Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with PFSense as router, Engenius APs, Two SSIDs, different priority

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rapidfire
      last edited by

      Hi Guys! I'm new to the forums. I don't have that much knowledge about advanced networking, but I'm confident I'll be able to get this project done.

      At our school we have the following setup:

      A PFSense box running on an old and unused PC, with two NICs (I could add more if necessary but, unless I'm wrong, I don't think I'll need them).
      A Catalyst 2960 Switch
      Three Engenius EAP300 Access Points, Multi-SSID & VLAN capable.
      A 10mbps line from our local ISP.

      What I'm trying to achieve is to create two different SSIDs, a hidden one for the classroom's new computers with top priority, and another for the student's devices which should only be able to use the internet bandwidth the other network is not using at the moment.

      Should I go with VLANs? Should I use QOS? Should I use Traffic Shaping? I don't know where I should start.

      My plan is to use the first NIC of the PFSense PC as a WAN port and assign it our fixed IP address from our ISP.
      I would then create a second VLAN (let's call it VLAN2) for students, configure DHCP and install Squid/Squidguard to filter content.
      The second NIC would be configured in trunk mode and connected to the Catalyst, which should then be able to read all VLANs.
      The Catalyst would be connected to each AP in trunk mode as well.
      The APs would then be told to create SSIDs based on VLANs.

      Assuming all of this is correct, how do I limit bandwith for the student's VLAN2?

      Any help would be much appreciated,

      Matias from Argentina

      1 Reply Last reply Reply Quote 0
      • R
        rapidfire
        last edited by

        anyone, please? Thank you!

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          pfSense
          Squid
          SquidGuard
          SARG
          Traffic Shaper
          Captive Portal
          FreeRadius

          pfSense DOCs limiters
          HowTo Squid & traffic shaping
          Cisco VLAN based QoS

          • Install the WLAN APs and give them all a different static (fixed) IP address from another subnet.

          • Create four SSIDs on each WLAN AP, 2x  in the 5,0GHz for the guest & private and 2x in the 2,4GHz
            band also for guest & private too. This can be different likes you need or want t it to realize.

          • create VLAN20 2,4GHz private radius certificates

          • create VLAN30 5,0GHz private radius certificates

          • create VLAN40 2,4GHz guests captive portal

          • create VLAN50 5,0GHz guests captive portal

          • Enables QoS priority for the VLANs as you want and not per port please at the Switch and the pfSense firewall

          • All VLANs should be "tagged" based on the behavior of the multi SSIDs or more then one VLAN in use

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.