Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    802.11ac support

    Scheduled Pinned Locked Moved Wireless
    22 Posts 7 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      You can do without a managed switch if you can connect the AP directly to the firewall in most cases.

      Steve

      1 Reply Last reply Reply Quote 0
      • W
        Wastapi
        last edited by

        Our topology

        WAN - pfSense - Unmanaged Switch - Wifi Router (as AP)

        -Employees would connect to Wifi Router with employee SSID get access to whole LAN
        -Guests would connect to Wifi Router with Guest SSID get access wan only
        -Employees would connect to Unmanaged Switch (wired) get access to whole LAN

        Makes sense?

        T 1 Reply Last reply Reply Quote 0
        • NogBadTheBadN
          NogBadTheBad
          last edited by NogBadTheBad

          So the ethernet connection comes out the router to a switch and an AP is connected to a switch ?

          How are you setting up this "Wifi Router"?

          Andy

          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Until you actually test it it will be impossible to know if that unmanaged switch will pass the required VLAN from the AP to pfSense.
            Much better to either use a managed switch that definitely will pass VLANs oe connect the AP directly to pfSense.

            Steve

            JKnottJ 1 Reply Last reply Reply Quote 0
            • T
              tman222 @Wastapi
              last edited by

              @Wastapi said in 802.11ac support:

              Our topology

              WAN - pfSense - Unmanaged Switch - Wifi Router (as AP)

              -Employees would connect to Wifi Router with employee SSID get access to whole LAN
              -Guests would connect to Wifi Router with Guest SSID get access wan only
              -Employees would connect to Unmanaged Switch (wired) get access to whole LAN

              Makes sense?

              The Asus Router administration software does allow the ability to enable a Guest Network and disable access from it to the local intranet:

              https://www.asus.com/support/FAQ/1009855/

              This would be one option if you're looking to keep things simple (e.g. just one LAN subnet) and don't need more advanced SMB/Enterprise capabilities (e.g. multiple VLAN's, subnets, SSID's, etc.)

              Hope this helps.

              1 Reply Last reply Reply Quote 0
              • W
                Wastapi
                last edited by

                Or should I install an extra LAN card on the pfSense to hold the AP?

                WAN - pfSense

                pfSense - Unmanaged Switch (for wired only)
                pfSense - AP (for wifi only)

                Yet I don't want to have a different AP for Guests and for Employees (budget)
                And I feel that placing the AP (a router) between the pfSense and the Unmanaged switch is weird.

                NogBadTheBadN 1 Reply Last reply Reply Quote 0
                • T
                  tman222
                  last edited by

                  It depends how you want to set things up:

                  Ideally LAN, WiFi, and WiFi Guest Networks would all be on separate subnet's (VLAN's) to allow for fine grained access control (since traffic would have to go across the firewall first for any of the subnets to speak with one another). However, if you want to keep things simple, you can put your WiFi and LAN clients on the same local subnet by using e.g. the router I linked to, turning it into AP, and then enabling the guest network on it for guest clients (which will only have access to the internet but not the local subnet).

                  What security requirements do you have, and which type of setup do you prefer?

                  JKnottJ 1 Reply Last reply Reply Quote 0
                  • NogBadTheBadN
                    NogBadTheBad @Wastapi
                    last edited by

                    @Wastapi said in 802.11ac support:

                    Or should I install an extra LAN card on the pfSense to hold the AP?

                    Nope you'll need two APs if you do this.

                    You need a switch that does VLANS and an AP that does VLANS.

                    Drawing1.png

                    Andy

                    1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      You can just connect the AP directly to a NIC in pfSense and have multiple VLANs on that. You don't actually need a switch there.

                      For most installs it's just much easier to use managed switches because of the physical locations involved. APs like to be up high in the center of the coverage area and firewall is probably nowhere near.

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • JKnottJ
                        JKnott @stephenw10
                        last edited by

                        @stephenw10 said in 802.11ac support:

                        Until you actually test it it will be impossible to know if that unmanaged switch will pass the required VLAN from the AP to pfSense.

                        Here is a list of Ethernet frame types. Any switch that can pass every one of them is defective.

                        PfSense running on Qotom mini PC
                        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                        UniFi AC-Lite access point

                        I haven't lost my mind. It's around here...somewhere...

                        1 Reply Last reply Reply Quote 0
                        • JKnottJ
                          JKnott @tman222
                          last edited by

                          @tman222 said in 802.11ac support:

                          However, if you want to keep things simple, you can put your WiFi and LAN clients on the same local subnet by using e.g. the router I linked to, turning it into AP, and then enabling the guest network on it for guest clients (which will only have access to the internet but not the local subnet).

                          Strictly speaking, you can use VLANs with an unmanaged switch, with pfSense and the AP configured to support the VLANs. Other devices on the network will just ignore the VLAN tagged frames. However, for a business installation, a managed switch is always a good idea and the proper way to do this in that environment.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.