Advise on pfSense and Tomato with Guest Wireless

  • Hi,

    I would like to have some suggestions as to whether I have this setup correctly or is there a more efficient way of accomplishing this.  The main goal is to have the WAN, LAN, Home WiFi and a Guest WiFi.  I will list the equipment.

    Pfsense box
    LAN  -> ----> 8 port switch -----> Asus RT-66U with tomato installed.  Port(1).  Home WiFi
    OPT1 -> ---------------------------> Asus RT-66U with tomato installed.  Port(2)  Guest WiFi

    ASUS RT-66U

    VLAN's are setup
    VLAN1 - Bridged to LAN, Port1, Port3, Port4 are selected, but not tagged
    VLAN2 - Bridged to WAN
    VLAN3 - Bridged to LAN1, Port2 is selected, but not tagged.
    LAN1 -

    DHCP is not enabled on the tomato, it is enabled on the pfSense Router.

    Everything works like it should, but was wondering if this is the correct way.

    PS:  What if there was no 3rd NIC in the pfSense box?

    Example is attached.


  • Hi kshays,

    If you had no 3rd NIC on your pfsense you would tag all VLAN's on the LAN NIC and on the switch uplink port (trunk).

    You would then untag/tag ports on your switch as per requirements. In your example you would:

    Switch Port 1 - Tag VLAN1 & 3 (as it's carrying both Secure WiFi and Guest VLAN traffic to the ASUS RT)
    Switch Port 2 & 3 - Untag VLAN1

    I hope this makes sense.


