Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mutli-Subnet for Guests

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V Offline
      vitoreiter
      last edited by

      Alright, so I have a basic pfSense setup, two NICs, one to modem and one to a switch. I run a small company and I want all my offices computers on a static IP of 192.168.1.1 which is the LAN interface so everything on there works including internet connection. However, I would like my guests computers or anyone that walks in and connects either WiFi or Ethernet to connect to a separate subnet of lets say 192.168.2.XXX. Whenever I try to force a systems IP to be in that new 192.168.2.XXX subnet it says that the IP must be in the LAN subnet 192.168.1.XXX.

      I just need to figure out what I'm missing here, if anyone could help I would be very grateful.

      Thanks,
      Vito Reiter

      1 Reply Last reply Reply Quote 0
      • V Offline
        vitoreiter
        last edited by

        Should add > I've setup these subnets with a VLAN thats on the LAN interface.

        1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator
          last edited by

          Do you have a switch that supports vlans?  Does your wifi support vlans?  What are you using for wifi AP?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

          1 Reply Last reply Reply Quote 0
          • V Offline
            vitoreiter
            last edited by

            I don't have any of that, I have a standard switch and my router isnt up yet but will be used as an access point. Is there a way I can do this even if it requires adding a NIC to the pfSense

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator
              last edited by

              Well if you don't have a switch that supports vlan, no you can not do vlans.  If your wifi does not support vlans, then no you can not do vlans.

              You can plug a wifi router as ap, or ap into a nic on pfsense and put that on a different network than another nic that was plugged into a dumb switch.  But you can not do multiple vlans on 1 physical interface without switch or AP with support for vlans.

              If you want to run multiple network segments I would really really suggest you get switch that supports that, they can be had for very cheap.  A 8 gig smart switch that does vlans can be had for like $40.  And AccessPoint that does vlans can be had for under $100.. The unifi AC lite for example is $89 and has support for 4 different SSID on both 2.4 or 5ghz so you could in theory have a total of 8 networks/vlans..

              You could use a different dumb switch for each network connected to a different pfsense interface, and then a wifi router used as AP for each different wifi network if you must.  But I would suggest buy the right equipment for the right job.  You don't use a hammer for a screwdriver ;)

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

              1 Reply Last reply Reply Quote 0
              • V Offline
                vitoreiter
                last edited by

                I'm understanding this, I know I'm looking for more of a half-assed way to accomplish this and I've thought of plenty of ways to do it without a VLAN supported hardware.. However, I think I'll just end up doing this the right way and purchasing the right equipment. Thanks for the help.

                1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  You can do it with dumb equipment and just nics in pfsense..  But you can not run more than 1 network on that interface or switch..  If you want to have a wifi that is for say employee's and another wifi that is for "guests" you would need 2 accesspoints or wifi routers that your using as ap.

                  So while it can be done.  With the cost of equipment that actually supports vlans, its pretty pointless to do with with dumb equipment.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                  1 Reply Last reply Reply Quote 0
                  • ? This user is from outside of this forum
                    Guest
                    last edited by

                    I don't have any of that, I have a standard switch and my router isnt up yet but will be used as an access point. Is there a way I can do this even if it requires adding a NIC to the pfSense

                    • Switch that is supporting VLANs
                    • The router in WLAN AP mode supporting multi SSIDs or two WiFi APs

                    Many routers are able to be flashed with alternatively firmware such as OpenWRT or DD-WRT, please have a look
                    on that and you will be perhaps able to flash that on your router and will be happy with that then. Then only a VLAN
                    capable switch will be needed for something around likes $25 or $35 for a Netgear GS105E or GS108E, that would be
                    sufficient enough for your doings.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ Offline
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      While sure some soho wifi routers running 3rd party firmware can support vlans.  To be honest just get an AP, pure and simple - I am talking a ceiling mounted POE accesspoint.  One that will give you great coverage and the feature set you want/need.. Vlans, airtime fairness, band steering, DFS channels, etc..

                      While 3rd party firmware can breath new life into some hardware..  Your still going to have some brick looking box with some antennas sticking out of it that needs to have a power brick next to it to work.. With shitty coverage area, etc.

                      Unless your talking wifi for 1 room and a few people, your better off doing wifi right and deploy the correct number of AP in the correct area's..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.