Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireless AP VLAN questions

    Wireless
    2
    3
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thatnoobguy
      last edited by

      Hello community! I am currently setting up my new home network, and wanted to ask a few questions about VLANs. I am trying to isolate 2 VLANs on the pfsense to allow 1 VLAN to be a computer lab, and the other VLAN to handle normal Internet access. Here is how my network is setup currently: ISP –---> ROUTER (192.168.1.1/24)(DHCP/NAT) -----> (192.168.1.2 WAN static) PFSENSE ROUTER (192.168.0.1/16 LAN)(DHCP/NAT) -----> (192.168.0.10 static) GS108Tv2 NETGEAR SWITCH.

      I have created 2 VLANs (20 & 30) on pfsense (192.168.20.1/24 & 192.168.30.1/24) that is then trunked to separate ports on my switch. I want to add a Wireless AP to VLAN 20 to allow devices connecting to this wireless router to access the Internet. Here are the questions that I have:

      1.) Since PfSense is handing out DHCP within the VLANs, do I disable DHCP and NAT on the wireless AP and have pfsense control that?
      2.) If I am going down this route, does the wireless AP have to be capable of handling VLANs? Or since the switch port is untagged, I just need to 
          configure the wireless AP to be in the same subnet as VLAN 20? Such as 192.168.20.20 for the wireless AP.
      3.) If the wireless AP is on VLAN (20), does everyone that connects their device to this wireless AP must configure them to be on this VLAN, or when
          connected does it automatically tag the packets when they leave the GS108T switch? For example, when I connect my Windows 7 computer into the
          switch, I must configure the VLAN in my computer's adapter settings to be on VLAN 20 in order to reach the Internet.

      If any of my questions seem confusing (I'm sure they are) let me know, and I can try explain my questions better. I've just never used VLANs before, so I have a lot of "what if's." I am completely a noob at this, so I appreciate any help anyone can give me! Thanks!

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Get rid of the /16 for starters.  You have WAN as 192.168.1.2 and LAN as 192.168.0.1/16.  192.168.1.2 is included in 192.168.0.0/16.

        1. Yes. Disable DHCP and plug the LAN into a switchport

        2. No. As long as you only want to do one network, the switchport should be untagged on the VLAN you want.

        3. No. Put the AP on an untagged port on the VLAN you want.  All traffic from all wireless clients will go into the correct VLAN.

        An untagged port is a member of one VLAN.  When traffic needs to be sent by the switch, the VLAN tag is stripped off (untagged).  When traffic arrives at the port, the VLAN tag is added by the switch then processed.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • T
          thatnoobguy
          last edited by

          Thanks Derelict! I was a little confused about tagged and untagged VLANs so thanks for clearifying that for me. (And also pointing out my mistake with the WAN IP address). I appreciate your help.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.