Hi all,
pfSense newbie here and I’d just like to check if I got my network design right.
So I have a pfSense box, with 6x LAN interfaces, Unify 16 port managed switch and 2x Unify APs.
I would like to have three separate WiFi networks on both Unify APs.
As far as I understand I have to set up a separate VLAN for each WiFi network on the same physical LAN interface?
I can’t set this up without VLANs and have each physical LAN interface set up as a separate WIFi network?
Thank you.
You can create up to 4 SSID’s on the AP’s and then assign the SSID to any defined network managed by the controller. So if you say wanted to have all three SSID’s go to the same network you just have to pick it from the drop down:
Given that APs (generally) only have one LAN port, yes, you will have to use VLANs when you want to have more than one network on the same AP.
Since you mentioned the 6 LAN interfaces on the router: It’s up to you how to make the connection from the router to the switch(es). Given that pfSense distinguishes between interfaces and network ports, for the sake of clarity, I’m gonna do the same here: Interfaces are where you configure IP addresses, DHCP server etc. and network ports are the physical ports on the machine. When you go to Interfaces → Assignments in the web configurator, you can map network ports or a combination of network ports and VLAN IDs to interfaces. It’s a useful layer of abstraction, e.g. it allows you to upgrade the network card say from 1GbE to 10GbE without losing your configuration.
With that out of the way, you can do two things. Either map each network port to an interface and connect all of these ports to untagged ports on the switch. What I prefer though is to create VLAN interfaces in pfSense on one of the ports and then connect that network port to a tagged (or “trunk”) port on the switch. Better yet, to improve performance and redundancy, you can do this on top of link aggregation.
