Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense VLAN help

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      allanguintu
      last edited by

      Good day!

      I am new to this forum and I really hope someone here could help me out.

      I have no experience whatsoever on VLAN, but somebody told me that VLAN is the solution to my problem.
      I will explain in detail what I want to accomplish.

      Here's what I have in me right now.

      1.  pfSense box (Intel Corei3, 4GB RAM, 500GB Storage, Builtin Gigabit LAN)
      2.  2pcs Gigabit LAN TPLink TG-3468
      3.  2pcs TPLink SF1016D Unmanaged Switch
      4.  6pcs TPLink WA901ND AP

      The setup:

      1. The internet goes to the builtin LAN of the pfsense box
      2. The 2pcs SF1016 goes to the 2pcs TG-3468
      3. The first SF1016 will be used by wired computers
      4. The second SF1016 will be used by the 6pcs WA901ND
      5. All WA901ND was configured as multiSSID (only two SSID, corporate network and guest network)

      This is what I wanted to be able to accomplish.

      1. Guest network is completely separated from the corporate network (wired and wireless corporate network)
      2. Guest network will be under captive portal
      3. Wired computers and corporate wireless network should be able to see each other

      Is this possible with unmanaged switch?

      If there is anybody out here who knows how to configure this kind of setup, any help would be greatly appreciated.

      Thanks,

      Allan

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by

        Already answered in private, because didn't looked posts before hand.

        1 Reply Last reply Reply Quote 0
        • A
          allanguintu
          last edited by

          thank you very much sir

          1 Reply Last reply Reply Quote 0
          • S
            sgtr
            last edited by

            Hi,

            I want to do same solution. What should i do?

            Regards,
            SGTR

            Bir umut olmasa bile Asla Pes Etme.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              To do this using hardware similar to that in the first post you would need to check two things:
              1. Your wifi APs must be able to assign different virtual APs (SSIDs) to VLANs. This is a feature commonly found in enterprise grade APs but not often cheap wifi equipment design for the SOHO market. You may be able to add that feature by using an alternative firmware (dd-wrt, openwrt, etc).
              2. Your switches must be able able pass vlan tagged packets. They probably do but it's worth checking first.

              Then you assign some vlan interfaces in pfSense and use the same VLAN tags in the APs. Put in place appropriate firewall rules to isolate the different wifi networks.

              Steve

              Edit:
              The TP-Link TL-WA901ND quoted above does support this:
              @http://www.tp-link.com/en/products/details/?model=TL-WA901ND#fea:

              Up to 4 SSIDs and VLAN support, it allows networks administrator to segregate different services or applications to different designated users

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.