PfSense VLAN help

  • Good day!

    I am new to this forum and I really hope someone here could help me out.

    I have no experience whatsoever on VLAN, but somebody told me that VLAN is the solution to my problem.
    I will explain in detail what I want to accomplish.

    Here's what I have in me right now.

    1.  pfSense box (Intel Corei3, 4GB RAM, 500GB Storage, Builtin Gigabit LAN)
    2.  2pcs Gigabit LAN TPLink TG-3468
    3.  2pcs TPLink SF1016D Unmanaged Switch
    4.  6pcs TPLink WA901ND AP

    The setup:

    1. The internet goes to the builtin LAN of the pfsense box
    2. The 2pcs SF1016 goes to the 2pcs TG-3468
    3. The first SF1016 will be used by wired computers
    4. The second SF1016 will be used by the 6pcs WA901ND
    5. All WA901ND was configured as multiSSID (only two SSID, corporate network and guest network)

    This is what I wanted to be able to accomplish.

    1. Guest network is completely separated from the corporate network (wired and wireless corporate network)
    2. Guest network will be under captive portal
    3. Wired computers and corporate wireless network should be able to see each other

    Is this possible with unmanaged switch?

    If there is anybody out here who knows how to configure this kind of setup, any help would be greatly appreciated.



  • Already answered in private, because didn't looked posts before hand.

  • thank you very much sir

  • Hi,

    I want to do same solution. What should i do?


  • Netgate Administrator

    To do this using hardware similar to that in the first post you would need to check two things:
    1. Your wifi APs must be able to assign different virtual APs (SSIDs) to VLANs. This is a feature commonly found in enterprise grade APs but not often cheap wifi equipment design for the SOHO market. You may be able to add that feature by using an alternative firmware (dd-wrt, openwrt, etc).
    2. Your switches must be able able pass vlan tagged packets. They probably do but it's worth checking first.

    Then you assign some vlan interfaces in pfSense and use the same VLAN tags in the APs. Put in place appropriate firewall rules to isolate the different wifi networks.


    The TP-Link TL-WA901ND quoted above does support this:

    Up to 4 SSIDs and VLAN support, it allows networks administrator to segregate different services or applications to different designated users

Log in to reply