Instant On - Wireless

Hello-

After the following discussion:
Instant On - Wireless

Arubainstanton		remove preview
Instant On - Wireless I am planning on building the following network primarily based on pre-existing cabling in my three-story house. I would really like if I could use the 1930 sw View this on Arubainstanton >

I settled on setting up my network, using the pfSense as the router to my network.  I have it pretty much set up and all my VLANs are configured and working properly.  Here is the topology of the network:


It is currently working, but I know that my configuration is incorrect and I am looking for guidance on how to properly configure my mgmt network.  It is in the current configuration, because of a lot of "hacking", and like I said, it is working, but I want to have a solid understanding of how it really should be configured and hope that I stop shooting myself in the foot with experimentation.

Here is what I currently have:
1) pfSense LAN: 10.5.5.0/24 w/DHCP
2) pfSense OPT (LAN2): 10.3.1.0/24 w/DHCP
3) pfSense SWITCH (bridge of LAN and LAN2): 10.1.1.0/24 w/DHCP
4) AIO MGMT VLAN: 10.5.5.0
5) AIO 1930 connected to pfSense LAN2 (OPT)
6) AP11D connected to pfSense LAN (as shown in diagram above)

I am wanting to assign Static IPs, and was hoping to use the SWITCH as the AIO MGMT VLAN.  I had assigned static IPs to all my devices on this.  I had also set the MGMT VLAN to this same network using 10.1.1.0.  I was concerned that maybe VLAN tagging was causing some conflict between the AIO VLAN 1 and pfSense VLAN1, so I made some changes and played around with it. However, I had some problems with getting all of my APs up.

I am not looking for help with pfSense config, but I would like recommendation/advice on what value I should use for the AIO MGMT and whether I should use this BRIDGE within pfSense or keep both LAN and LAN2 as two separate networks and use FW rules to allow them to interact with each other.

As I mentioned, I currently have all of my devices up with the configuration above and it is working. (I'm actually kind of surprised about that.)  Here are the IPs of each of my AIO devices:  The BASE AP11D is connected directly to the pfSense LAN port.  The two devices on 10.1.1.0 network are statically defined.  The 1930 switch, also has a statically defined IP, but it is on the 10.3.1.0 network.  The other AP11D was not working with the 10.1.1.0 static IP I gave it.  It showed up as a wired client, but did not start as a device.  I reset it and cleared the static IP, and then it was able to establish on the 10.3.1.0 network and is working fine.  (I had DHCP disabled on both LAN and LAN2, with everything on the SWITCH 10.1.1.0 network and even AIO MGMT set to 10.1.1.0, which is what I assumed was the correct configuration, but couldn't seem to get that to work.)


Also, I have not closed any of my firewall rules on my internal networks, so they are completely open at this time.

Thank you!

I reverted back to the configuration that I thought should work.  I aligned the AIO MGMT network to the pfSense SWITCH network ip addresses. I disabled the DHCP servers on my LAN and LAN2 interfaces, leaving only the SWITCH DHCP enabled. I kept statically defined IP addresses for each of my devices.  I brought everything back up and could not get the AP11D BASE to be discovered/start by AIO.  (BASE is the AP11D plugged directly into the pfSense router/fw.)  I could get BASE onto the network if I plugged it directly to the 1930, but this configuration will not work for my house.

The only way I could get BASE to start, was by enabling DHCP on the interface it was connected to, deleting it's static IP address on the SWITCH network, and allowing it to join AIO on a different network than the AIO MGMT network.  This seems to work and is reliable, but not sure why.

Thanks

Original Message:
Sent: 01-06-2023 12:22 PM
From: David Schild
Subject: Using pfSense as router to AIO network

Hello-

After the following discussion:
Instant On - Wireless

Arubainstanton		remove preview
Instant On - Wireless I am planning on building the following network primarily based on pre-existing cabling in my three-story house. I would really like if I could use the 1930 sw View this on Arubainstanton >

I settled on setting up my network, using the pfSense as the router to my network.  I have it pretty much set up and all my VLANs are configured and working properly.  Here is the topology of the network:


It is currently working, but I know that my configuration is incorrect and I am looking for guidance on how to properly configure my mgmt network.  It is in the current configuration, because of a lot of "hacking", and like I said, it is working, but I want to have a solid understanding of how it really should be configured and hope that I stop shooting myself in the foot with experimentation.

Here is what I currently have:
1) pfSense LAN: 10.5.5.0/24 w/DHCP
2) pfSense OPT (LAN2): 10.3.1.0/24 w/DHCP
3) pfSense SWITCH (bridge of LAN and LAN2): 10.1.1.0/24 w/DHCP
4) AIO MGMT VLAN: 10.5.5.0
5) AIO 1930 connected to pfSense LAN2 (OPT)
6) AP11D connected to pfSense LAN (as shown in diagram above)

I am wanting to assign Static IPs, and was hoping to use the SWITCH as the AIO MGMT VLAN.  I had assigned static IPs to all my devices on this.  I had also set the MGMT VLAN to this same network using 10.1.1.0.  I was concerned that maybe VLAN tagging was causing some conflict between the AIO VLAN 1 and pfSense VLAN1, so I made some changes and played around with it. However, I had some problems with getting all of my APs up.

I am not looking for help with pfSense config, but I would like recommendation/advice on what value I should use for the AIO MGMT and whether I should use this BRIDGE within pfSense or keep both LAN and LAN2 as two separate networks and use FW rules to allow them to interact with each other.

As I mentioned, I currently have all of my devices up with the configuration above and it is working. (I'm actually kind of surprised about that.)  Here are the IPs of each of my AIO devices:  The BASE AP11D is connected directly to the pfSense LAN port.  The two devices on 10.1.1.0 network are statically defined.  The 1930 switch, also has a statically defined IP, but it is on the 10.3.1.0 network.  The other AP11D was not working with the 10.1.1.0 static IP I gave it.  It showed up as a wired client, but did not start as a device.  I reset it and cleared the static IP, and then it was able to establish on the 10.3.1.0 network and is working fine.  (I had DHCP disabled on both LAN and LAN2, with everything on the SWITCH 10.1.1.0 network and even AIO MGMT set to 10.1.1.0, which is what I assumed was the correct configuration, but couldn't seem to get that to work.)


Also, I have not closed any of my firewall rules on my internal networks, so they are completely open at this time.

Thank you!