DHCP on Opt1 for Public WiFi



  • I have a new wireless router that allows multiple SSID's. I would like to get a public and secure SSID setup.

    I have a "secure" ssid setup that is on my regular windows network with windows server providing DHCP.

    My "public" ssid is tagging VLAN 100. I have a port on my switch deticated to VLAN 100 attached to my PFsense router on OPT1 (not using tagging, I have a untangle as a bridge on lan, wasn't sure if it would mess up the tagged packets).

    Can I setup DHCP on pfsense to run on OPT1 (since I am not using it on LAN) or forward DHCP traffic from OPT1 to LAN so the windows server can provide DHCP?



  • You could setup pfSense to serve DHCP addresses to OPT1 since there is no possibility of getting on LAN (aside from human mistake). You can also setup DHCP relay if you prefer to manage only 1 DHCP server. Not sure what you mean by untangle as a bridge on LAN. Usually a bridge would pass DHCP information (unless blocked).



  • Thanks for the reply. I didn't notice the tab at the top of the DHCP server page. I turned on DHCP for OPT1. As for untangle, untangle is acting as a "transparent bridge" between pfsense and my switch. I was going to have public traffic tagged as VLAN 100 connected to LAN, but untangle would strip out that tag.

    I am still having a problem with DHCP (or a more generic problem). Right now this is my setup.

    Wireless router w/ untagged  and VLAN 100 tagged packets going into a port on my switch.
    Port is setup for untagged and VLAN 100 tagged traffic.
    Another port on my switch is set for VLAN 100 only as un-tagged packets.
    That port is plugged into OPT1 on pfsense.

    trying to renew the IP on my wireless client, I see a broadcast packet hit OPT1 (using the packet capture in PFSENSE)

    I wouldn't mind starting a new thread with this issue or question, just not sure where to put it.



  • I have a setup kinda like this for my guest Wifi. I used VLAN Tagging all the way to pfSense. Give your client a static ip and dns(like 8.8.8.8). Can you route out to the internet?


Locked