Mikrotik Hotspot and Vlan

kanuns

Hi,
I am new to pfsense. I require help. Please

I have a working Mikrotik with Hotspot and Vlans.
What I want to do is, I want to add pfsense between the switch.

To be exact:

I want to add pfsense for the VLANS. I dont want the Hotspot to stop working. Can anyone give any idea on how to implement it ? I need guidance, I will do the rest.

Thanks in advance

viragomann

@kanuns said in Mikrotik Hotspot and Vlan:

What I want to do is, I want to add pfsense between the switch.

...and what?

I want to add pfsense for the VLANS. I dont want the Hotspot to stop working. Can anyone give any idea on how to implement it ?

And the Mikortik should stay the router?
What is the purpose of pfSense in your network then?

kanuns

@viragomann

Really sorry, I missed those.

I want to add pfsense as a firewall, as might be adding some servers here. Maybe some users will also be regulated via it.

Yes.
Mikrotik will stay as the router.

viragomann

@kanuns
Odd setup in my opinion, since pfSense can do the routing as well and the Mikrotik is also capable to do firewalling. So I'd rather consider to replace the Mikrotik with pfSense.

But yes, you can do that. You can insert pfSense transparently by bridging both VLANs.

Assuming your pfSense has NIC1 and NIC2, create both VLANs on both NICs. Interfaces > Assignments > VLANs. Assign interface to all four and enable them, no IP settings.
Go to the bridges tab and add a bridge, where you add both VLAN33 interfaces as member, and a second one for VLAN34.

Go to the Assignments tab, assign an interface to each bridge and enable both.
To access pfSense you can then set an IP on one of the bridges.

kanuns

@viragomann
yes very odd indeed. I have to do this for a customer. who unfortunately has moved in an being the owner's friend; i have to accommodate him.

Reason because I dont want to move away from mikrotik is that I have a hotspot working on my mikrotik and my office members connect to it and there is no issue.
There are VLANs in place but this person needs separate VLAN and after that he wants to manage his server and users and also do some sort of CFA also.

And apologies for late replying; i dont know why but this is my first post and the forum says that my IP is already blacklisted; strange as it is my Home's network's IP. I have to use a VPN to post.

Anyhow, please guide me:
My VLAN IP of mikrotik router on which hotspot is also running is 192.168.223.1/24.
should I give an IP of of this subnet to Pfsense and make this as gateway to the users of the VLAN ? I other words, routing the traffic of this vlan via pfsense and then to mikrotik.

What do you say ?

viragomann

@kanuns
With the example configuration I gave above, pfSense can only get an IP in one of the VLANs.

However, as of your description of the purpose it I'm wondering if you really need the VLANs to terminate on the Mikrotik.
If not you can remove them from there and configure a simply transit network between the Mikrotik and pfSense. This could be tagged or not. Then route the VLANs to the pfSense IP.
On pfSense you can configure the VLANs on the NIC for the AP.

I think, this setup is easier and more reliable.