Wireless: Getting the MAC to the Right Interface & DHCP Server
-
Modem: Technicolor ET2251
|
-> Netgate SG-1100 (WAN)
(LAN)
|
-> Linksys E7350 WL Router (Port 1)DHCP has been turned off on the Linksys and exists only on the 1100.
In addition to the LAN Interface (x.x.10.0) I've created the Interface WLS1 (x.x.20.0) with its own VLAN, which has been loaded with DHCP and allowed out the pf's WAN.However, despite having adding static IP assignments to both LAN & WLS1 interfaces, neither of the two static assignments I've placed on WLS1 have received their x.x.20.x IP addresses.
How do I get the MAC addresses of these devices to receive the IP address from the proper interface?
Thank you for your time and attention!
-
Are you using that Linksys as a router, connecting the Netgate through the WAN port? If so, DHCP will never work, as it uses broadcasts which are not passed through routers.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
Also is it connected to the OPT port on the 1100? Is that the interface you have assigned as WLS1?
-
@jknott Not using the Internet / WAN port of the Linsys, but Purt 1.
net Linksys is on the LAN port of the 1100. the OPT1 of the 1100 has a Netgear switch. -
So how is WLS1 configured on the 1100? How is the Linksys using that?
Steve
-
@stephenw10 The Linksys provides the wireless access point, the ip addresses are assigned by the 1100.
-
Right but if WLS1 is configured as a new inteface in the 1100, with the new subnet, and it's not the OPT1 port what is it?
A VLAN? Are you trunking that? Is the Linksys configured for it?
Steve
-
@stephenw10 I'm going to say yes to the VLAN trunking...there are only 3 physical interfaces on the 1100, as you well know...i'm trying to separate my wireless traffic into:
2 Televisions and an XBox - x.x.20.0
Laptops & Desktops - x.x.30.0
iPads and iPhones - x.x.40.0My only working wireless router (Linksys E7350) is fed into the LAN port of the 1100.
Right now the DHCP Server on the 1100's LAN port is giving everything coming from the Linksys an ip address in the x.x.10.0 subnet.
The linksys doesn't handle VLANs the same way the 1100 does, so i have not enabled it on the Linksys.
-
Ok, I think we are going to need to see some screen shots of how that is configured in the 1100.
However if you're trunking those VLANs out of the LAN port to the Linksys it will need to handle them to usefully use them on different SSIDs etc. Otherwise it will either drop that traffic (likely) or pass them tagged.
I'm not sure what you're trying to do here is possible with the hardware you have unless I'm missing something.
Steve
-
@stephenw10 If creating a virtual interface/VLAN isn't possible, can i create an "additional pool" on the LAN interface's DHCP server in a different subnet (x.x.20.x)?
-
You can create additional pools but not in a different subnet. The DHCP server can only hand out addresses from the subnet it's running on.
Really what you want there is an access point that can handle multiple SSIDs and use a separate VLAN for each one. Then you can trunk that to the 1100 and filter traffic between each as though they were separate physical interfaces.
Or you could use multiple access points and a managed switch to break out the VLANs to separate ports.
I'm sure the Linksys is physically capable of doing it but they don't expose that functionality to the user so it's unlikely you can use that. At least until OpenWRT has a port for it.
Steve
-
@stephenw10 I think i understand...i need a more sophisticated WAP that will recognize the VLANs on the 1100
OR
use multiple access points on the Netgear GS108Ev3.
Can the additional pools be aliased and therefore separated in the firewall rules? -
Yes you could use pools in one subnet and filter them differently using aliases but you can't filter traffic between the clients on one subnet that way. Traffic would just go between them directly without passing through pfSense. Only one interface.
Really you need to use VLANs in there to separate the traffic at layer 2.Steve
