to a port on switch in the wireless vlan..

That's what I'm going to try, that works for me. And if I can repeat the same proccess twice (I create a 2nd vlan in pfSense, then I define that 2nd same vlan in the switch and I attach another device behind them) will let me have a 2nd vlan…but if it doesn't, It's not a problem at all, I can perfectly work with just one LAN

@Derelict:

Why are you asking for help with those devices here?

well, I think it's a good site to ask&learn about many things related to pfsense (probably the best site in internet) and being my network and most of its devices managed by pfsense, I thought this forum could be a good place to learn from the experience of other pfsense users. Yours, for example, have been very helpful, pointing the way to config the vlans.

@gjaltemba:

@johnpoz:

Confused with that statement by gjaltemba - pfsense is more than capable of running multiple dhcp servers as long as pfsense has an interface in that network be it physical or a vlan..

Asuswrt gui gives the false impression that a Guest Network in AP mode will restrict access to your LAN but it does not.

So a no cost solution would be to define vlan in switch. Asuswrt gui does not support vlan but I am going to try with ssh and script.

I still cant understand what you mean about guest networks.
Your suggestion of defining the vlans in the switch etc is what I'm going to try
But anyway, even having just one LAN, if I just can use the Asus DSL N16U as wifi Access Point without any isolation, that would work for me.