Pfsense + WAP, How to assign static IP addresses

JND8

I have an ISP Router > Pfsense > Wireless Access Point setup

I understand that Pfsense is the IP provider. Right now I have DHCP disabled on the WAP and DHCP enabled on the LAN port of Pfsense.

I want to assign static IP addresses to the devices that are connected to my WAP. What do I do? Do I just disable DHCP on that LAN port in Pfsense and assign a static IP in my PC's network configuration?

JKnott

@JND8

The easiest way is configure everything for DHCP. Then go to Status > DHCP leases to find the address that's been assigned and then convert it to a static mapping. When you do that, you will have to chose an address that is outside of the DHCP pool.

JND8

@JKnott said in Pfsense + WAP, How to assign static IP addresses:

@JND8

The easiest way is configure everything for DHCP. Then go to Status > DHCP leases to find the address that's been assigned and then convert it to a static mapping. When you do that, you will have to chose an address that is outside of the DHCP pool.

Thanks. What happens if I disable DHCP server on the LAN interface?

akuma1x

@JND8 You can do that too, but if you have many computers/tablets/phones on your network, or those that come and go (guests or visitors), you will have to MANUALLY plug in IP addresses on every single one of them. That's a pain in the butt!

Jeff

JKnott

@JND8

Then the lease will eventually expire. Why would you want to disable the DHCP server?

JND8

Maybe I don't need to disable that. My goal is to whitelist my IP address to be the only device able to connect to the network (and to the Pfsense admin webpage)

akuma1x

@JND8 said in Pfsense + WAP, How to assign static IP addresses:

and to the Pfsense admin webpage

Access to the pfsense admin webpage is done through firewall rules and/or a SPECIFIC management network that has access to the webgui.

https://docs.netgate.com/pfsense/en/latest/firewall/restrict-access-to-management-interface.html

Jeff

JKnott

@JND8

As for only one device connecting, that can be configured in the DHCP server. You can create a rule to allow only certain IP addresses to connect to the management. Also, you should have a password on it and you can use a key for ssh.

You should try to define your needs, before trying to come up with a solution.