Using Existing router (Netgear Nighthawk) as AP + Switch?
I have pfSense installed and running but I am having trouble with my existing router.
My network setup:
Modem <-> pfSense box <-> Netgear Nighthawk router <-> Device 1, Device 2, Device 3, Device 4, + (Wireless Devices)
The Netgear Nighthawk router has option to be in 'Router' or 'AP' mode. I planned on using it in AP mode but I didn't realize until I switched everything over that Netgear disables all ethernet ports when in AP mode. I thought this mode would simply disable the DHCP server and let pfSense handle the rest. I then set the Netgear back to 'Router' mode and disabled the DHCP server. I plugged the WAN port of the Netgear rourter to the LAN port of my pfSense box. That didnt work. I then connected a switch that I had laying around to the LAN port on my pfSense box, then connected the switch to a LAN port on the router. I then unplugged all devices from the Netgear router, then plugged them back in (to grab new IP addresses). pfSense ARP table showed all of my devices, including the wireless ones. It did not show my router though. I couldnt access the Netgear routers admin menu (routerlogin.net) So, I am back to the drawing board trying to figure out my options. I was hoping to use my Netgear router as a switch and the wireless AP.
Thoughts on what my options are? Suggestions?
Set the lan IP of your router to be on your network 192.168.1.X or whatever your using for your local network.
Disable its dhcp server, connect it to your network via one of its lan port.
Done! Your old router is now a AP with switch ports.
Connect to the IP you set on its lan port to manage its wifi stuff.
Thanks for the reply and info! :)
Are there any disadvantages in using this method? Any potential issues or other settings I should change on the Netgear router? One if the reasons I went with pfSense is better security. Last year, Netgear had a security vulnerability which took them months to patch via firmware. Can the Netgear router still be vulnerable to security issues if it's behind a pfSense router?
No not really, in such a setup it would have no internet access even. Most soho router have no way to set a gateway on the lan.
So even if you forwarded traffic to it from the internet, it wouldn't be able to answer back, unless you also had setup a source nat on pfsense.
While sure as any device on your network, pc, iot device, etc. It's on your network and things on your network would be able to talk to it.. But not sure what sort of vulnerability you would be worried about in such a setup.
Correctly secure your wifi, wpa2 with good complex length psk and you should be good to go.