How to set different DHCP Pools and subnets/VLANs for SSIDs?
I have a pfSense router connected to a TP-Link TL-SG1024DE. I have a software controller and two EAP225s.
I want to setup two SSIDs - Business and Guest
Business will be on VLAN 20 along with a server and a few other wired devices. The subnet for this will be 10.1.2.x with a DHCP pool of 10.1.2.100 - 10.1.2.252
Guest will be on VLAN 50 with a subnet of 10.1.5.x with a DHCP pool of 10.1.5.100 - 10.1.5.252
What's confusing me the most is that I want the access points themselves to be on VLAN 10 (Managament VLAN - along with my router and switch) but I want the SSIDs to be on 2 different VLANs. What's the proper way to configure that?
Hi Ernie, the 'Omada Way' assumes their typical structure which is:
router->switch(es)->APs
For the most harmony between your Omada Controller and Omada Switches and the 3rd party/unmanaged bits (pfsense and SG1024) you should adopt the controller strategy, where every LAN subnet can be assigned a VLAN, and SSIDs get mapped to subnets. ACLs are typically done in the managed switch(es) (which are SG2XXX or SG3XXX series).
Probably the easiest way to 'design' your network is to build your local LANs in the Controller UI, and then replicate the bits that you need in order for it to work, ie make the pfsense look like the Omada router would. Based on your outline you will need:
Mgmt: 10.1.1.0/24. VLAN 10
Biz: 10.1.2.0/24. VLAN 20
IOT: 10.1.5.0/24. VLAN 50
From the above you will you need to configure the pfsense with those 3 subnets, DHCP ranges as appropriate, and then figure out if you are trunking VLANs between the pfsense and the switch, or if you are using discrete ports. Finally, you need to map the ports on the switch to the 3 VLANs:
The controller should set up the APs, and if you get the switch and the pfsense right, your traffic will flow :)
Hi Ernie, the 'Omada Way' assumes their typical structure which is:
router->switch(es)->APs
For the most harmony between your Omada Controller and Omada Switches and the 3rd party/unmanaged bits (pfsense and SG1024) you should adopt the controller strategy, where every LAN subnet can be assigned a VLAN, and SSIDs get mapped to subnets. ACLs are typically done in the managed switch(es) (which are SG2XXX or SG3XXX series).
Probably the easiest way to 'design' your network is to build your local LANs in the Controller UI, and then replicate the bits that you need in order for it to work, ie make the pfsense look like the Omada router would. Based on your outline you will need:
Mgmt: 10.1.1.0/24. VLAN 10
Biz: 10.1.2.0/24. VLAN 20
IOT: 10.1.5.0/24. VLAN 50
From the above you will you need to configure the pfsense with those 3 subnets, DHCP ranges as appropriate, and then figure out if you are trunking VLANs between the pfsense and the switch, or if you are using discrete ports. Finally, you need to map the ports on the switch to the 3 VLANs:
The controller should set up the APs, and if you get the switch and the pfsense right, your traffic will flow :)
Check this this for setting the management vlan, and go to Settings > Wireless Networks > WLAN, enable VLAN for the different SSIDs.
Now you will see the different clients connecting to the different SSIDs wiil be in the different VLANs.