VLAN for my wireless
-
Yes that's correct.
-
Hmm. I'm about out of ideas. That bridge config is something I'm not familiar with. Perhaps you make make a firewall rule on VLAN2 to specifically block port 67 & 68 from the Comcast IP?
-
If your getting an IP from a different dhcp server then you do not have your networks isolated like you think at L2..
"running pfSense bridged."
Why would you run it like that?
-
Yeah that's what I'm finding out. Not isolated the way I want. I want to be able to easily take the pfSense box out of line and just plug an ethernet cable from Comcast back into the switch and have everything work except for the External VLAN2 wireless. That's why I want to setup it up this way. They more I experiment and talk to people the more I think its not possible.
-
Is there some need to have it this way?
A more "standard" way would be a regular pfSense install, having the WAN allowed to use PrivateIPs (default is block), have LAN & VLANs on unique subnets, and leverage the firewall to allow things to flow through (for example, for VLANs to access a printer on the Comcast LAN.
-
^^^^
VLANs are typically used when multiple SSIDs are used. One application would be a guest WiFi, where guests, on their own SSID VLAN are only allowed access to the Internet, but internal users, with their own SSID can access the network, as well as Internet. -
Is there some need to have it this way?
A more "standard" way would be a regular pfSense install, having the WAN allowed to use PrivateIPs (default is block), have LAN & VLANs on unique subnets, and leverage the firewall to allow things to flow through (for example, for VLANs to access a printer on the Comcast LAN.
Basically just the reason I mentions above, about wanting to be able to easily take the pfSense box out of the equation and still have everything work except the VLAN2 Wireless. At this point I will either run pfSense as my full blown router or add another nic in it to be able to isolate the VLAN2.
-
Why do you not just connect pfsense wan to your current network… Then pfsense lan to this network your AP is on for your other SSID..
Now if pfsense is off or blows up or you pull it only thing gone is the 2nd SSID.
I don't see any reason to bridge anything on pfsense from what you have explained.
-
Why do you not just connect pfsense wan to your current network… Then pfsense lan to this network your AP is on for your other SSID..
Now if pfsense is off or blows up or you pull it only thing gone is the 2nd SSID.
I don't see any reason to bridge anything on pfsense from what you have explained.
The reason why I set it up this way is that with it bridged I can still see all the traffic flowing in and out of the network. I can filter the traffic, and still create firewall rules on the bridge limiting bandwidth to certain IP's.
-
And you could do all that with a nat as well..