Is there any way to separate wireless and WAN traffic using VLANs ?



  • Hi all,

    The ISP device that my DSL (BT inifinity, UK) terminates on is run in bridge mode, but has wireless enabled.

    The DSL connection is connected directly to the WAN port on my pfSense firewall (APU) and I use PPPOE in pfSense to connect to my ISP.

    What I'd like to do in the longer run is to connect the DSL connection to a VLAN-enabled switch, and use VLANs to ensure that the WAN traffic only goes to the pfSense APU and the wireless traffic is sent to the regular network.

    Is there any way to separate the WAN traffic by VLAN on BT Infinity? Is there a specific VLAN when running a homehub / businesshub in bridged mode that could be used for this ?

    If no-one has this specific answer, does anyone know how I'd inspect packets for VLAN information using something like tcpdump on the pfSense device ?

    Thanks,



  • @Anonymouslemming:

    …connect the DSL connection to a VLAN-enabled switch, and use VLANs to ensure that the WAN traffic only goes to the pfSense APU and the wireless traffic is sent to the regular network.

    Huh?
    So you want your DSL modem to route traffic to separate subnets? That's a router's job, not a job for a modem.
    What is "regular network" you reference with wireless traffic?



  • @Anonymouslemming:

    Hi all,

    The ISP device that my DSL (BT inifinity, UK) terminates on is run in bridge mode, but has wireless enabled.

    I do not believe this is possible, or at least it isn't very likely. Normally, when you configure a DSL router to bridge mode, the wireless is turned off because there isn't an IP subnet available to it.



  • @jahonix:

    Huh?
    So you want your DSL modem to route traffic to separate subnets? That's a router's job, not a job for a modem.
    What is "regular network" you reference with wireless traffic?

    At the moment, the DSL modem is connected directly to the APU. I want to connect it to a switch instead. I then want to have one VLAN where all WAN traffic is only broadcast to the switch port that the WAN port of the pfSense is plugged into. I want a separate VLAN where for all other traffic coming over that link, which is just wifi-connected devices.



  • @GomezAddams:

    I do not believe this is possible, or at least it isn't very likely. Normally, when you configure a DSL router to bridge mode, the wireless is turned off because there isn't an IP subnet available to it.

    Wireless on the device is still on, and I can see traffic from connected devices. The traffic is being blocked at the WAN port, which is expected, hence the desire to identify whether the WAN traffic is on a dedicated VLAN.



  • You cannot use the WLAN of your "ISP device" when in bridge-mode. Get a separate AP for that and hook it up through pfSense as well.
    This way you can place the AP where it has best coverage and not where your DSL is terminated.


  • Rebel Alliance Global Moderator

    Normally when you put a wifi router into bridge mode the wifi would be disabled, if yours is still on - I would connect to it and disable it.  If you can not connect to it while in bridge mode then put it back in router mode, disable the wifi and then back to bridge.

    As stated if you want to use vlans with your wireless network - get a AP that supports them, and make sure your switch supports them as well.  Unifi makes reasonable priced AP that do vlans, the latest gen AC lite model is under $100 - I have multiples SSIDs running on different vlans.