Multiple Adapters, VLANs, Guest Wireless Access HELP!!!

General pfSense Questions
Log in to reply
  • A

    Below is a picture of the basic idea behind what I have setup. (Sorry its super terrible)

    What I want (and normally accomplish with a NetGear UTM) is to have a LAN (192.168.0.X, em0 & em1) for wired and wireless computers (VLAN1) and a secondary LAN (192.168.250.X, em1) just for guest wireless access (VLAN2). These networks cannot talk to each other. Both networks have to have DHCP.

    The WAP I'm using supports VLANs. I can link an SSID to a specific VLAN. There will be two wireless networks: WiFiSecured and WiFiGuest. Any user connecting to WiFiSecured will get a 192.168.0.X IP and any user connecting to WiFiGuest will get a 192.168.250.X IP. The WiFiSecured network needs to be able to access everything on the wired connection em0.

    Been wrestling getting this working on my own for a few hours to no avail. I'm pretty new to pfSense and my tinkering with the VLANs isn't going anywhere. Any suggestions?

    0
  • jahonix

    Is your switch managed and VLAN capable?

    0
  • A

    No. But the switch is only getting access to the wired, internal network. So all connections on it will be in the VLAN1

    0
  • jahonix

    A managed, VLAN capable switch could be used in-between your EM1 interface and the AP.

    Without it you have to create a bridge from VLAN1 and LAN. Try to avoid VLAN1 and use something like VLAN10 or so instead (some managed devices use VLAN1 internally).

    0
  • Derelict
    LAYER 8 Netgate

    Below is a picture of the basic idea behind what I have setup. (Sorry its super terrible)

    It's perfect.  No apologies necessary.

    As has been said, there's a correct way to do it (managed switch) and a not-so-correct but not necessarily wrong way (unmanaged switch and bridged pfSense interfaces.)

    Depends on your answer to the managed switch question.

    0
  • A

    How would I go about bridging those connections? I can't get a managed switch in there yet.

    0
  • Derelict
    LAYER 8 Netgate

    You need two VLANs to the AP.  I will assume these are 10 for the LAN and 20 for the guest:

    Create VLAN 10 with a parent interface em1

    Create VLAN 20 with a parent interface em1

    Create a bridge with members em0 and em1_vlan10
    Assign LAN to Bridge0

    Set em1_vlan20 to be what you want for your guest wi-fi

    Tell the AP to tag your LAN ssid with VLAN 10 and your guest SSID with VLAN 20.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy