Pfsense, dd-wrt - Multi-VLAN setup guidance

  • I've dabbled with networking a bit over the years but I am, by far no pro so, I turn to you for a little advice & guidance:

    Old Dell laptop sporting a Pentium M 1.73GHz processor, 2Gb ram, an 80Gb hard drive, 1 onboard NIC, 1 PCMCIA Netgear NIC, both 10/100
    Linksys WRT54G v1 w/DD-WRT v24-sp2

    Create 2 separate networks
    Both networks should have wireless access but should not be able to communicate with each other
    Both networks should pass all traffic through pfsense & squid for traffic monitoring

    Currently I have the DD-WRT router set as a WAP connected to the PCMCIA NIC. I know that both devices, the pfsense laptop & the DD-WRT support VLAN's and that is what is needed but, I do not know how to set it up. I believe I need to create VLANs on both but I do not know how to connect the two together through the one PCMCIA NIC. Is this setup with only 2 NICs sufficient or will I need to setup a multi-NIC box?

    I also know that this is not a new subject. I have found several similar post with similar hardware but no clear instructions or guides.

    Any help would be greatly appreciated!!

  • As long as you have the VLAN tab in DD-WRT setup will be easy. On the ones without VLAN isn't supported, I suspect just for the switch. However on the units VLAN wasn't shown, I didn't have much luck. For the units fully supported the below instructions worked well for me. What messed me up was trying to do the VLAN stuff on the Networking tab, only setup your bridging there. Multiple BSSID with mixed encryption modes – all on separate VLAN is working rather well for me.

    • Setup and assign the VLANs on pfSense, DHCP server, etc. Ensure the VLANs to be used on the DD-WRT device are VLAN 1-15. Optional, but recommended: assign unique MAC address to each VLAN interface.

    • On DD-WRT setup VAP:

    1. Navigate to Wireless > Basic Settings
    2. Click Add under Virtual Interfaces to add as many interfaces needed.
    3. Configure SSID for each VAP. Leave each VAP as "Bridged."
    4. Configure security settings for each VAP under Wireless > Wireless Security.
    • On DD-WRT setup VLANs: Unless noted, click "Save," not "Apply"
      1. Navigate to Setup > VLANs tab
        (If Setup > VLANs tab is not present, device does not support VLAN)
      2. Make sure the Tagged box is selected on the column marked "W," and then check off the VLANs to be used in this same column.
      3. Make sure your management VLAN is set "Assign to bridge: LAN" and no other VLANs have this setting
      4. Assign other ports to their respective VLANs
      5. Navigate to Setup > Basic Setup and select "Connection type: Disabled" and "Assign WAN port to switch" disabled.
      6. Navigate to Setup > Networking and under Bridging click add until you have as many bridge interfaces as VLANs. Click save and reboot the device is needed.
      7. Navigate to Setup > Networking and under Assign to Bridge click add until you have double the assignments as bridges. Assign 1 VLAN and 1 WiFi interface to each bridge. When finished, click Apply.

  • Won't have a chance to try this out until a little later today but I just wanted to say thanks for the response. If I can get everything setup the way I hope to, I plan to write a very detailed tutorial as this has been a very frustrating experience.

Log in to reply