Want to dedicate 2 NICs, each to 1 AP - SAME NETWORK. How?

lburns

I have PF sense running on ESXi and have one access point connected directly to it's own physical NIC in the ESXi host.

Works great.

Now I want to add an another access point, I want it on it's own dedicated as well/
However, I want to have them on the same network.

I don't want to disrupt or reconfigure things more than I have to.

What is the best way to add this AP without adding a switch to the existing NIC.

(I'm trying to avoid adding this since it's a waste and adds a point of failure needlessly.)

Dominixise

@lburns

Connect one RJ45 cable to one of each of your access points Lan port. If you have your modem connected to pfsense then you would put the RJ45 to the WAN port instead of LAN. But if you have your modem connected to each AP WAN then do the first and connect to LAN.

In pfsense you will have choice to run dhcp from there to each AP. INLn the advanced settings under routing you will have gateways and that is for internet.

If you want each AP on a different LAN ip dhcp then you would need to make each nic have its own different subnet like one /24 and one /16 or 255.255.255.128 each with their own ip range like one AP 192.268.1.1 DHCP enabled and the other AP 192.168.2.1 DHCP enabled.

Then to make the two networks work together you need to create a static route and possibly turn off NAT on one AP or nic. For the static route you need to enter 192.168.0.0 forward to the other APs gateway and your first APs dns.

That is how i remember but someone else might have a better idea.

Dom

lburns

@dominixise YIKES!
Hold up. I had to read you reply a few times to be sure, but no.

I have a fully working PFSense setup, dual WAN, and the whole 9 yards.
I don't need initial setup help there.

I am asking specifically if there is a way to use one of the unused NIC interfaces on the ESXi server as an ADDITIONAL int4erface to a second AP.

I have one NIC interface set up from BLUE / captive portal to my existing AP.
I now have a second AP and want to add it to that same blue network, but I want it to have it's own NIC too.

I don't want to daisy chain or use a switch.
I'm trying to make these two APs have direct/home-runs to the firewall.

Dominixise

@lburns

As far as i know you have to setup either a static ip or dhcp for each nic.

If you setup a static ip on second nic then you need a static route to forward dhcp and firewall to 2nd nic and AP from first nic dhcp.

I believe second nic will still need a different subnet mask and some static ip assigned in the same range as your first nics dhcp.

Dom

Dominixise

@lburns
If you have two WANS then just setup two gateways in the routings menu

Dom

Patch

@lburns said in Want to dedicate 2 NICs, each to 1 AP - SAME NETWORK. How?:

add an another access point, I want it on it's own dedicated as well/
However, I want to have them on the same network

Sounds to me like you want to bridge the two AP point NICs.

Running pfsense as a VM means you will have to decide if you do that in the pfsense VM or at the hypervisor

lburns

@dominixise

My WANs have nothing to do with my need to add a second AP on a dedicated NIC.

I'm simply trying to add add another AP using an unused NIC port on the firewall, but have it on the exact same network as the first AP and without using a switch.

I prefer the AP's have dedicated direct/home-runs to the firewall directly.

Note: this FW is running on ESXi, so there may be options there that would hide the second NIC from the FW and I wouldn't have to touch anything in PFSense, but I cannot think of a way to do that.

lburns

@patch

Yea, I prefer the Hypervisor level bridging if I go that route.
I just cannot determine the best way to do that.

ESXi allows LAG and failover, but not invisible teaming of NICs.

I tried that and the first AP went offline immediately.

It seems that adding the second NIC to the vSwitch isn't the way to go there.

Patch

@lburns said in Want to dedicate 2 NICs, each to 1 AP - SAME NETWORK. How?:

LAG and failover

Link aggregation is different to bridging.

MrPete

@lburns this is not too complicated.

You simply want your LAN to be a transparent bridge of two nic ports. The bridge itself provides the router ip address etc.

1. mostly correct post showing how to do this while preserving current LAN settings.
   https://protectli.com/kb/how-to-enable-lan-bridge-with-pfsense/

2. a post explaining the correct advanced setting to make it transparent. The above post has this wrong.
   https://forum.netgate.com/topic/90384/help-clarify-my-understanding-of-the-net-link-bridge-pfil-tunables-please/2

If you can link the two in a transparent esxi bridge, then just pass that bridge to pfsense as your LAN and you are done.

Please tell us how it goes.