Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Devices connected via AP given unique IP address range?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    18 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dstarr3
      last edited by dstarr3

      My LAN is on 192.168.10.0/24, and I have it set to distribute IP addresses between 192.168.10.100-199. I have my UniFi AP set to a static IP on the subnet of 192.168.10.10, and I want to configure my pfSense/UniFi so that all devices connecting wirelessly via AP are given addresses in the 192.168.10.200-254 range. Which is to say, I want wired devices on the LAN to get addresses from 192.168.10.100-199, and wireless devices connected via AP to get addresses from 192.168.10.200-254. How would I go about configuring this?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        You don't. It doesn't work that way. Break the wifi out into its own subnet via another NIC or a VLAN.

        1 Reply Last reply Reply Quote 0
        • M
          marvosa
          last edited by

          As KOM mentioned, there's no effective way to configure that as requested. True AP's just dump the traffic on the wire and you can't have multiple DHCP servers in the same broadcast domain.

          Accomplishing your goals would require either a 2nd NIC or implementing a managed switch.

          The only completely crude, inefficient and bass-ackwards way of doing what you're asking without changing your design would be manually configuring DHCP static mappings for each and every wireless client.

          1 Reply Last reply Reply Quote 0
          • D
            dstarr3
            last edited by

            I actually do have two NICs installed on my pfSense machine. Technically, three. It's a Supermicro motherboard with a built-in 2-port NIC that's going unused (and I'd like to leave it unused), and then I have two Intel Pro 1000 quad-port cards. So if this is my avenue towards accomplishing my goal, I'd love more details.

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              Three NICs: WAN, LAN, OPT1. Put your LAN on LAN. Put your Unifi AP on OPT1. Services - DHCP Server allows you to create a server instance on both LAN and OPT1 and configure each accordingly.

              1 Reply Last reply Reply Quote 0
              • M
                marvosa
                last edited by marvosa

                ^^^ Exactly. Simply plug your AP into one of your OPT(X) ports, configure the OPT(X) port with an IP in any reserved range outside of your LAN, create a new DHCP scope, add firewall rules on the OPT(X) interface and you're done. Now all wireless clients will grab an IP from the new scope configured on OPT(X).

                1 Reply Last reply Reply Quote 0
                • D
                  dstarr3
                  last edited by

                  When configuring the interface I'll be putting the AP on, what kind of IPv4 configuration type would I be selecting?

                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by KOM

                    Whatever you want it to be. If your existing LAN is 192.168.10.1/24 then try 192.168.20.1/24 for OPT1 network.

                    Edit: Yes, static IP as marvosa said. I thought you were asking about the topology.

                    1 Reply Last reply Reply Quote 0
                    • M
                      marvosa
                      last edited by

                      The type would be "Static IPv4".

                      1 Reply Last reply Reply Quote 0
                      • D
                        dstarr3
                        last edited by

                        So if I have my AP on 192.168.20.1, how do I get it to assign 192.168.10.200-254 IPs?

                        A M 2 Replies Last reply Reply Quote 0
                        • A
                          akuma1x @dstarr3
                          last edited by akuma1x

                          @dstarr3

                          You can't give it that DHCP range.

                          The 192.168.10.X subnet is for your LAN segment. You can't make another segment/network on the same firewall with the same scope. You should use 192.168.10.X for LAN, and then use 192.168.20.X for your wifi on your OPT network/interface.

                          Jeff

                          1 Reply Last reply Reply Quote 0
                          • D
                            dstarr3
                            last edited by

                            @marvosa said in Devices connected via AP given unique IP address range?:

                            Accomplishing your goals would require either a 2nd NIC

                            Well, that was my original question. And then marvosa said that it could be done with a second NIC, which I have, so I was trying to get more detail about that.

                            KOMK 1 Reply Last reply Reply Quote 0
                            • M
                              marvosa @dstarr3
                              last edited by

                              So if I have my AP on 192.168.20.1, how do I get it to assign 192.168.10.200-254 IPs?

                              So, if you're AP is set to 192.168.20.1, then you will need to assign the OPT interface something else in that range. Personally, I would assign 192.168.20.1 to your OPT interface and then give your AP something random, but easy to remember like 192.168.20.10.

                              Next, enable the DHCP server on the OPT interface and configure the scope.

                              1 Reply Last reply Reply Quote 0
                              • D
                                dstarr3
                                last edited by

                                Okay, so let's say I make an OPT interface at 192.168.20.1, and I put my AP on 192.168.20.100. How do I get pfSense to assign addresses on the OPT interface in the 192.168.10.1 range without giving me an error the range is outside of the subnet?

                                M 1 Reply Last reply Reply Quote 0
                                • KOMK
                                  KOM @dstarr3
                                  last edited by KOM

                                  @dstarr3 He meant you can have the two different clients getting IPs from different DHCP servers. He didn't mean they would use the same scope because that's impossible. I suspect there are some networking basics that you are not aware of that are causing confusion.

                                  What is the actual problem you are trying to solve? WHy does it matter if LAN and OPT1 DHCP clients are in the same scope but different ranges?

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    marvosa @dstarr3
                                    last edited by marvosa

                                    @dstarr3 said in Devices connected via AP given unique IP address range?:

                                    Okay, so let's say I make an OPT interface at 192.168.20.1, and I put my AP on 192.168.20.100. How do I get pfSense to assign addresses on the OPT interface in the 192.168.10.1 range without giving me an error the range is outside of the subnet?

                                    Configuring two different interfaces with IP's in the same subnet cannot be done. Which is why I mentioned there was no way to do what you're asking as originally requested. However, the overall, high-level goal is to have your wireless clients grab addresses from a specific DHCP range, which is what you will accomplish by connecting your AP to your OPT interface, but that specific range HAS to be on a different network than your LAN.

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      dstarr3
                                      last edited by dstarr3

                                      The problem I'm hoping to solve is that my cell phones can't automatically discover devices that are on a different subnet. For instance, my NAS or my PC. With LAN and WIFI on different subnets, I have to manually enter IP addresses into Android apps to get them to work across subnets. Even with interface rules being wide open and no Windows/etc firewall in between. So I was hoping there was a way to get LAN and WIFI on the same subnet, yet keep the IP addresses distinct by using pools of 100-199 and 200-254. But that being impossible, the real end goal is to configure my network so that my phone can automatically discover the wired devices on the different subnet.

                                      But it occurs to me now that that might be a limitation of Android, not of my pfSense configuration.

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        marvosa
                                        last edited by marvosa

                                        The problem I'm hoping to solve is that my cell phones can't automatically discover devices that are on a different subnet. For instance, my NAS or my PC. With LAN and WIFI on different subnets, I have to manually enter IP addresses into Android apps to get them to work across subnets. Even with interface rules being wide open and no Windows/etc firewall in between. So I was hoping there was a way to get LAN and WIFI on the same subnet, yet keep the IP addresses distinct by using pools of 100-199 and 200-254. But that being impossible, the real end goal is to configure my network so that my phone can automatically discover the wired devices on the different subnet.

                                        But it occurs to me now that that might be a limitation of Android, not of my pfSense configuration.

                                        It depends on what the application is using for discovery. If the application is using broadcasts for discovery, then the issue you're having is happening by design and is due to a network standard, not an Android limitation or firewall rules.

                                        In order for a device to access a different network, it has to pass through a router and routers drop all broadcast traffic by default.

                                        So I was hoping there was a way to get LAN and WIFI on the same subnet, yet keep the IP addresses distinct by using pools of 100-199 and 200-254.

                                        Unfortunately, there's no simple way to satisfy that request as written with standard gear due to multiple protocol standards. You can absolutely have your WiFi on the same subnet as your LAN and configure two different DHCP scopes, but the 2nd scope will just sit there unused until the first scope fills up. There's no way to force your WiFi clients to grab IP's from the 2nd scope in that scenario.

                                        But that being impossible, the real end goal is to configure my network so that my phone can automatically discover the wired devices on the different subnet.>

                                        If the application uses broadcasts for discovery, there's no way for a device to automatically discover other devices across subnets due to broadcast traffic being dropped by the router. So, you either have to enter IP's manually or hope that the application developer included a way to specify networks to include during discovery.

                                        Your only other recourse would be DHCP reservations or configuring your wireless clients statically. Both of which would be a management nightmare.

                                        If the main priority is keeping the functionality of apps that leverage broadcasts for discovery, then you may end up having to live with all clients mixed in on the same subnet and DHCP scope. It can make auditing and tracking things down a little more difficult, but it's not completely horrible.

                                        Having said all of that, are there some things that can be implemented that may work in theory that involve a more advanced design and adding enterprise gear? Sure, but my guess is that spending a bunch of money on enterprise gear and added infrastructure is probably out of scope for this thread.

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.