Netgate SG-1000 microFirewall

Author Topic: Advise on pfSense and Tomato with Guest Wireless  (Read 161 times)

0 Members and 1 Guest are viewing this topic.

Offline kshays

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Advise on pfSense and Tomato with Guest Wireless
« on: March 06, 2018, 08:06:55 pm »

I would like to have some suggestions as to whether I have this setup correctly or is there a more efficient way of accomplishing this.  The main goal is to have the WAN, LAN, Home WiFi and a Guest WiFi.  I will list the equipment.

Pfsense box
LAN   -> ----> 8 port switch -----> Asus RT-66U with tomato installed.  Port(1).  Home WiFi
OPT1 -> ---------------------------> Asus RT-66U with tomato installed.  Port(2)   Guest WiFi

VLAN's are setup
VLAN1 - Bridged to LAN, Port1, Port3, Port4 are selected, but not tagged
VLAN2 - Bridged to WAN
VLAN3 - Bridged to LAN1, Port2 is selected, but not tagged.
LAN1 -

DHCP is not enabled on the tomato, it is enabled on the pfSense Router.

Everything works like it should, but was wondering if this is the correct way.

PS:  What if there was no 3rd NIC in the pfSense box?

Example is attached.


« Last Edit: March 07, 2018, 11:33:30 am by kshays »

Offline sjt

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Advise on pfSense and Tomato with Guest Wireless
« Reply #1 on: March 11, 2018, 04:54:58 am »
Hi kshays,

If you had no 3rd NIC on your pfsense you would tag all VLAN's on the LAN NIC and on the switch uplink port (trunk).

You would then untag/tag ports on your switch as per requirements. In your example you would:

Switch Port 1 - Tag VLAN1 & 3 (as it's carrying both Secure WiFi and Guest VLAN traffic to the ASUS RT)
Switch Port 2 & 3 - Untag VLAN1

I hope this makes sense.