Multiple Adapters, VLANs, Guest Wireless Access HELP!!!
-
Below is a picture of the basic idea behind what I have setup. (Sorry its super terrible)
What I want (and normally accomplish with a NetGear UTM) is to have a LAN (192.168.0.X, em0 & em1) for wired and wireless computers (VLAN1) and a secondary LAN (192.168.250.X, em1) just for guest wireless access (VLAN2). These networks cannot talk to each other. Both networks have to have DHCP.
The WAP I'm using supports VLANs. I can link an SSID to a specific VLAN. There will be two wireless networks: WiFiSecured and WiFiGuest. Any user connecting to WiFiSecured will get a 192.168.0.X IP and any user connecting to WiFiGuest will get a 192.168.250.X IP. The WiFiSecured network needs to be able to access everything on the wired connection em0.
Been wrestling getting this working on my own for a few hours to no avail. I'm pretty new to pfSense and my tinkering with the VLANs isn't going anywhere. Any suggestions?
-
Is your switch managed and VLAN capable?
-
No. But the switch is only getting access to the wired, internal network. So all connections on it will be in the VLAN1
-
A managed, VLAN capable switch could be used in-between your EM1 interface and the AP.
Without it you have to create a bridge from VLAN1 and LAN. Try to avoid VLAN1 and use something like VLAN10 or so instead (some managed devices use VLAN1 internally).
-
Below is a picture of the basic idea behind what I have setup. (Sorry its super terrible)
It's perfect. No apologies necessary.
As has been said, there's a correct way to do it (managed switch) and a not-so-correct but not necessarily wrong way (unmanaged switch and bridged pfSense interfaces.)
Depends on your answer to the managed switch question.
-
How would I go about bridging those connections? I can't get a managed switch in there yet.
-
You need two VLANs to the AP. I will assume these are 10 for the LAN and 20 for the guest:
Create VLAN 10 with a parent interface em1
Create VLAN 20 with a parent interface em1
Create a bridge with members em0 and em1_vlan10
Assign LAN to Bridge0Set em1_vlan20 to be what you want for your guest wi-fi
Tell the AP to tag your LAN ssid with VLAN 10 and your guest SSID with VLAN 20.
