PFsense beginner help

rama3124

Hi
I'm a complete networking beginner and was hoping for some guidance regarding setting up a PFsense router/firewall at home. I currently have an Asus 88u main router with a secondary Asus 68u to setup AiMesh. There are about 30 clients in my house, most of them being on Wifi rather than wired and a lot of them are IOT devices.

My plan is to set up PFsense on an old Dell Optiplex desktop i have lying around so that i can create two VLANs (one for the IOT devices and one for the laptops & phones) to create extra security. I've been doing a fair bit of reading on PFsense but am unfortunately still very confused. Do i need the IOT devices connected to a seperate SSID for my plan to work? Because currently my wifi connects both our laptops and the IOT devices.

Also I understand i need to buy an intel NIC card with multiple ports to setup PFsense on the desktop. Would a dual NIC work for my setup since i mostly have Wifi clients? I have perhaps only 4-5 ethernet clients which are all adminstered through one unmanaged switch

My current plan is to buy an Intel I340 dual NIC and have one for the WAN and the other LAN to my Asus 88U router. The Asus 88u will be placed in AP mode and i can use the multiple LAN ports to provide connection to my wired clients through the unmanaged switch. Does this plan make sense or am i thinking of this completely wrong? sorry if this all sounds ridiculous, i'm still struggling to get my mind wrapped around all this networking stuff. Thanks in advance for any help you can provide

johnpoz

Do your AP support vlans? You can not run vlans over wireless without AP supporting them.

Also you really should have a smart switch, while it is "possible to run tags across" a dumb switch.. There is no isolation..

If you want to use vlans, your router, your switches and your AP all need to support them.

rama3124

The Asus 88u is running merlin software and i believe you can set seperate VLAN tags for the different SSIDs. I'm also more than happy to invest in a managed switch if these are better for the VLANs.

If my AP works with VLANs, do i have to have one SSID set up just for the IOT devices if i wish them to be on a different VLAN? E.g the 2.4GHZ SSID for IOT devices and the 5ghz SSID for the computers/phones

JKnott

@rama3124 said in PFsense beginner help:

Also I understand i need to buy an intel NIC card with multiple ports to setup PFsense on the desktop.

No. I have 3 NICs. One built in and 2 I added.

johnpoz

Unless you do dynamic assigned vlans, yes you assign vlan X to ssidX and vlan Y to ssidY be it they run on 2.4 or 5 band or both doesn't matter.