How to configure WiFi router downstream of Netgate 1100

pourts · Oct 21, 2021, 4:18 PM

I am new at configuring a home network. I assume my question is probably answered somewhere, but I am having trouble because most of the documentation is highly technical. I read the sections here and I still have some basic questions (https://docs.netgate.com/pfsense/en/latest/wireless/vap.html)

Can I run stock firmware on my WiFi router downstream of my Netgate 1100? Or do I have to flash something like Fresh Tomato? I have a Netgear R8000, and I think the stock firmware has some improvements over Fresh Tomato- for instance beam forming.

Does my WiFi Router have to be in access point (AP) mode?

Thank you.

SteveITS · Oct 21, 2021, 5:06 PM

@pourts Your wireless can be an access point if you want the wireless devices on the name network. If it was just configured as a router, the wired devices would be blocked from wireless via NAT, though technically the wireless could connect to the wired.

Some prefer to separate wireless traffic by creating a separate network or VLAN, but it just depends on what your needs are and what kind of devices they are.

From the perspective of the wireless router/AP it's all normal... it doesn't care that the router is pfSense.

pourts · Oct 22, 2021, 4:13 PM

Thank you for the answer, though I don't understand all of it yet.

Perhaps a more basic question: is it realistic to create VLANs with just a consumer router (Netgear R8000) and a Netgate SG-1100? I'm open to flashing Fresh Tomato onto the R8000 even though that might decrease its functionality in some ways.

From all the Youtube videos I've been watching it seems like I need to buy a network switch, for instance a Unify.

AndyRH · Oct 22, 2021, 4:36 PM

I would suggest to start simple. Assign the Netgear a LAN address so you can get to it. Turn off Netgear DHCP.
Then plug in a LAN port off of the Netgear into the Netgate (or switch). WiFi clients should get an address from pfSense.

Home routers like Netgear are sort of 2 devices, a FW and an AP. You just want the AP, so you do not need the WAN port on the Netgear and you do not need DHCP.

There are more complex and interesting setups, but getting to step one first will set you up to move on later when ready.

SteveITS · Oct 22, 2021, 4:39 PM

@pourts The initial question is whether you want to prevent wired and wireless from talking to each other?

If you do, you can use different interfaces on pfSense and use firewall rules to block traffic between them, from LAN to OPT and OPT to LAN. The 1100 has an OPT port so that could be for wireless. There's no need for a VLAN-capable switch in this scenario, but you may need two "dumb" switches, one on LAN and one on OPT, if you have multiple devices.