Looking for pointers on segregating WiFi utilizing shared bandwidth.

  • Hello.

    I currently have a dual WANsingle LAN setup where the great majority of incoming traffic uses one WAN and the users on the LAN also use the same WAN as their default gateway. The second WAN is there primarily for backup but we also push some services in that way and use it for VPN tunnels.

    We are about to double the bandwidth on that second WAN with the intent of splitting some of it off for wifi within our building. I'm trying to get some pointers on how best to split off a portion of the bandwidth (if that's even possible) and how to ensure that the WiFi users have ZERO access to the existing LAN on the private side of things.

    I'm currently running 2.2.6 becasue I've had some problems when attempting to upgrade to 2.3.3 but intend to get to the newer version before this next step. As it stands, my hardware device running pfsense has 6 GigE ports, of which I'm using 4. Two are WANS, one is the LAN and one is a backup WAN in case of dual failure.

    The backup WAN that I intend to use for this WiFi segment could have a switch installed between the handoff and the pfsense so I'm wondering if I have to find a WiFi system that will limit the bandwidth and keep pfsense out of the picture (and therefore negate the need for segregation of LANs) or if I feed a second port on my hardware with another connection to that WAN's egress and configure my WiFi devices under another port as a secondary LAN that's forced via the newer WAN and somehow can limit bandwidth.

    I apologize if this in an unclear description and will try to clarify if needed. I'm looking for pointers as to which services/systems within pfsense nanobsd I could use to accomplish this and how best to assure that the existing LAN would be 100% safe from any WiFi LAN clients.