Help me Separate Wi-Fi from LAN



  • Hello all,

    I tried following the steps listed in step 3 here: https://doc.pfsense.org/index.php/InstallationGuide However, I must be getting something wrong in my setup. Here's what I did:
    WAN: 62.x.x.x
    LAN: 10.0.0.254 < – DHCP Disabled
    OPT1-Wifi: 192.168.2.5
    DHCP is enabled on OPT1-Wifi with a range of 192.168.2.5 to 192.168.2.15

    pfSense is installed as follows:

    Cable modem > pfSense > Switch > PCs

    I then setup my two access points in point-to-point bridge model, one as 192.168.0.1 and the other as 192.168.1.1. The access points were able to connect to each other (I could see them connect in each access point's 'activity' tab). I could also see the SSID being broadcasted, but when I went to connect to it, I would get disconnected before even being prompted to put the password in.

    Anyone know where I went wrong here?

    Thanks in advance!



  • UPDATE:

    I was able to connect to the access point, but I cannot access the internet while connected to WiFi. I can connect to the internet with any computer inside the LAN and can ping the computers connected to WiFi. I can also ping computers connected to the LAN from a computer connected to WiFi.

    Under Firewall > Rules > Opt1-Wifi I have:
    Pass
    Interface: OPt1Wifi
    TCP/IP Version: IPv4
    protocol: any
    source: any
    destination: any
    port range: any

    I don't see any packets being blocked on the Wifi Interface. Any ideas?



  • Did you create a NAT rule for the OPT IP range?



  • I see a couple of things:

    1. Don't you want your AP's managment IP to be in the same address space as OPT1?
    2. You made OPT1 192.1682.5 but you made your scope 192.168.2.5-192.168.2.15 which means you could have some issues there. I'm surprised you didn't get an validation error.

    What is your subnet mask of your OPT1? Can your clients see the mac address of the gateway? arp -a will tell you if they can see pfsense. Not sure what kind of Wireless routers you have but if they are not true AP then try just this:

    1. Set your PfSense LAN IP 192.1682.1 subnet mask 255.255.255.0
    2. Set your WiFi Router LAN IP to 192.168.2.2 255.255.255.0
    3. Set your WiFi Router B LAN IP to 192.168.2.3 255.255.255.0
    4. Disable DHCP on both WiFi Routers
    5. Plug Wire from Switch into the switchport of your APs not the router port (WAN or Internet)
    6. If your APs or Switch don't support MDI-X then you will have to make a crossover cable to connect switch to switchport on your APs.


Log in to reply