Intentional Asymmetric Routing to a VLAN.
-
OK over wireless I looked at the LAN setup on the AP and it has NO gateway. Only on it's WAN interface can you set up a gateway, which I am not using.
I will have to pick it back up tomorrow. I added the outbound NAT with "IPv4* any to any" rules on both interfaces, but still no joy.
I will have to pick it back up tomorrow evening after work. I will do some investigating on my own to see why it will not connect to it. But many thanks for all the advice.
If I figure this out on my own, I will post back so others can benefit from the solution.
Phizix
THANKS AGAIN!
-
Yeah if your using a old wifi router as AP, most native firmware does not allow for setting a gateway on lan side... You might be able to run some 3rd party (openwrt, dd-wrt, etc) they allow it.
If not its a simple source nat to allow such a setup to work.. Or you just admin from that same network or via wifi.
Other option - is some native firmware allows you to set a route - even if not a default gateway, where you could set a router to your lan network. That it would use.
To be honest the correct solution - which cost money ;) Is to get a real AP when your wanting to move into more complex setups where everything is just one flat network. Vs just leveraging some soho device not meant for such setups.
Get real AP that can do vlans, and real switches that can do vlans, etc. It can be done on the cheap, when budgets are limited.
-
I was mostly using this as a learning experience. I have only been "pfSense-ing" for a couple of weeks.
The funny thing is if I connect to one of my main switch ports on the same VLAN (90) that is upstream of the AP itself, I can connect to the interface by IP.
In any case thanks again!
Phizix
-
Well yeah sure - your on its same network, no need for gateway or route ;)
see my edit - when you start to move away from toys, its time to move into real equipment that supports more sophisticated setups.. But there is a cost to doing that ;)
While many users love to use pfsense in their home setups, its is more than capable of being used in an enterprise - and supports enterprise sort of setups.. But to do that - you need equipment that also supports these more advanced features.
-
I plan after all this COVID-19 period to get a better AP for this, but for now the Guests get the older equipment - ;-)
Phizix
-
There are many reasonable priced AP that can do vlans, and more features.. Along with switches - a 40$ smart switch can do vlans.. So you can move into a more robust and secure and feature rich network without having to have enterprise budgets ;)
And for sure you can piece meal it, start small add this, and then that, and then upgrade.. Not like you have to spend $$$ to get the ball started ;) The big piece you have already done with moving to pfsense ;) And that is FREE ;) hehehe
When I first started upgrading my network not that long ago I was running pfsense as VM on esxi, on old n40L microserver - now it running on a $750 sg4860 for my home ;) hehe.. So yeah you can spend money - but it can be done cheap if need be.
-
@johnpoz said in Intentional Asymmetric Routing to a VLAN.:
There are many reasonable priced AP that can do vlans, and more features.. Along with switches
Avoid TP-Link on both. Some models don't do VLANs properly.
-
I have a 12 port 10G (each port) switch as my backbone and a 10 port (8-1G : 2-10G) switch as a remote switch in the bedroom. Both are NetGear ProSafe - they work great and are MUCH better than their consumer line. The trunk between them is LAGG {2x10G}.
My machine has a 10G Intel card and I am getting a 10G Intel card for my wife's computer and a non-Intel 10G (probably Aquantia chipset) card for the kids' computer.
The SG-5100 has a LAGG from two of the 1G ports to the backbone.
The one WAN is 400Mb/s and the other is 45Mb/s and is set to balance at 5:1.
Works really well.Phizix
-
Dude then your way ahead of me ;) You just need an AP to work with such speeds then.. And vlans!
Got you beat on wifi and wan speed atleast ;) And I am doing 2.5 (802.3bz) between my pc and nas atleast - hehehe
I have 500 down internet ;)
-
I have an Asus RT-AC88U as my non-Guest WiFi AP - 1G link to the backbone. Next year I am going to go to an AX router in AP mode for non-Guest.
My Synology NAS is on a 2x1G LAGG. And my two older NetGear NAS boxes (for backup) are on 1G links.
Cheers!
Phizix
