Mutli-Subnet for Guests
-
Alright, so I have a basic pfSense setup, two NICs, one to modem and one to a switch. I run a small company and I want all my offices computers on a static IP of 192.168.1.1 which is the LAN interface so everything on there works including internet connection. However, I would like my guests computers or anyone that walks in and connects either WiFi or Ethernet to connect to a separate subnet of lets say 192.168.2.XXX. Whenever I try to force a systems IP to be in that new 192.168.2.XXX subnet it says that the IP must be in the LAN subnet 192.168.1.XXX.
I just need to figure out what I'm missing here, if anyone could help I would be very grateful.
Thanks,
Vito Reiter -
Should add > I've setup these subnets with a VLAN thats on the LAN interface.
-
Do you have a switch that supports vlans? Does your wifi support vlans? What are you using for wifi AP?
-
I don't have any of that, I have a standard switch and my router isnt up yet but will be used as an access point. Is there a way I can do this even if it requires adding a NIC to the pfSense
-
Well if you don't have a switch that supports vlan, no you can not do vlans. If your wifi does not support vlans, then no you can not do vlans.
You can plug a wifi router as ap, or ap into a nic on pfsense and put that on a different network than another nic that was plugged into a dumb switch. But you can not do multiple vlans on 1 physical interface without switch or AP with support for vlans.
If you want to run multiple network segments I would really really suggest you get switch that supports that, they can be had for very cheap. A 8 gig smart switch that does vlans can be had for like $40. And AccessPoint that does vlans can be had for under $100.. The unifi AC lite for example is $89 and has support for 4 different SSID on both 2.4 or 5ghz so you could in theory have a total of 8 networks/vlans..
You could use a different dumb switch for each network connected to a different pfsense interface, and then a wifi router used as AP for each different wifi network if you must. But I would suggest buy the right equipment for the right job. You don't use a hammer for a screwdriver ;)
-
I'm understanding this, I know I'm looking for more of a half-assed way to accomplish this and I've thought of plenty of ways to do it without a VLAN supported hardware.. However, I think I'll just end up doing this the right way and purchasing the right equipment. Thanks for the help.
-
You can do it with dumb equipment and just nics in pfsense.. But you can not run more than 1 network on that interface or switch.. If you want to have a wifi that is for say employee's and another wifi that is for "guests" you would need 2 accesspoints or wifi routers that your using as ap.
So while it can be done. With the cost of equipment that actually supports vlans, its pretty pointless to do with with dumb equipment.
-
I don't have any of that, I have a standard switch and my router isnt up yet but will be used as an access point. Is there a way I can do this even if it requires adding a NIC to the pfSense
- Switch that is supporting VLANs
- The router in WLAN AP mode supporting multi SSIDs or two WiFi APs
Many routers are able to be flashed with alternatively firmware such as OpenWRT or DD-WRT, please have a look
on that and you will be perhaps able to flash that on your router and will be happy with that then. Then only a VLAN
capable switch will be needed for something around likes $25 or $35 for a Netgear GS105E or GS108E, that would be
sufficient enough for your doings. -
While sure some soho wifi routers running 3rd party firmware can support vlans. To be honest just get an AP, pure and simple - I am talking a ceiling mounted POE accesspoint. One that will give you great coverage and the feature set you want/need.. Vlans, airtime fairness, band steering, DFS channels, etc..
While 3rd party firmware can breath new life into some hardware.. Your still going to have some brick looking box with some antennas sticking out of it that needs to have a power brick next to it to work.. With shitty coverage area, etc.
Unless your talking wifi for 1 room and a few people, your better off doing wifi right and deploy the correct number of AP in the correct area's..
