The most reliable way to do it is to set up two VLANs for your wireless, with your Home network on one of them and your Guest network on the other, and to configure the firewall rules in pfSense for the LAN-LAN traffic.
DD-WRT officially supports VLAN tagging (802.1q), but it only works on some hardware. On other hardware, you need to use "Port-based" VLANs, which would probably require an additional LAN port to be configured on your pfSense. Here are instructions for "Port-based" VLAN configuration, with an example that uses three networks: https://community.spiceworks.com/how_to/32549-ddwrt-multiple-ssids-with-vlans NOTE: I do not currently have hardware that is running DD-WRT at home, so I am writing this from memory (and from links to resources I have used in the past). Also, note that you don't need to use the separate 2.4Ghz and 5Ghz radios in order to do this. Most hardware supports running multiple SSIDs (a.k.a. WiFi network names) on a single band, so you could have both of your WiFi networks on both bands - 5Ghz for performance and 2.4Ghz for longer range. Most modern dual-band devices will automatically pick the best oft eh two signals. -- Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732 On Sat, Mar 10, 2018 at 6:54 PM, Antonio <m...@geotux.it> wrote: > Hi pfSense experts, > > I was hoping you could help me with a config questions. I have pfSense > configured as main routed for my network. The WAN is connected to DSL > modem, one LAN on a ethernet switch and another LAN port on a Netgear > R8000 with dd-wrt installed. One of the cool features of the R8000 is > that it has two seperate wireless networks: 2.4GHz and 5GHz. > > I wanted to use one for guest and only allow access to internet while > the other for permitted users (family members) that would also have > access to the local network. How am I going to achieve this on pfSense > though? is it a matter of closing access to local network for all IPs > coming from the AP except those I want to permit (family devices) or is > there a simpler way of doing this i.e. VLANs? > > I look forward to your reponse. > > Thank you > > -- > > > Respect your privacy and that of others, don't give your data to big > corporations. > Use alternatives like Signal (https://whispersystems.org/) for your > messaging or > Diaspora* (https://joindiaspora.com/) for your social networking. > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold