Need Help/Guidance - Connecting 10+ Wireless Routers to pfSense box
-
Hello!
I'm currently in the process of setting up a pfSense box that will hopefully be able to manage 10-15 wireless routers across my company's building. The pfSense box is a Dell Optiplex computer, and I'm waiting for a quad ethernet card to arrive in the mail, to install into this box.
How would I go about configuring pfSense to manage these wireless networks?
-
One item to note: any person connected to any of these wireless networks needs to be able to get out to the internet. These wireless routers are used for visiting customers/vendors to have internet access (we have a separate firewall/company domain that's managed separately). These people don't need to see each other between the routers.
-
My only thought about this would be to plug the LAN cable from the pfSense box into a 24 port dumb switch that has all the wireless routers plugged into. Is this a good idea or not?
Thanks!
-
-
10-15 wireless routers?
Sounds like you are getting to (already past?) the point where you might benefit from actual access points with a controller.
Ubiquiti would be probably the best lower-cost option, with things like Ruckus/Xclaim, Aruba, Cisco, Aerohive, etc more costly (but arguably "better") above that.
With "real" access points and a managed layer 2 network you can make your wifi network do multiple things and solve multiple problems for your company.
With "wireless routers" and unmanaged layer 2, not so much.
Your problems have essentially nothing to do with pfSense, but rather your wireless infrastructure design.
-
10-15 wireless routers?
Sounds like you are getting to (already past?) the point where you might benefit from actual access points with a controller.
Ubiquiti would be probably the best lower-cost option, with things like Ruckus/Xclaim, Aruba, Cisco, Aerohive, etc more costly (but arguably "better") above that.
With "real" access points and a managed layer 2 network you can make your wifi network do multiple things and solve multiple problems for your company.
With "wireless routers" and unmanaged layer 2, not so much.
Your problems have essentially nothing to do with pfSense, but rather your wireless infrastructure design.
+1
Also if you have an existing wireless network on your company network, your guest wi-fi and company network will interfere with each other at 2.4 Ghz, there are only 3 non overlapping channels.
-
All surveys and AP positioning decisions should be based on 5GHz.
Whatever you happen to get on 2.4GHz should be considered ancillary. As a general rule, 2.4GHz will propagate further in typical indoor environments. If anything, you would turn the 2.4 radios "down" if possible to try to reduce co-channel interference. Or maybe only run 2.4 on "every other" AP, etc.
-
Thanks for your responses, I appreciate them.
The ubiquiti stuff looks pretty nice. Unfortunately, my company doesn't feel like purchasing more equipment (they're cheap like many other places).
We have wireless networks all throughout our building that connect to their own patch panels, and they connect back to a dumb switch that connects to our main router, which connects to our modem.
So would pfSense still be able to manage these wireless networks as a firewall/network monitoring solution, temporarily at least, until I can convince upper management?
-
So would pfSense still be able to manage these wireless networks as a firewall/network monitoring solution, temporarily at least, until I can convince upper management?
You'd just have Internet - Modem - pfSense - Switch - AP, the only thing pfSense will be doing is acting as a firewall, you could also use pfSense as a captive portal.
https://doc.pfsense.org/index.php/Captive_Portal
Do you currently have the 10 - 15 wireless routers, the Ubiquity stuff is cheap as chips, it would also cut down on the management of each device as it's done centrally on the controller.
-
They either want their wifi to solve business problems or they don't.
With UBNT and a decent PoE managed switch (not necessarily UBNT here :trollface:) with the budget for 15 APs you could get this done for about $2500-$3000 in hardware. Chicken shit money.
Zero sympathy for those who will not invest in a proper infrastructure for the task at-hand.
A guess at Ruckus would be about $10K.
-
"Zero sympathy for those who will not invest in a proper infrastructure for the task at-hand."
Amen Brother - Sing it!!! Sing it!!!
There is being cheap and their is just utter nonsense..
There are some real budget friendly option these days to get some decent wifi going.. Cisco is no longer the only option in town that required enterprise budgets.. Your typical SMB with just a simple beer budget can rock some really nice setups these days.
If you can not get your company to spend a k or 2 to do it correctly - then your not selling it correctly or going way above and beyond what they are paying you to do ;) Why do you even give them nonsense options… Its like people love to shoot themselves in the foot..
Why do you even give them the option to even think that some $20 router is going to do what they want..
-
"Zero sympathy for those who will not invest in a proper infrastructure for the task at-hand."
Amen Brother - Sing it!!! Sing it!!!
There is being cheap and their is just utter nonsense..
There are some real budget friendly option these days to get some decent wifi going.. Cisco is no longer the only option in town that required enterprise budgets.. Your typical SMB with just a simple beer budget can rock some really nice setups these days.
If you can not get your company to spend a k or 2 to do it correctly - then your not selling it correctly or going way above and beyond what they are paying you to do ;) Why do you even give them nonsense options… Its like people love to shoot themselves in the foot..
Why do you even give them the option to even think that some $20 router is going to do what they want..
..so, so, true- this happens across the board- be it professional, business or social environment :'(. I couldn't have summed it up better. Sorry, was unable to contribute to afriedman's request. :(
-
If you absolutely must use those routers, instead of proper APs, then don't use them as routers. Just connect to the LAN side and use them as APs. However, it's still much better to use proper APs that are intended for mesh use. These will provide for much smoother transition when moving around. With those routers you want to use, you have to connect to one. Then as you move around you'll reach the point where the signal is really bad to the point it disconnects and you look for another one to connect to. With mesh APs, you log onto a controller that connects to all APs and you can smoothly transition among them.
Another benefit to proper APs is Power over Ethernet (PoE), so you're not tied to AC outlets.Bottom line, do the job properly and forget that multiple router nonsense.
-
"Mesh" actually means something else, in general, in the industry.
It is used to describe APs on power but with no ethernet. They connect to the rest of the wifi network over the wifi. Like glorified range-extenders. Complete with all the caveats like double the air time to move a frame, etc.
Controllers can also do things like disassociate clients from 2.4 trying to kick them to 5 or to try to coerce them to use a particular AP, etc.
-
^^^^
It's what it meant when I first came across the term in WiFi about 10 years ago. The meaning you refer to came later. Regardless a WiFi system with multiple APs and central controller is what's needed and not possible by connecting a bunch of routers to the network.I wish I could remember the name of the equipment manufacturer. One thing I recall from reading about it, which I did not care for, was the APs had to be connected directly to the controller, instead of via Ethernet switch. The term "mesh" was also used with the One Laptop per Child project, which was a cheap Linux computer, intended for children in poor areas.
That concept goes back even further, with amateur radio packet radio, where the various stations connected together to form a network to carry data long distances. This used a protocol called AX.25, which was a modification of the X.25 protocol. I was working with that over 30 years ago.
-
An AP calling out it supports mesh should be a bit more than a range extender.. You can have wireless uplink and or mesh where you could be multiple hops away from a wire or have multiple paths you could take wireless and choose which path to take based upon some criteria, etc.
An AP that supports just wireless uplink or Mesh should be using a different radio for the uplink side than the clients side radio. In low end model normally the 2.4 band radio would be used for uplink and 5 for clients. Better AP would have 3 radio for the uplink and then could do both 2.4 and 5 for clients, etc. etc..
All comes down to how much money you want to spend.
Mesh makes sense in a bigger home where user either can not run a wire or doesn't have the skill or want to spend the effort to do so, etc. Makes sense for something like a deployment of AP over large area where hard to run wires, etc.
But for a business deployment I would think running a wire would always be your best option.. And sure AP with POE would make that job just that much easier for proper deployment.
-
Right. Hence the word glorified.
My point was that use of the word mesh these days implies something other than what I would more accurately call roaming between radios with the same SSID configuration.
It's kind of like trying to use the term trunk.
-
An AP that supports just wireless uplink or Mesh should be using a different radio for the uplink side than the clients side radio. In low end model normally the 2.4 band radio would be used for uplink and 5 for clients. Better AP would have 3 radio for the uplink and then could do both 2.4 and 5 for clients, etc. etc..
Cisco has a nice system. Out of the box, the APs are intended to be used with a controller. You have to load in different firmware if you want a stand alone AP. It can automagically adjust power levels, control hand off between APs, scan for rogue networks and more. The APs connect to the controller via PoE switch. You can have either a stand alone controller or install the controller software in a switch.
-
Ruckus has the same sort of thing but the controller runs on the APs themselves - up to 8 or something. It's a reduced feature set compared to their controllers but fairly complete as far as the basics. The APs can be subsequently converted to run with the controller in software.
-
Ruckus has the same sort of thing but the controller runs on the APs themselves - up to 8 or something. It's a reduced feature set compared to their controllers but fairly complete as far as the basics. The APs can be subsequently converted to run with the controller in software.
How's the hand off between APs? With a central controller, the AP is essentially a bridge that make roaming smoother in that you log into the controller, rather than the AP. Does this happen with Ruckus too?
-
Seems to work fine but the main installation I am using is pretty small and all devices can pretty much see both APs all the time.
The Wi-Fi always works - I can say that much.
I used to go from one end of the property to the other on the management ssid transiting probably a dozen APs at oldjob and it worked great. That was controller-based though.
-
Seems to work fine but the main installation I am using is pretty small and all devices can pretty much see both APs all the time.
The last WiFi work I did was in a large warehouse a few months ago. There were 6 APs throughout the building. There's no way you'd see the APs at one end of the building, from the other. The place was so large we had to use fibre to connect parts of it. They have Cisco APs and switches.
