Multiple Wi-Fi 2100
I'm new to netgate in general and maybe this has been brought up else where. I have a bell hub 3000. My original intention was to replace it with the netgate 2100 but (lesson learned). Due to my own ignorance I realized that I should have put more research into my plans before going with an author's opinion for home network security. I jumped the gun...
I was hoping to replace the sfp module by using:
"TP-Link Gigabit SFP to RJ45 Fiber Media Converter | Fiber to Ethernet Converter | 10/100/1000Mbps RJ45 Port to 1000Base-SX/LX SFP Slot Supporting Mini GBIC Modules (MC220L)"
I created a tapology of my home network for now I split it into 3 parts.
A upstairs - Hard wired ethernet devices.
B Down Stairs - Hard wired ethernet devices.
C Wifi - None important devices like TVs other IOT devices and Guests not on my main internet just my (guest).
I then thought to convert my fibre to ethernet although the 2100 has a sfp port (again did not realize due to rushed purchase)
Either way I tried both and thought it would be easy. I learned I needed to set up a pppoe from bell and create a vlan tunnel into the Wan, which I followed a YouTuber. After following each step I ended up disappointed and gave up .
I then opted out still having the bell hub 3000 as the main I just connected an ethernet cable to Vlan 1 from the 3000 to the netgate then I connected an ethernet to the Wan port on the netgate 2100 to a netgate switch then connected my other devices to that (I followed the wizard and have it working ).
A simple network. I know I could have easily used a switch or two and a couple RJ-45 cables. However I wanted to have 2 seperate networks using my public IP so I purchased the 2100 at first I thought it had wifi capabilities based on specs on Amazon.. My assumptions (Lessons learned). I have my self the wrong expectations.
All this said is it possible to have bell hub 3000 as main for wifi
Connect another wifi router to the hub 3000's vlan 1 then connect the netgate 2100 to the new wifi vlan 1 port then route all guest and IoT devices to that new wifi so I can then use shark tap to sniff my whole network and use squid proxy for browsing control? (Turn off the bell 3000"s wifi and save power consumption)
This could have been shorter but it's because I am a student and working on my comptia certs so I am using this as experience so all advice would be kinda and I am open to light criticism as well haha
Thank you kindly
SteveITS Rebel Alliance last edited by
@cybersamurai If the wireless clients connect to an AP in your WAN then by default they can't connect to devices on your LAN, unless you allow by firewall rules. They would be able to get out to the Internet though. I'm assuming the router in front of your 2100 also provides NAT.
@steveits Right now I have just the bell hub connected to fiber. I have a ethernet cable connected from Vlan 1 of the bell hub to the Wan port of the netgate 2100.
From the vlan 1 of the 2100 I have an ethernet cable running to a netgate switch.
My bell hub has a NAT. I have my netgate 2100 a private IP address which is different then the bells private IP but the bell has a public IP address which is being shared on both routers.
I would like to add a wireless router after the Netgate 2100 by vlan 1 ethernet. Disable the wireless on the bell hub and use the new wireless device as a AP so then I can tunnel all traffic both wireless and wired through PFSense on my netgate 2100. I want to be able to use the other features like VPN, Firewall and Proxies also a shark tap for wireshark for network troubleshooting or monitoring. I could do all that if I could convert the sfp to ethernet.
I hope that makes sense.
@steveits Unless there is something I am missing about how wifi works? Unless wifi is on a different layer then connecting to a vlan as described will not work..
SteveITS Rebel Alliance last edited by
@cybersamurai Or I may be misunderstanding. :) If you are looking to have the wireless behind the 2100 then you can do a few things:
- connect the wireless router in AP mode to any port on the 2100, so they are all on the same network
- connect the wireless router in AP mode to an isolated port on the 2100 so it is its own interface (https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html)
- connect the wireless router in router mode to any port on the 2100, so the wireless router provides NAT and isolates the wireless clients from the LAN (though not the other way around)
johnpoz LAYER 8 Global Moderator last edited by johnpoz
@cybersamurai said in Multiple Wi-Fi 2100:
different layer then connecting to a vlan as described will not work..
to a netgate switch.
There no such thing, did you mean netgear?
So you want a sfp for the 2100 for fiber? Where exactly would you think that would plug in? Fiber coming into your home its unlikely what would work directly into pfsense box?
I am not really understanding what your after, if what your after is adding pfsense as your router, you can run that behind your current router, be it that device supports a bridge mode.. Many gateways (router/modem combo) allow for going into modem only mode this would get pfsense a public IP on its wan.
But you can for sure get a AP that supports vlans and run that behind pfsense just plugged into either a port on the 2100, or a vlan capable switch that plugs into your 2100 ports..
@steveits I will look into this thank for your insight and taking the time to help me out!
@johnpoz haha yes I did use the wrong name I have a Netgear switch and a netgate router. Thanks for your suggestion. I will have to research some more ! I think my issue is my lack of research. I might have gotten into something that was beyond my understanding but I do think the pf software is quite a sophisticated piece to everything. Having a parameter firewall, VPN, Snort, Proxies etc it was definitely worth the purchase. I will have to learn more about networking haha. Cheers.