Menu
What's new
By:
Filters Better Search

Need help in how to set up a proposed network solution

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I

imnotapro

New Around Here
I don't know if this is even possible or if its beyond the scope of what Asus routers / Merlin firmware is capable of but here we go.

I currently have an ESXi server that is running virtualised pfSense as my router and firewall. I am currently using my ASUS RT-AC3200 as an access point to provide internet to all the wireless devices in my network.

What I want to do is create 5 wireless networks each with its own subnet and IP's that a device can connect to based on what it is. Each SSID should be assigned to each port on the ASUS router as follows.

Here is what I had in mind:

pfSense LAN -> WAN port -> SSID: WiFi_Admin - IP: 192.168.1.0

pfSense port 1 -> eth0 (LAN port 1 on ASUS router) -> SSID: WiFi_Home - IP: 192.168.2.0

pfSense port 2 -> eth1 (LAN port 2 on ASUS router) -> SSID: WiFi_VPN - IP: 192.168.3.0

pfSense port 3 -> eth2 (LAN port 3 on ASUS router) -> SSID: WiFi_IoT - IP: 192.168.4.0

pfSense port 4 -> eth3 (LAN port 4 on ASUS router) -> SSID: WiFi_Guest - IP: 192.168.5.0

So to explain, there will be 5 SSID networks. Each SSID will correspond to a port on the router which will be connected to pfSense and depending on what SSID a device connects to they will be on that subnet. I want pfSense to also hand out DHCP leases so I need the ASUS router to query the pfSense DHCP server.

What I'm trying to achieve is network segmentation based on what device connects to it and prevent one device on one SSID see another on a different SSID which I understand I will have to play with pfSense's firewall rules to acheive this.

I think a better of describing what I want to do is:

Create 5 bridges. Each bridge will be assigned a port on the router. That bridge will also have 2 SSID's (2.4 & 5 Ghz) and each bridge will be given its own subnet and then all traffic will be routed to pfSense which will provide it with DHCP leases and internet access

Tl;Dr: I want to create 5 SSID's with each SSID corressponding to a port on my ASUS router and then connect all 5 ports to my pfSense machine so they all each have their own network.
 
Last edited:
Im no expert but do understand i think what your wanting. It would make sense to me that most of your work there would need to be done on the pfsense machine thats handing out the ip's. You could easily achive this with 5 routers obviously each with theyre own dhcp but with your setup the pfsense box will need to know what port a device is connected on and hand out ip's based on that. Ive never used pfsense so unfortunatly cant help you with how to do it if its even possible.
 
If you get an access point that handles VLANs this is easily done. The AC3200 won't do for this application. FYI, individual Ubiquiti Unifi access points support 4 SSIDs using VLANs. I have this working well here though only using 3 SSIDs.
 
Last edited:
I'm pretty sure that you can't do vlan tagging with most home based routers. You may have better luck looking into doing this with dd-wrt.
 
Sinner said:
Im no expert but do understand i think what your wanting. It would make sense to me that most of your work there would need to be done on the pfsense machine thats handing out the ip's. You could easily achive this with 5 routers obviously each with theyre own dhcp but with your setup the pfsense box will need to know what port a device is connected on and hand out ip's based on that. Ive never used pfsense so unfortunatly cant help you with how to do it if its even possible.
Click to expand...

I can handle the pfSense side of things, It's just how would I go about getting the router to query the DHCP server on pfSense instead of using it's own DHCP server. When I put the router into AP mode, it queries pfSense for DHCP leases but then I can't do anything else, simply because I don't know how to.

I've been doing some searching and discovered bridging and what not. If I could create 5 bridges on the router, with each bridge assigned to a port on the router and then set those bridges up with it's own IP and SSID and set the bridge to query pfSense for leases I think I could achieve what I want.
 
You must log in or register to reply here.

Similar threads

GShlomi
Two WANs but not dual-WAN, with port-forwarding
Replies
7
Views
472
GShlomi
GShlomi
GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
149
GShlomi
GShlomi
L
Setting up 2 mac addresses to same IP in dnsmasq.conf.add
Replies
6
Views
362
Ripshod
Ripshod
M
Guest SSIDs and VLAN tagging
Replies
9
Views
2K
drinkingbird
drinkingbird
M
OpenVPN clients cannot connect to LAN computers.
Replies
0
Views
132
MNBob
M
Similar threads
Thread starter Title Forum Replies Date
C Solved Need help with nat-start scripts Asuswrt-Merlin 3
G Need help with VPN Asuswrt-Merlin 2
C Need some help with a DHCP problem Asuswrt-Merlin 9
C Need help with GT-AXE11000 and DNS Director Asuswrt-Merlin 0
Spydawg need help with network loop. Asuswrt-Merlin 9
K Solved Need help to compile Realtek r8152 driver for RT-AX88U Asuswrt-Merlin 4
C Need urgent help with home internet w/ RT-AC68U! Willing to do anything to get this fixed! Asuswrt-Merlin 5
A Solved Need help setting up DDNS for cloudflare Asuswrt-Merlin 4
K Need help with a bad DHCP issue!!!! Asuswrt-Merlin 6
C Need help with Cake SQM Asuswrt-Merlin 12

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 992 (members: 17, guests: 975)
Top