How to isolate DHCP Client from Static IP Clients?
-
My goal is to isolate my trusted devices from guest devices. Is it possible that I only use 1 interface (LAN) to do it? I have a DHCP Server in LAN, then all trusted devices have static IP. So for those devices getting IP from the DHCP pool, they will not be able to communicate with the trusted devices.
Background of the network setup: pfSense -> LAN ->Switch -> multiple APs. Those APs does not support VLAN. And all of them all plugging into the same switch. That's why I would like to simply isolate by static and non-static clients. Any advice would help, thanks!
-
@PzrrL said in How to isolate DHCP Client from Static IP Clients?:
then all trusted devices have static IP. So for those devices getting IP from the DHCP pool, they will not be able to communicate with the trusted devices.
NO... pfsense has zero to do with devices in the same network from talking to each other..
If you want to isolate your devices... Then get switches and AP that support vlans... Or use completely different physical networks... Ie different dumb switch, different AP.. Different interface on pfsense.
-
@johnpoz Is it possible to only have a VLAN capable switch, and without VLAN capable APs? Besides, how to isolate each devices in the same network (say I don't want them to discover each other)
-
Only one VLAN/SSID can be used that way.
-
you can for sure use vlan switch and dumb AP... You can assign what vlan the AP is on by what vlan you put the port they plug into on.
-
@johnpoz Thanks! I successfully created an isolated network by creating a VLAN based on my LAN, and set the VLAN tag in managed switch.