Possible for Other Router to be DHCP Server instead of pfSense?
-
My home network uses a separate DNS/DHCP server from my pfSense router. I have ISC DHCP server and unbound DNS running on a Raspberry PI 3, and it serves both the main LAN and the guest network.
I had to add multiple IP addresses to the RPI NIC (2 VLANs) so that it sees both networks, but it works well.
It gives out addresses from the proper pools, using it's own address as DNS and the pfSense box as the gateway. Naturally, each network has it's own settings. DNS forwards to OpenDNS.The pfSense firewall has rules that keep the guest network off the LAN, except for a printer which I expose to the guest.
I was pretty much forced to set this up when I donated my pfSense box to a client as a spare when theirs failed, and I had to stuff a Cisco PIX into my home network. When I did that, I lost my pfSense DNS and DHCP, so I had to punt, and I cobbled together the RPI setup. I liked it so much that I added a LiFePo battery backup (http://lifepo4wered.com/lifepo4wered-pi.html) to it and have been running it nonstop for over a year. Even when I regained my pfSense appliance.
-
My home network uses a separate DNS/DHCP server from my pfSense router. I have ISC DHCP server and unbound DNS running on a Raspberry PI 3, and it serves both the main LAN and the guest network.
I had to add multiple IP addresses to the RPI NIC (2 VLANs) so that it sees both networks, but it works well.
It gives out addresses from the proper pools, using it's own address as DNS and the pfSense box as the gateway. Naturally, each network has it's own settings. DNS forwards to OpenDNS.The pfSense firewall has rules that keep the guest network off the LAN, except for a printer which I expose to the guest.
I was pretty much forced to set this up when I donated my pfSense box to a client as a spare when theirs failed, and I had to stuff a Cisco PIX into my home network. When I did that, I lost my pfSense DNS and DHCP, so I had to punt, and I cobbled together the RPI setup. I liked it so much that I added a LiFePo battery backup (http://lifepo4wered.com/lifepo4wered-pi.html) to it and have been running it nonstop for over a year. Even when I regained my pfSense appliance.
I see, thanks. So is your RPI NIC going straight to a wireless router just like in my situation?
-
I think your confused at what a dhcp actually does.. As stated by JKnott it hands out IPs and info for the client on the network, ie what gateway to use, ntp server, info about wpad, etc. etc..
Any device on your network can be dhcp. Now the ones that come with some soho router more likely than not going to be very limited in nature. Many can not even hand out a gateway address other than themselves. Or do other scopes at all.
Pfsense has a limit that it can not be a dhcp server for a network it does not have a interface in. But that is not a limitation of any real dhcp server.. Do you not have any boxes on your network running linux, bsd, windows even? Any these could run dhcpd..
What I don't get is why you think pfsense can not just be your dhcp server??? Do you have any downstream networks you need dhcp for so this is why you need a different dhcp server? You can run multiiple dhcpd on different layer 2 networks. Or you can run 1 with multiple layer 2 networks and relay of the dhcp info. Pfsense can be a dhcp relay, etc.
Just at a loss to why you want some soho router to be dhcp?? Unless you were running 3rd party the feature set of their dhcp servers is very limited.
-
I think your confused at what a dhcp actually does.. As stated by JKnott it hands out IPs and info for the client on the network, ie what gateway to use, ntp server, info about wpad, etc. etc..
Any device on your network can be dhcp. Now the ones that come with some soho router more likely than not going to be very limited in nature. Many can not even hand out a gateway address other than themselves. Or do other scopes at all.
Pfsense has a limit that it can not be a dhcp server for a network it does not have a interface in. But that is not a limitation of any real dhcp server.. Do you not have any boxes on your network running linux, bsd, windows even? Any these could run dhcpd..
What I don't get is why you think pfsense can not just be your dhcp server??? Do you have any downstream networks you need dhcp for so this is why you need a different dhcp server? You can run multiiple dhcpd on different layer 2 networks. Or you can run 1 with multiple layer 2 networks and relay of the dhcp info. Pfsense can be a dhcp relay, etc.
Just at a loss to why you want some soho router to be dhcp?? Unless you were running 3rd party the feature set of their dhcp servers is very limited.
Thanks!
1. I am aware that not just routers or pfsense machines can be DHCP servers too. Just that I am unsure how (or even, why) to let other machines be DHCP servers instead of these two devices.
2. I have tried letting pfSense become my DHCP server and then let my wireless router become a wireless AP. Sure, devices can get IP addresses and then connect to the Internet, but then I am unable to set up guest networks, which is why I needed to start this thread in the first place.
3. I was letting a SOHO/wireless router become my DHCP server as I am trying to keep my network as simple as possible (i.e. just buy a new router and that's it approach). The idea is to just get all devices connect to that, separated between personal network and guest network, and then through pfSense for its capabilities (e.g. dual WAN, HAProxy, multiple DDNSes). This worked until I realised that some of my devices are not getting IPs from the router.
Sure, "dedicated" APs like Ubiquiti's APs would have solved my guest network issue with VLAN tagging, but they cannot cover my entire house which means I won't solve my Wifi deadspots.
In short: I am replacing my AC66U with a Netgear Orbi to solve Wifi deadspots, but will like to retain guest network and pfSense functionality with the least amount of additional equipment whenever possible.
And no, currently AP mode on the Orbi does not have a functional guest network yet.
-
-
"Sure, "dedicated" APs like Ubiquiti's APs would have solved my guest network issue with VLAN tagging, but they cannot cover my entire house which means I won't solve my Wifi deadspots."
Huh? So you place them where you need them just like your plan for orbi - cheaper to boot!! And allow for better placement as well since they are POE.. If you really want to use wifi uplinks vs a wire. Wire is always best to connect your AP, they do sell mesh model now.
I currently see just 2 orbi at $380.. You know how many unifi AP you could buy for that? Even if you went with the PRO model at 130 you could get 3.. If you went with the lite model you could do 4 of them. And if your plan is to use pfsense - why would you want to or need to pay for the orbi router? If you want to move away from your typical flat 1 network home setup then yoru going to want smart switch(es) and AP that do vlans. Doesn't have to be unifi - but your going to want AP that can do vlans if your looking to segment your network.
That such a device would not allow for vlan tagging of SSIDs just blows my mind..
As to why you would run your dhcp server on something other than a router or "pfsense" because you want to have features.. Or for example you run AD, where you would want DHCP to be integrated with your AD as MS intends it to be, etc. You want to run dhcp for your whole network with multiple vlans and want a central dhcp server that can all of the scopes in one place, etc. etc.. You could prob write a whole book on dhcp design ;)
Is that a downstream router (L3 switch in router mode?) you show in your drawing.. Or is that suppose to be pfsense? Where is pfsense in that drawing?
-
"Sure, "dedicated" APs like Ubiquiti's APs would have solved my guest network issue with VLAN tagging, but they cannot cover my entire house which means I won't solve my Wifi deadspots."
Huh? So you place them where you need them just like your plan for orbi - cheaper to boot!! And allow for better placement as well since they are POE.. If you really want to use wifi uplinks vs a wire. Wire is always best to connect your AP, they do sell mesh model now.
I currently see just 2 orbi at $380.. You know how many unifi AP you could buy for that? Even if you went with the PRO model at 130 you could get 3.. If you went with the lite model you could do 4 of them. And if your plan is to use pfsense - why would you want to or need to pay for the orbi router? If you want to move away from your typical flat 1 network home setup then yoru going to want smart switch(es) and AP that do vlans. Doesn't have to be unifi - but your going to want AP that can do vlans if your looking to segment your network.
That such a device would not allow for vlan tagging of SSIDs just blows my mind..
As to why you would run your dhcp server on something other than a router or "pfsense" because you want to have features.. Or for example you run AD, where you would want DHCP to be integrated with your AD as MS intends it to be, etc. You want to run dhcp for your whole network with multiple vlans and want a central dhcp server that can all of the scopes in one place, etc. etc.. You could prob write a whole book on dhcp design ;)
Is that a downstream router (L3 switch in router mode?) you show in your drawing.. Or is that suppose to be pfsense? Where is pfsense in that drawing?
Thanks!
1. Yeah, I wish my house is fully wired with Ethernet ports in all rooms! That would have already solved my Internet issues… 3 years ago at least!
Anyway, yes, I need to use Wifi backhaul for this (i.e. "mesh" solutions). Unfortunately Ubiquiti's mesh solutions are not in Singapore (and even in Asia?) and it is unknown when will this change. Also, I will like to resolve this soon.
And yeah, it's not just you or me who are confused about the Orbi's features; from what I can see in NetGear's forums, VLAN tagging is one of the highly requested features of the Orbi.
2. Ah, thanks for telling me more about DHCP, I didn't know that there are more complex designs of such servers! Just that for the context of this issue, I am unsure if I will ever need these.
3. Sorry, let me label the rest of the icons properly!
-
-
You do understand the normal unifi AC AP can do wireless uplink.. If your having a problem with wiring. They are not just "mesh"
-
You do understand the normal unifi AC AP can do wireless uplink.. If your having a problem with wiring. They are not just "mesh"
Hmm wait, can the APs connect to each other wirelessly? I am asking as the AC66U will be replaced either by these APs or the Orbi. And I don't think I have seen anything like this mentioned in the manuals before…
Another thing that I am concerned about is the lack of Ethernet ports on these APs though, but I guess I will just go get a managed switch with more ports (but I am hoping it won't have to come to this since I just want to replace only the AC66U and be done with this problem lol)
-
I checked around a bit more, turns out Ubiquiti has such features; I wasn't searching with the right terms: https://help.ubnt.com/hc/en-us/articles/115002262328-UniFi-Feature-Guide-Wireless-Uplink
Now just to see if the prices are better and the trade-offs are ok
Also, I realised that in my earlier tests, I have forgotten to use the DHCP Relay feature in pfSense once I switched off its DHCP server! :-[
Let me test if this will make a difference or not
-
If what you want is wifi bridge to provide wired connections??
" I am concerned about is the lack of Ethernet ports on these APs though"
That is not really the job of a AP.. But you could check, I know the 2nd port on the pro is bridged to the other port and you can add a switch on the other port and more ports that way. But not sure when using wireless uplink? But it might be possible - check on the unifi forums. I know if you put a managed switch there then you could have multiple vlans there as well.
Why exactly can you not run a wire?? Normally you should run a wire!!! Then if you need more ports there, use a switch - hang an AP off that switch if you also need wifi in that area, etc.
-
If what you want is wifi bridge to provide wired connections??
" I am concerned about is the lack of Ethernet ports on these APs though"
That is not really the job of a AP.. But you could check, I know the 2nd port on the pro is bridged to the other port and you can add a switch on the other port and more ports that way. But not sure when using wireless uplink? But it might be possible - check on the unifi forums. I know if you put a managed switch there then you could have multiple vlans there as well.
Why exactly can you not run a wire?? Normally you should run a wire!!! Then if you need more ports there, use a switch - hang an AP off that switch if you also need wifi in that area, etc.
I am trying to provide both wired and wireless connections, hence my comment about the APs.
Actually, my very 1st idea to solve all these was to simply do Ethernet drops (i.e. running wires). I was stopped by my parents unfortunately, let's just say they don't want me to run wires around the house; engaging contractors for such stuff is disallowed in the same vein.
-
Well do your parents want good wifi or not? Hire someone if they will not let you run it.. Running some ethernet cable is not all that hard.. But this the proper way to provide both wired and wifi connections in an area. You need a wire to where you need wifi coverage so you can properly place the AP.. Any real AP will be POE If you wall need wired in that area - there you go you killed 2 birds with 1 stone.
-
If you house is wired for Cable TV you can also look at MoCA to get the AP/switch where it should be. I never have to think about mine and get 700Mbit/s.
-
Well do your parents want good wifi or not? Hire someone if they will not let you run it.. Running some ethernet cable is not all that hard.. But this the proper way to provide both wired and wifi connections in an area. You need a wire to where you need wifi coverage so you can properly place the AP.. Any real AP will be POE If you wall need wired in that area - there you go you killed 2 birds with 1 stone.
Parents want good wifi… but their definition is a bit looser than ours. ;)
Also, thing is, they don't even allow me to hire the people to do the Ethernet drops! The best they allowed so far is the Netgear Orbi (which I got last night), helps that my friend is willing to buy off my AC66U which will offset some of the costs.
-
If you house is wired for Cable TV you can also look at MoCA to get the AP/switch where it should be. I never have to think about mine and get 700Mbit/s.
I can't find any MoCA equiptment in the market so far. Also, I don't think it is allowed here…
-
allowed where? Why would there be a restriction on moca.. Makes zero sense..
-
allowed where? Why would there be a restriction on moca.. Makes zero sense..
Sorry, I thought there's a ban on MoCA for Singapore. I must have mixed up with something else.
Anyway, I am unsure the state of Coaxial cabling in my house and hence whether MoCA is feasible or not. The import prices and lack of local support for these equipment is not helping
-
Well if you can not run a wire, or use existing wiring like moca, how about powerline adapters.. which would be 3rd choice.. wireless uplink would always be last.