Pfsense 1.2.3 and multiple SSID WLAN utilizing VLANs

  • Hi,

    I'm driving myself crazy trying to setup a configuration as follows:

    Internet -> pfSense 1.2.3 -> Netgear GS724TPS Smart Switch -> Netgear Access point (WNAP320) running 1 untagged and 1 tagged SSID/VLAN.

    My goal is to have the untagged SSID run against the "core" network while the tagged SSID/VLAN would be for guests so they cannot access my internal network.

    Working backwards, I setup the following:
    1. primary SSID on VLAN 1 untagged and the the secondary (guest) SSID on VLAN20.
    2. Created VLAN20 on the switch and set VLAN20 as "tagged" on the switch.
    3. Created VLAN20 in pfSense and setup DHCP on this VLAN for (General Internal is set to
    4. Associated with the guest SSID, and I'm receiving an IP in the network but I'm not able to access the internet.

    I think I'm close here but must have a step missing?

    One more question I have is….I do not want this guest VLAN to be able to speak to my network. Is it possible for someone to associate to the guest SSID and manually set an IP in the network and gain access? Do both of the SSIDs need to by tagged for "better" security or is my config OK? Any suggestions to my approach would be great!

    Is there an example of this in the forums somewhere? I searched but didn't get a perfect hit

  • Did I put this in the wrong forum? :)

Log in to reply