Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    using T-Mobile 5G as a WAN source

    Scheduled Pinned Locked Moved
    General pfSense Questions
    3
    19
    614
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gblenn @coffeecup25
      last edited by Gblenn

      @coffeecup25 said in using T-Mobile 5G as a WAN source:

      If Comcast is replaced, the T-Mobile router will need to be positioned in a place where it gets a good signal and can get to a wall port that can reach the basement where pfSense is. As I said, T-Mobile will replace Comcast in the pfSense WAN port.

      Currently I use MOCA 2.5 to go from pfSense to some upstairs network equipment. The MOCA 2.5 will be repurposed to get T-Mobile downstairs to pfSense WAN. A router configured as a wireless bridge will replace the MOCA 2.5 device upstairs.

      This is the part I don't understand. Are you keeping the MOCA 2.5 or will that go if you drop Comcast?
      If you keep it, why use anything else to connet between the upstairs and downstairs positions?

      Yes it is one physical connection, but using VLAN's you can use it for multiple purposes. 1. to get WAN to pfsense, and 2. to get LAN from downstairs back upstairs again. No need to use wifi as backhaul, which is never a good idea. Mesh is pretty much just that, although "automagic"...

      C 1 Reply Last reply Reply Quote 0
      • C
        coffeecup25 @Gblenn
        last edited by coffeecup25

        @Gblenn Think of MOCA 2.5 as one very elaborate Cat6 wire. MOCA turns RG6 cable into CAT6 internet wires. Like Powerline turns electric wiring into Cat6 wires.

        MOCA can't be WAN and LAN at the same time in this instance. The MOCA will carry the T-Mobile WAN to pfSense. This creates a need to get a signal back to what MOCA was previously servicing. A wireless bridge will replace the old MOCA 'Cat6 LAN' wire. Existing Powerline gets left alone.

        I can't even imagine how a VLAN would figure into this. If mesh was used, wired backhaul would only exist for the actual access point. 2 mesh devices would be 100% wireless.

        G 2 Replies Last reply Reply Quote 0
        • G
          Gblenn @coffeecup25
          last edited by

          @coffeecup25 That's the thing, it CAN be both WAN and LAN at the same time. That's what VLAN's can do for you.

          Here's how...

          If you get two managed switches that can do VLAN, which can be quite cheap. You will need two small (5Port) switches, one at each end of the MOCA.

          Let's say we configure port 5 on both switches to be VLAN 10 Untagged (meaning only traffic belonging to VLAN 10 will go in or out this port).
          We configure Port 4 to have VLAN 10 added as Tagged, meaning any traffic belonging to VLAN 10 will ALSO be going in/out this port.
          Connect the upstairs switch port 5 to the LAN on T-Mobile device, which now belongs to VLAN 10. And then you connect switch port 4 to the MOCA 2.5 which will now carry BOTH VLAN 10 and all the default LAN traffic.

          Connect the downstairs switch port 4 to MOCA and port 5 to pfsense WAN.
          pfsense will now receive only the traffic from the T-Mobile device on it's WAN, since the switches will only forward VLAN 10 traffic on port 5.
          Connect pfsense LAN to port 1 on downstairs switch which means that LAN traffic will go into the switch, and up the MOCA to the upstairs switch and be available on ports 1, 2, 3 and 4 (but not port 5).

          If you have already ordered an new router, you can use that as an AP downstairs for example, but connecting it's LAN (turn of DHCP) to e.g. port 2 on that same switch.
          Upstairs you can connect the AX-21 in a similar way to port 1, 2 or 3 on that switch. Now you have a LAN network covering downstairs and upstairs (ports 2 and 3 available on both switches for e.g. PC's or a TV, Printer etc).

          Assuming the Comcast box is downstairs, all you need to do for failover testing is to connect that to WAN2 on pfsense and set it up as per the documentations.

          1 Reply Last reply Reply Quote 0
          • G
            Gblenn @coffeecup25
            last edited by

            @coffeecup25 Think about VLAN's as multiple separated networks on the same physical interface. The cable, Cat6 or MOCA or fiber doesn't care what's going on inside... But switches do, and will make sure traffic belonging to the different VLAN's never gets mixed up.

            You can use VLAN on pfsense as well, to create isolated networks for different purposes. Perhaps one for guest and one for your IoT devices, besides you default network.

            You might want to keep wifi separate from the LAN for example. Even with dumb routers (that don't understand VLAN) you can do that in this scenario I described.
            Then you define another VLAN, 20 for example and you assign that Untagged to the switch ports that you have the two wifi routers connected. You also assign VLAN 20 TAGGED to the port that connects to LAN pfsense. And then you create a VLAN in pfsense with it's own subnet and DHCP etc.
            Then you can define rules that may allow or block wifi from accessing anything or everything within your LAN.

            C 1 Reply Last reply Reply Quote 0
            • C
              coffeecup25 @Gblenn
              last edited by coffeecup25

              @Gblenn I know what a VLAN is. The comment was rhetorical.

              A VLAN is a ridiculous idea here. It's over-complicating a very simple problem. There's the easy way and the WTF way.

              I am only replacing an ISP. Added is an ancillary problem of where to position the T-Mobile router where it gets the best reception. Comcast has no such problem.

              Actually, in one spot in my home that might offer good reception, I can work a wall Cat6 outlet backward and leave the MOCA alone as it. I was considering repurposing MOCA because then I don't have to trace wires from place to place. Or put a T-Mobile router in a room where it doesn't belong if alternatives are available.

              1 Reply Last reply Reply Quote 0
              • G
                Gblenn @coffeecup25
                last edited by

                @coffeecup25 said in using T-Mobile 5G as a WAN source:

                I know what a VLAN is. The comment was rhetorical.

                Ok, great, but that's not what it looks like?

                MOCA can't be WAN and LAN at the same time in this instance. The MOCA will carry the T-Mobile WAN to pfSense.

                This creates a need to get a signal back to what MOCA was previously servicing.

                Which is exactly what VLAN can do for you!

                A VLAN is a ridiculous idea here.

                I'm trying to help out here... but it's of course up to you to judge.
                VLAN however, is a cheaper and much more stable way to accomplish what you write. Mesh is typically the last resort when there is no, and can not be any wiring.
                Using basic routers in wireless bridge mode will be like the earliest poorly desinged mesh systems. At least some of the newer and more expensive solutions have a 3rd radio they use for "backhaul". And perhaps they even let you select what channels you use on the different AP's...

                Using VLAN is simple enough and let's you use the best solutions available, i.e. your existing MOCA run. Which was what you initially mentioned for the location of the TMO device, and some other stuff. And your router's wifi will be used in the way it works best, as an AP.

                But if you now say you have Cat6 that is not needed for anything else, then by all means use that if it get's you ok performance on 5G. Then there is no need for anything else, be it VLAN or mesh/wifi-bridging.

                C 1 Reply Last reply Reply Quote 0
                • C
                  coffeecup25 @Gblenn
                  last edited by coffeecup25

                  @Gblenn Thank you for your hard work.

                  As you get older you will realize that just because something can be done, that does not mean it should be done. Good use of tech requires the entire problem be defined and thought through for the best solution. The 'entire problem' is generally bigger than the single task on the table in front of you. Just because the computer guy has a good idea doesn't make it a great idea that everyone should jump on. Heroic solutions are rarely the best ones. In another instance, your idea might be fun to play with. Look up the term KISS as a problem solving concept for more information.

                  Just off the top of my head, I see a couple of problems with a VLAN. Complexity, reliability, ability for someone else to understand and work with, and redundancy. I don't think my wife wants to learn VLANs just to fix a critical network issue. On the other hand, a VLAN to set up a guest Wi-Fi is a good idea.

                  You don't seem to know what a wireless bridge is. I'll repeat some of what I wrote then bring the analogy to a wireless bridge.

                  MOCA turns RG6 cable into a Cat6 wire equivalent

                  Powerline turns electric wiring into a Cat6 wire equivalent

                  A Wireless Bridge, sometimes called a media bridge, turns a Wi-Fi signal into a Cat6 wire between devices. It does not broadcast a wireless signal. It is not a repeater. It turns a distant router into a switch after that. Identical in concept to MOCA and Powerline. I used bridges many years ago in simpler times and they worked very well.

                  Amazon has a nice looking Wi-Fi 6 Asus model for about $75. Used for less, but that's risky. Or I might get ambitious and trace Cat6 wiring back to the right outlet in the basement and save the $75. Or I might buy a pair of those $75 Asus convertible routers and make 1 a replacement AP and 1 a mesh thing. If it doesn't work well I'll convert it back into a bridge. Really good network hardware costs a lot less today than a few years ago for equivalent or better capabilities. Used equipment is more trustworthy than Amazon returns so that's a consideration.

                  G 1 Reply Last reply Reply Quote 0
                  • G
                    Gblenn @coffeecup25
                    last edited by

                    @coffeecup25 It seemed pretty clear that besides testing T-Mobile 5G, you were also looking for better wifi coverage, since you were considering mesh. And you also mention you are looking for performance and reliability.

                    So that's what I was considering when suggesting VLAN. And that's also what I was thinking of when you mention wifi bridges. Sure, a wifi bridge CAN be what you say, if you turn off the normal wifi on the router. But why select such a setup all of a sudden? It is definitely not obvious to me based on what you actually ask for.

                    And wrt VLAN I definitely disagree with you on your thougths about reliability vs wifi. Wired will give you lower latency, no interference issues, it's more secure and it doesn't degrade due to distance or environment (in this context). And as far as redundancy goes, I don't see any differences whatsoever. And you will get at least two VLAN capable switches for the price of your Asus or other wifi 6 router.
                    But I do agree it can be a bit more challenging for someone else in the household to wrap their head around, but is that even needed? And if that is a problem. perhaps a Guest VLAN isn't such a good idea either?

                    C 1 Reply Last reply Reply Quote 0
                    • C
                      coffeecup25 @Gblenn
                      last edited by coffeecup25

                      @Gblenn Thanks. No, I meant what I wrote and was not hinting at anything or issuing a cry for help regarding elementary home networking. I was hoping to save a lot of money per month over Comcast while retaining a reliable home network that provided comparable or better internet speeds. But change in one place requires more changes elsewhere sometimes.

                      I'm not going to repeat all the other details.

                      The Dual WAN setups were my only real question and I'm not sure I care about one anymore. Although I would have appreciated reading about any gotchas associated with using T-Mobile as a WAN source.

                      But, I now have access to a network wire tester. That will make testing the cat6 wire into a 5 minute job if that. I can hide the device in that particular spot so it passes the wife test. No expense or changes needed if the T-Mobile router is a keeper.

                      1 Reply Last reply Reply Quote 0
                      • C
                        coffeecup25
                        last edited by coffeecup25

                        The T-Mobile device was delivered late Monday and initially configured as standalone yesterday morning. I live about 1/2 mile line of sight from the cell tower. My 5G phone normally gets 1.2gb to sometimes 1.4gb

                        The T-Mobile internet standalone ran at the mid to high 800s without testing too hard. All sites in the house that would be good as a location for the device tracked about the same. My Comcast internet now is 500mb. So, not too bad so far. T-Mobile is said to put home internet on the 2nd lowest priority. After you hit the data cap you go down to the bottom until the next month.

                        Thanks to the wire tester, finding the cat6 wire took more time to set up than to select the proper wire. T-Mobile as a pfSense WAN source fired up by the time I cleaned up after myself.

                        Wired internet speeds dropped to the mid 400s. Pretty big but I was considered downgrading to 300 mb on Comcast if I stay with them. 2025 prices go up a lot. Still pretty good.

                        Now it's a reliability test. I left the old wire from the cable modem just dangling there so it should take a few seconds to switch back.

                        OK, as I write this, my T-Mobile wired internet just dropped. It was up for maybe 5 minutes. I wrote the above immediately after hooking it up. I finished using T-Mobile wireless - this pc is normally wired in the area serviced by the controversial MOCA. Far away from the device. T-Mobile delivered a very weak signal. Entirely unacceptable for any form of home network. The AX-21 Access Point always delivers a very strong wireless signal to this room.

                        Correction - the wireless just dropped too. Back to the basement. Comcast fired back up almost immediately as WAN.

                        Guess what's going back to T-Mobile later this week. OK Comcast, you win this time. The free 15 day trial came in handy. Back to negotiating a new contract later.

                        Edit a few hours later: The T-Mobile device has been returned.

                        I remembered fiber was installed in my neighborhood last year. The company confirmed by chat it is available at my house. One week lead time should work. Symmetrical gigabit for $50 a month for first year and $65 a month thereafter. No data caps. Lower price than Comcast for similar download speed. Free ONT. No install charge. No bad reviews anywhere.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.