Hello folks, (Hey Tom!) I’m looking to redesign my home network. Currently, I have a Motorola cable modem connected to the WAN side of my TP-Link router. I have both primary and guest wifi networks. Doorbell, Nest, Echo dot, and other IoT devices are connected to the guest network while everything else is on the primary. Nothing is wired (yet). VERY BASIC.
My goal is this. I’d like to run PFSense as my edge router. Have multiple wifi networks: Guest, Primary, and a kids network with more restrictions. ( I want to restrict the devices my kid uses but not mine) I’m assuming each SSID would have its own VLAN associated with it. Do I absolutely need a managed switch in between my AP and PFSense? Is there an inexpensive AP someone can recommend that supports multiple SSID’s, Vlans, etc? Am I going about this wrong? Can I accomplish what I want only with PFsense and avoid purchasing new equipment? If there is a better configuration someone can suggest?
The PFSense box I bought is a Mini Itx Linux Q330G4 Intel Core I3-4005U,1.7Ghz (8Gb Ddr3 Ram 16Gb Ssd) AES-NI, 4 Gigabit LAN Ports
I would get a Ubiquiti AP. You are correct that you want to associate a SSID (wireless network name) to a VLAN. I would configure the port that the AP will plug into as a trunk port and create VLAN interfaces on the pfSense to connect via that physical port. Once you have your interfaces setup you should be able to create the firewall policies required.
Thanks Fred. I was looking at the UniFi nanoHD but 200+ concurrent device support seemed like overkill for my tiny network. Maybe I was looking at the wrong area.
If your AP is going to connect to your switch and not directly to the PF Sense, yes you’ll need a managed switch so that you can configure which ports carry which VLANs. If you have an extra port on the PF Sense and you don’t need any VLANs on your switch, you can skip the managed switch.
Thanks Mike. If I can avoid buying a switch, I’d prefer that. Yes I bought a 4 port device for PFSense. I’m playing with the management interface on a VM right now. How would I configure the interface on PFSense to “Trunk” all the vlans to the AP?
Update: I think I found it. Have to make sure the parent interface is the same, correct?
you can use TP Link EAP225 its much cheaper than Unifi. Unifi is good for higher density use, I use TP Link EAP 225 for a family of 8 people and lot of device. I have 6 SSID running on EAP and very happy with results, been using it for a year now.
Best part is EAP controller is also very cheap, you can also virtualise or put EAP on Rasbery Pi. I use EAP on a virtual Linux instance for 2 EAP 225.
You can use any Smart Switch for that, you dont require expensive managed switch.
I don’t think your ports on your pfsense box can act as a switch, so it’s probably tricky to get your vlans working to your AP, though I could be wrong, you can test it out.
I would save myself the hassle and buy a PoE switch, there are several that are at all budgets.
Like @abhay9 says the TP Link EAP access points work well, I have the EAP245 with no issues for the last 18m. However, if you only have one AP you don’t need to run the controller software it’s optional, it will be needed if you have more than one.
Having a PoE switch allows you to run an ethernet cable to the AP meaning you can place it anywhere, usually, you want it high and central.
It has 8 SSID bands (8 on 5GHz and 8 on 2.4Ghz). In the UK it also comes with an injector if you don’t use a PoE switch.
Thanks for your suggestions everyone. Sorry, I’ve been off the forums for a while (but still watch Tomz videos) I’ve dumped PFSense for Untangle and I love it. My UAP-AC-Lite has been humming away. Been running both for over a year now. It’s been able to do everything I need to do regarding multiple SSID’s VLANs special rules for my kids network, etc. I don’t know why it took me so long but I just put in Adguard Home. WOW does it block a lot of BS. My DirecTV Stream box was spying on me so much!
Hi! Was wondering what made you to ultimately choose Untangle? Thanks!
Background: I’ve used Untangle Home Basic for a year. Then switched to pfsense. But some banking apps won’t work due to pfblockerng and I don’t want to wrestle with it every time this happens. To say nothing of the ads that still pass through and Unbound being wonky every so often. So I’m trying Untangle(16.6) again. It’s really the $150 premium to be able to use WAN Failover and Balancer, which I bother need, that’s holding me back.
I hate to break it to you but enabling blocking tools isn’t a “set it and forget it” tool. If stuff is getting blocked then there will need to be intervention to allow false positives. Switching platforms won’t solve your problem.