I’m using a TP-Link SG108E to create a single VLAN on my network. I’ve got this working just fine. My private network has a TP-Link Archer c9 running DD-WRT for my private wifi.
Thing I’m now trying to do is figure out if I can use an old Netgear N 300 Wireless Router (WNR2000 v3) to broadcast a Wireless network for the VLAN. This way the IoT devices I have that can only connect via Wifi (Nest Thermostat, Amazon FireTV sticks etc) have a wireless place to live on my VLAN. Is there any way I can achieve this?
Do you know if I will run into problems with pfSense being the DHCP for this VLAN? I would imagine I’d need to have DHCP turned on for the Wireless AP. I probably should have mentioned that pfSense is the DHCP for this VLAN in the first place.
My only problem now is I can’t seem to access or even ping the Wireless AP on the VLAN network from my Private Network, but I can ping any other device that’s on the VLAN network from my Private Network just fine? I’m guessing it’s because I have specified a static IP for the Wireless AP so pfSense doesn’t see it and will therefore not route me to it. I’m not too keen on letting it use DHCP, so I’m not entirely sure what to do here. I’m guessing a static address can be specified but I’m very pfSense dumb and I’m not sure how difficult doing something like that would be.
However, you probably need to tweak your rules to allow all vlans to see your IoT vlan but for your IoT vlan to not see your other vlans.
With multi-SSID APs you can broadcast multiple vlans on their own SSIDs, you might still be able to do this with DD-WRT but it might also be dependent on the hardware.
I currently have only the one VLAN on my network. I currently have a webserver sitting on the VLAN that I can reach from my private network just fine. My problem is I can’t access the web-admin page to the VLAN Wireless AP despite it residing on the same VLAN that the webserver sits on. This is what’s confusing the heck out of me lol
Okay, I’m not sure why I’m unable to reach the Wireless AP when it’s on the VLAN, but I can reach my webserver that sits on the same VLAN. Here are my LAN & VLAN Firewall rules.
My webserver is 192.168.69.101 and I can ping it from my private network just fine:
Pinging 192.168.69.101 with 32 bytes of data:
Reply from 192.168.69.101: bytes=32 time=18ms TTL=63
Reply from 192.168.69.101: bytes=32 time=4ms TTL=63
Reply from 192.168.69.101: bytes=32 time=3ms TTL=63
Reply from 192.168.69.101: bytes=32 time=4ms TTL=63
My Wireless AP is 192.168.69.4 but I can’t ping it from my private network:
Pinging 192.168.69.4 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Now if I go and plug an ethernet cable into the switch that manages the VLAN, I can ping the Wireless AP just fine.
If you plug into the AP with an ethernet cable can you access the homepage of the AP ? it’s been quite a few years since I messed around with DD-WRT but you really have to make sure you have configured it correctly or it won’t work and it gives no indication that it’s not working.
Make sure you have a DHCP reservation for your wireless ap’s ipv4 address and set the gateway on your AP to your pfsense IP address, and make sure the DHCP server and firewall on your AP is disabled.
You also need to enable the STP protocol so you don’t create a network loop with your wireless AP if it’s being used as a repeater
Btw this is easier to do with openWRT if you have the option
I just tried and it would not allow me to access the homepage of the AP. I did confirm that I am on the same VLAN network via ipconfig and I’m able to reach the internet just fine. The only time I can access the homepage of the AP is if I connect to the managed switch it’s connected to.
I have a DHCP pool for the VLAN69 set to 192.168.69.100 to 192.168.69.200 on pfSense. The built-in DHCP server for the AP is currently disabled and the Gateway & DNS are all pointing at pfSense. STP is currently disabled as this device is not bridging wireless.
I’m trying to figure out a way to set a static ip address for the AP in pfSense, but because I’m forced to specify a static ip for it at the AP, pfSense doesn’t list it in Status > DHCP Leases.
That’s probably your issue. You need to create a static DHCP lease for your AP outside of the DHCP range on pfsense. Without that, you’d have to find the randomly assigned IP that pfsense is giving your AP.
