Need Help with a Setup/Hardware config
-
@TheAncientGamer do you see any settings anywhere in the EERO config that allows you to use the nodes in something like "access point/AP mode-only" or similar?
-
@cyberconsultants said in Need Help with a Setup/Hardware config:
@TheAncientGamer do you see any settings anywhere in the EERO config that allows you to use the nodes in something like "access point/AP mode-only" or similar?
I didn't but I will take a look again. I like the idea of the EERO being able to hand out IPs to my devices on it's own. Effectively right now I have it in Bridge mode so my netgate is doing all the work. The EERO is fairly robust on it's own but not super configurable. I will report back. Thank you.
-
@TheAncientGamer the topographic path of least resistance will be to make use of the pfSense host as your DHCP server. in your proposed flat LAN with subnet ID 192.168.1.0/24, that simply means pfSense will hand out 192.168.1.xxx addresses to all DHCP clients, including the individual mesh nodes themselves and any wireless clients that connect through them. (you'll also maintain the ability to statically assign any unused addresses).
in fact, using AP-only mode on the nodes (assuming that capability) might actually disable their DHCP services and they'll become DHCP clients-only themselves. depends on a whole bunch of functionality and use cases EERO may or may not have included or contemplated, intentionally or otherwise.
if, however, in AP-only mode the nodes can act as both DHCP server (served from the master node with relay on the slave nodes) and client simultaneously, you have a couple additional options depending on how complex you want to get.
-
@cyberconsultants said in Need Help with a Setup/Hardware config:
@TheAncientGamer the topographic path of least resistance will be to make use of the pfSense host as your DHCP server. in your proposed flat LAN with subnet ID 192.168.1.0/24, that simply means pfSense will hand out 192.168.1.xxx addresses to all DHCP clients, including the individual mesh nodes themselves and any wireless clients that connect through them. (you'll also maintain the ability to statically assign any unused addresses).
in fact, using AP-only mode on the nodes (assuming that capability) might actually disable their DHCP services and they'll become DHCP clients-only themselves. depends on a whole bunch of functionality and use cases EERO may or may not have included or contemplated, intentionally or otherwise.
if, however, in AP-only mode the nodes can act as both DHCP server (served from the master node with relay on the slave nodes) and client simultaneously, you have a couple additional options depending on how complex you want to get.
It doesn't look like the EERO has an AP only mode. In the app, I have under DHCP & NAT networking: Automatic, Manual IP and Bridge. Right now it is Bridge which to me is acting like an AP. My pfsense/netgate is handing out IP addresses over the EERO device to all my wifi devices. I have not tried Bridge Mode with the OPT1 port, this is while the EERO is connected to my Switch. Other EERO Network settings I have: Reservations and Port Forwarding, DNS, UPnP, Then under Wireless, Client Steering, and Thread. And under Internet on the EERO I can set, WAN IP Address, Gateware EERO IP Address, IPv6 and ISP Settings <--Can't remember what is in here as Bridge mode at the moment has me locked out of looking at it.
My Wife is work from home so I cannot really mess with it at the moment as she needs the connect. This is mostly and afterdark and weekend project atm. Thanks for your insight, I appreciate it.
-
@TheAncientGamer Probably most of all out of this is that I want to understand how to plug in a network device to the other two ports and have it connect to the rest of my network (LAN) and (WAN). Say, add another switch for 10G or 2.5G devices. I am missing something somewhere with the routing and am feeling pretty dumb right now that I cannot sort it out.
-
@TheAncientGamer yw. bridge mode is definitely what you were looking for and found yourself.
My pfsense/netgate is handing out IP addresses over the EERO device to all my wifi devices. [ . . . ] this is while the EERO is connected to my Switch.
if there's anything specifically undesirable about this, you'll have to explain a little more. you said:
I want the mesh network to be plugged into (igc2) of the appliance so that it is separate from the switch
the' why' to that will dictate how to configure everything.
-
@cyberconsultants said in Need Help with a Setup/Hardware config:
@TheAncientGamer yw. bridge mode is definitely what you were looking for and found yourself.
My pfsense/netgate is handing out IP addresses over the EERO device to all my wifi devices. [ . . . ] this is while the EERO is connected to my Switch.
if there's anything specifically undesirable about this, you'll have to explain a little more. you said:
I want the mesh network to be plugged into (igc2) of the appliance so that it is separate from the switch
the' why' to that will dictate how to configure everything.
Mainly to offload the switching of all of my IOT devices from the unmanaged switch and to be able to throttle/limit the IOT as a whole. I would also like to have my IOT and wifi devices on their own subnet just for organization purposes. Maybe I am just going about the whole thing in the wrong way? Forgive me as I am a kinesthetic learner and self-taught in all of this.
-
@TheAncientGamer said in Need Help with a Setup/Hardware config:
Probably most of all out of this is that I want to understand how to plug in a network device to the other two ports
at the moment the other two ports on your pfSense host (igc2 and igc3) are by-default router interfaces, not switchports. if maintained as router interfaces, then additional firewall configuration would be necessary to get anything on any one of them (i.e. igc1-3) 'talking' to either one of the others. in strict networking terms, they are three separate Layer 3 segments each requiring its own subnet.
you replied just now to say that you're looking to achieve some level of network segmentation. that's usually never a bad goal. just know that you will be significantly technically limited in what you can do with the EERO mesh nodes acting as your APs (e.g., no VLAN tagging and certainly no SSID-to-VLAN mapping).
-
@cyberconsultants Thanks! I think I will just keep it the way it is. I wrote rules for the firewall for igc2 when I was trying to config it but could not seem to get it to work. I guess I just have to hit the books and learn more before I move forward. Was hoping someone had an easy tutorial I could riff off to see if I could get it to work. I did set up VLANs (Which I still don't fully understand mind you) when I set up the appliance initially but I could not get them to work. On my old SG1100 I was working with VLANs and honestly cannot remember how I set them up in the first place but that whole system was set up with WAN/LAN/OPT1 by me and it all worked. I did copy over that config from the old box but could not get it to plug and play properly so I ended up just using the old Port Forwarding rules I had and started fresh. Thanks again for your help in all this. Have a great holiday.
-
@TheAncientGamer on eero, bridge mode is what makes the mesh act like an AP.
I skimmed the above but not sure I followed. If you want to separate the networks you can connect your main eero to a third interface with a unique subnet. It needs its own rules; LAN defaults to allow all with the two default rules but all other interfaces default to deny all.
