MultiWAN - Seperate LAN segments to designated WAN interface



  • Hi,

    Is it possible to (for example) have 2 different DHCP pools, and each pool points to a specific WAN interface?

    I am going to have a setup that has 2x WAN interfaces, and it would be beneficial to put the VOIP on one WAN interface, and the internet traffic on the seperate interface.

    Am I right in thinking that with Load Balancing the WAN port, the IP's of (for example) SIP phones could change, and therefore the connections to the VOIP server would become unstable?

    Thanks for any tips!



  • Is it not possible?


  • Netgate

    Yes, except there is no (easy) way to tell this group of MAC addresses to be assigned out of this pool that that group of MAC addresses to be assigned out of that pool.

    You can have one DHCP pool, say 192.168.1.225 - 192.168.1.254, and assign dynamic addresses out of that, then set static mappings from 192.168.1.33 - 192.168.1.62.

    You then policy route traffic sourced from 192.168.1.224/27 out one WAN and traffic from 192.168.1.32/27 out the other.

    Just an example. Complete flexibility exists in subnetting choices.

    Else put your voice devices on one subnet/vlan and everything else on another and policy route the interface networks as desired. Then they could both be dynamic pools.

    You might be able to do something with the MAC address allow/deny lists in the different pools but I have never done it. Maintaining static mappings is probably more straightforward and easier. If you are dealing with a set of phones in specific OUIs or something it might be workable.



  • Thank you @Derelict

    I could very easily just map static IP's on the same subnet to the phones - is there a guide or instructions on how I could route a range of IP's (192.168.1.40 - .50) to use one WAN connection?

    Thanks again


  • Netgate

    Search for Multi-WAN.

    https://doc.pfsense.org/index.php/Multi-WAN

    Instead of a gateway group you can just use the gateway for a specific interface.



  • Thanks again @Derelict

    I found that doc before I posted here, it's very structurred but very vaque in the actual configuration hence why I am a little stuck on this one!


  • Rebel Alliance Developer Netgate

    If all of your VoIP phones are from the same OEM then using the MAC address controls is much easier than statics.

    For this example, we'll say your Phone MACs all start with "aa:aa:aa".

    First, setup your DHCP server so it has two pools

    On the pool for the USERS, add "aa:aa:aa" to the MAC Deny list. This will ensure that your phones cannot pull an IP address from that pool, but everyone else can.
    On the pool for the PHONES, add "aa:aa:aa" to the MAC Allow list. This allows your phones to pull an IP address from that pool and nobody else can.

    Then you can match and policy route the pool ranges as needed.

    If your MACs are inconsistent or you have a mix of brands then statics may be easier.



  • Wow, thanks @jimp - great suggestion!

    I haven't purchased the phones yet but will be doing so soon.

    Once I have both static pools (either by mac or static designation) setup, how do I say "Pool X use WAN X" and "Pool Y use WAN Y"?

    Thanks


  • Rebel Alliance



  • Is this how you do that?