Interesting! Does this mean that by disabling the WAN port on the DD-WRT device and getting it to act as switch, then the pfSense router device actually sees multiple network domains on the same LAN port? I guess this is probably due to the fact that I don't understand VLANs ...
Currently, I have LAN port on pfSense device set to 192.168.2.2 and WAN port on DD-WRT set on 192.168.2.3. The wireless network is set on 192.168.3.X. From what I understand from your guide, it would seem that you have created virtual wireless networks (wl0.1, wll0.2) in STEP 2, then you activate VLAN 5 and 15 and assign them to the WLAN port, then you create the bridges which tells DD-WRT to assign wl0.1 to VLAN 15 via bridge 1 and wl0.2 to VLAN 5 via bridge 2. Correct? This seems to be quite powerfull but I guess the art is actually happening on the router (pfSense) where you have to craft the firewall rules correctly or the there could be problems. Is this where jmitchel's answer can help? Thanks for your help both, much appreciated. Antonio -- Respect your privacy and that of others, don't give your data to big corporations. Use alternatives like Signal (https://whispersystems.org/) for your messaging or Diaspora* (https://joindiaspora.com/) for your social networking. Il 11/03/2018 01:47, Moshe Katz ha scritto: > The most reliable way to do it is to set up two VLANs for your > wireless, with your Home network on one of them and your Guest network > on the other, and to configure the firewall rules in pfSense for the > LAN-LAN traffic. > > DD-WRT officially supports VLAN tagging (802.1q), but it only works on > some hardware. On other hardware, you need to use "Port-based" VLANs, > which would probably require an additional LAN port to be configured > on your pfSense. > Here are instructions for "Port-based" VLAN configuration, with an > example that uses three > networks: > https://community.spiceworks.com/how_to/32549-ddwrt-multiple-ssids-with-vlans > > > NOTE: I do not currently have hardware that is running DD-WRT at home, > so I am writing this from memory (and from links to resources I have > used in the past). > > Also, note that you don't need to use the separate 2.4Ghz and 5Ghz > radios in order to do this. Most hardware supports running multiple > SSIDs (a.k.a. WiFi network names) on a single band, so you could have > both of your WiFi networks on both bands - 5Ghz for performance and > 2.4Ghz for longer range. Most modern dual-band devices will > automatically pick the best oft eh two signals. > > -- > Moshe Katz > -- mo...@ymkatz.net <mailto:mo...@ymkatz.net> > -- +1(301)867-3732 > > On Sat, Mar 10, 2018 at 6:54 PM, Antonio <m...@geotux.it > <mailto:m...@geotux.it>> wrote: > > Hi pfSense experts, > > I was hoping you could help me with a config questions. I have pfSense > configured as main routed for my network. The WAN is connected to DSL > modem, one LAN on a ethernet switch and another LAN port on a Netgear > R8000 with dd-wrt installed. One of the cool features of the R8000 is > that it has two seperate wireless networks: 2.4GHz and 5GHz. > > I wanted to use one for guest and only allow access to internet while > the other for permitted users (family members) that would also have > access to the local network. How am I going to achieve this on pfSense > though? is it a matter of closing access to local network for all IPs > coming from the AP except those I want to permit (family devices) > or is > there a simpler way of doing this i.e. VLANs? > > I look forward to your reponse. > > Thank you > > -- > > > Respect your privacy and that of others, don't give your data to > big corporations. > Use alternatives like Signal (https://whispersystems.org/) for > your messaging or > Diaspora* (https://joindiaspora.com/) for your social networking. > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > <https://lists.pfsense.org/mailman/listinfo/list> > Support the project with Gold! https://pfsense.org/gold > > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
