Change VLAN's on a schedule / cronjob?
I don't currently have access to my pfSense network so couldn't mess around with it on my own yet.
I was wondering if I could reassign VLAN's on a schedule or with a cron job?
I'll be getting AT&T FTTP installed soon and apparently their gateway sucks, doesn't support true bridged mode, and is required. ::)
The best workaround I've found online is simple but not clean.
Basically you connect the ONT to the ATT Gateway via VLAN's, let the ONT authenticate the gateway then swap VLANs with the gateway and pfSense so that pfSense is now on the VLAN with the ONT and the gateway is not. Apparently this works just fine.
The downside is that it apparently re-authenticates every 14 weeks requiring you to swap it back into the network.
The upside of the downside is that this re-authentication apparently works like clockwork down to the second.
My thought was to try doing the VLAN switching on pfSense and use cron to automate that so I can just put it all in a closet and walk away.
Will this work?
If not I've seen some documentation about gaining root access on my switch via telnet (Zyxel GS1900) so maybe I can schedule it there?
Apparently there is a linux eap_proxy workaround as well, but nothing for FreeBSD.
luckman212 LAYER 8 last edited by
That's an interesting idea but sounds utterly disastrous if something goes wrong and you're not there to fix it. I wouldn't really trust a script to go switching interfaces/VLANs that could bring down my network. Verizon FIOS has similar issues when you don't use their crappy equipment… some have suggested putting a switch in between the ONT and pfSense and then cloning the MAC address of the ISP gateway so they will basically both get to talk to the ONT ... Llink to a big thread on that setup is below. It's hacky as well but it might be an option if you really need this, and doesn't require any scheduled script.
yeah, that is the process i was trying to automate on my switch.
Apparently some have had success with simply setting pfSense WAN to DHCP and then you don't have to run through the process every 14 days.
Honestly though, I agree. All of the options sound really hacky and reliable.
Everything goes out the window if the connection resets for any reason and I'm not home to fix it.
If I don't hear of something more reliable I'll probably just run the gateway in their crappy pseudo-bridge mode.