Need some ideas

  • Hello,

    I am looking for suggestions on how to implement a solution for my situation. I am hoping it is not complex and that it is possible.

    First what I have:

    1. pfsense running on Qotom Q355G4 i5 5250 (installed and configured with pfsense but it has not replaced my router yet)
    2. D-Link - DGS1100 - Easy Smart Switch - 8 ports managed switch
    3. Ubiquiti - Unifi AP AC Pro (on order - awaiting delivery)

    What I am looking to do is:

    Have multiple SSID's.
    1. One SSID for General use for household members (This could be 2 one for 2.4GHZ and 5GHZ radios)

    2. One SSID that when selected by devices will use VPN connection (PIA + OpenVPN)

    3. One SSID for Guest network (probably only 2.4 GHZ)

    I am wanting some advice on how to go about implementing this. I am a Noob to pfsense but know linux and can tinker with FreeBSD on command line if needed.

    I do realize this might not be specific to pfsense. But does apply to wireless configurations. Just want to seek input from others on how best I can get this done. I am open to ideas, and as such feel free to suggest what would be the best way to configure my home network.

    I get 100Mbps down / 20Mbps up through Cox Communications.

    Let me know if there are any questions that would help in suggesting a solution, I will respond ASAP.



  • Galactic Empire

  • First off, ensure the access point supports multiple SSIDs and VLANs.  Then configure as required, with the VPN SSID/VLAN configured to use the VPN as the default (upstream) gateway.

  • LAYER 8 Global Moderator

    "3. Ubiquiti - Unifi AP AC Pro (on order - awaiting delivery)"

    They do… If you disable uplink monitoring you can have 8 SSIDs, so 8 different vlans if you want.  Or if you use dynamic assigned vlans you could have many many more. Since the vlan would be assigned to the client when it auths.  If not your limited to 4 SSIDs per band... You could use 4 on 2.4 and 4 different on 5 if you wanted too. Or 8 and 8 if turn off monitoring and wireless uplink feature.

    Dynamic assigned based on MAC on psk networks is working now even.  This allows you to have 1 ssid for your IoT devices and assign them to different vlans based upon their mac..  Pretty slick ;)

  • Galactic Empire

    Get the switch connected to pfSense and start configuring the vlans that you need, there's no need to wait for the access-point to turn up.

    You'll also need firewall rules on the vlan interfaces your creating.

  • Hello forum,

    I need some help. I am not a networking expert. I am a noob to pfSense.

    I have my set up functional as this:

    Internet –> Cable Modem --> pfSense (Qotom) --> Dlink Switch (DGS1100 - 8 port easy smart) ---> Ubiquity AC Pro AP.

    The way configured now is simple. No Vlans defined. That is the part I need help on.

    What I want to accomplish is to have an SSID defined which will always route traffic via openVPN client (PIA). I have not defined the client yet - but I will be doing so once I am able to define vlans.

    Should I define Vlans on pfSense and also on Dlink Switch? If yes how do I instruct the Vlan defined on pfsense to use a specific port of the switch?

    The dlink Switch is only accessible on its own default IP. Should I connect to it and change it to an static IP of my choice so that I can access the web GUI of the switch?

    The Unifi AC Pro AP also has capability to identify the vlan for wireless traffic. So I must probably identify the tag for specific vlans for a particular SSID. Am I right?

    Appreciate the time spent on responding to my questions.



Log in to reply