I don't know if this is even possible or if its beyond the scope of what Asus routers / Merlin firmware is capable of but here we go.
I currently have an ESXi server that is running virtualised pfSense as my router and firewall. I am currently using my ASUS RT-AC3200 as an access point to provide internet to all the wireless devices in my network.
What I want to do is create 5 wireless networks each with its own subnet and IP's that a device can connect to based on what it is. Each SSID should be assigned to each port on the ASUS router as follows.
Here is what I had in mind:
pfSense LAN -> WAN port -> SSID: WiFi_Admin - IP: 192.168.1.0
pfSense port 1 -> eth0 (LAN port 1 on ASUS router) -> SSID: WiFi_Home - IP: 192.168.2.0
pfSense port 2 -> eth1 (LAN port 2 on ASUS router) -> SSID: WiFi_VPN - IP: 192.168.3.0
pfSense port 3 -> eth2 (LAN port 3 on ASUS router) -> SSID: WiFi_IoT - IP: 192.168.4.0
pfSense port 4 -> eth3 (LAN port 4 on ASUS router) -> SSID: WiFi_Guest - IP: 192.168.5.0
So to explain, there will be 5 SSID networks. Each SSID will correspond to a port on the router which will be connected to pfSense and depending on what SSID a device connects to they will be on that subnet. I want pfSense to also hand out DHCP leases so I need the ASUS router to query the pfSense DHCP server.
What I'm trying to achieve is network segmentation based on what device connects to it and prevent one device on one SSID see another on a different SSID which I understand I will have to play with pfSense's firewall rules to acheive this.
I think a better of describing what I want to do is:
Create 5 bridges. Each bridge will be assigned a port on the router. That bridge will also have 2 SSID's (2.4 & 5 Ghz) and each bridge will be given its own subnet and then all traffic will be routed to pfSense which will provide it with DHCP leases and internet access
Tl;Dr: I want to create 5 SSID's with each SSID corressponding to a port on my ASUS router and then connect all 5 ports to my pfSense machine so they all each have their own network.
I currently have an ESXi server that is running virtualised pfSense as my router and firewall. I am currently using my ASUS RT-AC3200 as an access point to provide internet to all the wireless devices in my network.
What I want to do is create 5 wireless networks each with its own subnet and IP's that a device can connect to based on what it is. Each SSID should be assigned to each port on the ASUS router as follows.
Here is what I had in mind:
pfSense LAN -> WAN port -> SSID: WiFi_Admin - IP: 192.168.1.0
pfSense port 1 -> eth0 (LAN port 1 on ASUS router) -> SSID: WiFi_Home - IP: 192.168.2.0
pfSense port 2 -> eth1 (LAN port 2 on ASUS router) -> SSID: WiFi_VPN - IP: 192.168.3.0
pfSense port 3 -> eth2 (LAN port 3 on ASUS router) -> SSID: WiFi_IoT - IP: 192.168.4.0
pfSense port 4 -> eth3 (LAN port 4 on ASUS router) -> SSID: WiFi_Guest - IP: 192.168.5.0
So to explain, there will be 5 SSID networks. Each SSID will correspond to a port on the router which will be connected to pfSense and depending on what SSID a device connects to they will be on that subnet. I want pfSense to also hand out DHCP leases so I need the ASUS router to query the pfSense DHCP server.
What I'm trying to achieve is network segmentation based on what device connects to it and prevent one device on one SSID see another on a different SSID which I understand I will have to play with pfSense's firewall rules to acheive this.
I think a better of describing what I want to do is:
Create 5 bridges. Each bridge will be assigned a port on the router. That bridge will also have 2 SSID's (2.4 & 5 Ghz) and each bridge will be given its own subnet and then all traffic will be routed to pfSense which will provide it with DHCP leases and internet access
Tl;Dr: I want to create 5 SSID's with each SSID corressponding to a port on my ASUS router and then connect all 5 ports to my pfSense machine so they all each have their own network.
Last edited:
