Adding an External Access point to Pfsense



  • Ok, I'm not a total noob here, but can't seem to find the right search terms… maybe I'm just trying to make this too hard.

    I have pfsense 2.0 installed on a box with three interfaces. em0 is wan, em1 is lan out to a 24 port switch, and em2 is OPT and is going to connect to a wireless N access point. At least that's the plan.

    Ultimately I'd like to combine (bridge?)  the lan and the OPT together so that anyone who connects through wireless has the same subnet and filtering as those who connect wired.

    DHCP and DNS are going to be handled by the SBS Server onsite.

    Is there a way to do this, and if so, How?

    Ultimately I want it to work the same as if I just plugged an Access point into the switch the whole network is going to use. Am I making this too hard?

    Shawn


  • Netgate Administrator

    Yes you can do this. Yes it's easy to get confused!  ;)

    There are quite a few descriptions of how to do this of varying quality IMHO.

    There's this detailed description from Wallabybob:
    http://forum.pfsense.org/index.php/topic,48093.msg253754.html#msg253754

    This blog post which is pretty nice:
    http://blog.qcsitter.com/BSDay/index.php?/archives/2-Bridging-the-pfSense-2.x-wireless-divide.html

    This description which is a bit lacking IMO:
    http://forum.pfsense.org/index.php/topic,20917.msg128389.html#msg128389

    My own effort, which is low on detail and probably not directly applicable in your case as it doesn't use LAN  ::):
    http://forum.pfsense.org/index.php/topic,25011.msg236750.html#msg236750

    Come back and ask.

    Steve



  • I went through this a while back, so here's what I remember;

    • It's possible to bridge the wireless & lan as per the links stephenw10 gave.
    • Choose your AP carefully, if you haven't already bought it, as you might want a device which can do multiple SSID's + VLAN's later on, eg: CPortal for outside people/personal devices.
    • And if you do vlan's later on, you won't be able to bridge a vlan to your 'real' lan interface.. but that's for another topic  :)


  • Thanks Guys! Learning a lot from those links…  I appreciate it.

    Shawn
    4byte4.com Computer Services



  • @thermo:

    I went through this a while back, so here's what I remember;

    • It's possible to bridge the wireless & lan as per the links stephenw10 gave.
    • Choose your AP carefully, if you haven't already bought it, as you might want a device which can do multiple SSID's + VLAN's later on, eg: CPortal for outside people/personal devices.
    • And if you do vlan's later on, you won't be able to bridge a vlan to your 'real' lan interface.. but that's for another topic  :)

    This.  Most business class APs support multiple SSIDs (which are usually assigned a VLAN that's tagged by the AP) nowadays.  I can't think of one client of mine that has wireless that doesn't have a need for a guest, Internet only SSID/VLAN; it's the standard way we setup wireless at any installation.



  • A well-supported Atheros-based AP with OpenWrt on it can satisfy those requirements when you need something cheap (possibly other device/OS combinations will work, too, but I have no experience with others for those types of devices, as OpenWrt is the only third-party firmware that supports mine).


Log in to reply