NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Segregated Guest WIFI - locally managed WAX630E - help please
Hi,
My equipment: Netgear_GS116PP / NetGear_JGS616 / Pfsense Firewall
The NetGear_JGS616 switch (old) is currently in use until I have time to setup the Netgear_GS116PP switch (new)
It's kind of sad as I have two NetGear_JGS616 and 1 is brand new still in the box - I'll end up selling that one - sigh.
The WAX630E is my first commercial AP and I have no clue where to begin - well some clue but, I would like to get some direction / info before I start as this is a residential home where 1 person works from home full time and 1 person 3 days per week.
My current "in-use" setup:
PFsense firewall with 1 port in use but 2 more available if required
NetGear_JGS616
WAX630E (brand new and I love it so far)
Setup the WAX630E - default out of the box / only password changes
PFSense - installed packages: Arpwatch, Backup util,mailreport,mtr-nox, notes and pfblockerng-devel with a bunch of block lists (probably too many=paranoid)
(F.Y.I. - lotsa juice - running one of my old PC's / i7-4790 CPU @ 3.60GHz)
I would like to have a guest WIFI network segregated from internal so it only has internet access
AS I understand it I need a separate vlan for this. I am ok with that. I ahve never setup any vlan.
I have one disabled port on my firewall that is already setup on the 172.21.x.x subnet - (old work AP no longer in use)
I am OK with re-enabling that port for the AP but I would still need WIFI access for internal clients and guest clients.
Please advise me on the best way to do this?
I learn quickly and I understand more than basic network concepts but, I am certainly not a professional Network person.
ANY advise or steps are GREATLY appreciated.
Thank you ahead of time to all who try to help me out.
John
The GS110PP is an unmanaged switch, no config options, so no VLAN support.
The JGS526 is a Web configurable Plus switch with VLAN support, same apply to the WAX630E and the Pfsense firewall. Your learning has to go towards configuring the Pfsense for supporting an additional network, ideally on a VLAN, with a dedicated IP subnet, including DHCP service, ...
Said this: The data has to flow from the Pfsense to the JGS516, on either a dedicated port and network, or as a tagged port. The WAX630E must be conected to a port which (in addition to the local LAN subnet, also in use for the network admin) has to be configured as a tagged network for the guest network.
It's not difficult - just needs some learning, trial-and-error. As we're on the Netgear community here, most don't have in-depth experience on Pfsense - so take this as design and implementaiton ideas.
One thing that hurts my hopes for good performance a little bit: The WAX630E is a capable, multi-band AP, with a 2.5 GbE wired uplink (optional with a trunk with two GbE ports in a LAG).
2 Replies
The GS110PP is an unmanaged switch, no config options, so no VLAN support.
The JGS526 is a Web configurable Plus switch with VLAN support, same apply to the WAX630E and the Pfsense firewall. Your learning has to go towards configuring the Pfsense for supporting an additional network, ideally on a VLAN, with a dedicated IP subnet, including DHCP service, ...
Said this: The data has to flow from the Pfsense to the JGS516, on either a dedicated port and network, or as a tagged port. The WAX630E must be conected to a port which (in addition to the local LAN subnet, also in use for the network admin) has to be configured as a tagged network for the guest network.
It's not difficult - just needs some learning, trial-and-error. As we're on the Netgear community here, most don't have in-depth experience on Pfsense - so take this as design and implementaiton ideas.
One thing that hurts my hopes for good performance a little bit: The WAX630E is a capable, multi-band AP, with a 2.5 GbE wired uplink (optional with a trunk with two GbE ports in a LAG).
TYVM for your response.
So, perhaps getting another AP and use it just for guest access on a separate nic port/subnet with firewall rule sin place might be the easiest?
I don't mind spending money when I have to, but, I do not want to learn a bunch of stuff I won't really need (I am 60 and an IT Analyst 3 specializing in desktops, not servers, switches, routers etc.). I plan on retiring very, very soon.
A reply comment would be appreciate on what you think about the second AP on a guest WIFI - I over 4000 sq. feet in my home with the finished basement included (3980sq. feet on ground and 2nd floor) so I worry about the WIFI's interfering with each other.
I am also OK if you think I should return the unmanaged switch and purchase a managed switch - I think it was only a $200.00 difference.
Any other ideas you might ahve about this would be greatly appreciated including returning the new switch to purchase another by your suggestion.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
