Lyric Posted August 29, 2021 Share Posted August 29, 2021 I had to revisit this the other day to help a friend and I have it written up on my blogspot (not going to advertise as I don't really post there anymore). I figured I'd share this for anyone looking to dink around with a Router on a Stick configuration. I had to use this awhile back when I only had one physical PC and still wanted pfSense to have a lot of oversight of my home network / security. Obviously RTR on a Stick is not the best setup, but it'll do in a pinch if you know what you're doing. 👌 Enjoy Introduction The current hardware configuration is setup to run on my PC in a virtualized environment using VirtualBox (64bit) for the Win10 Pro (x64) HOST PC. System Specifications: Processor: Intel G3258 Pentium 4 @ 4.2GHz CPU Heatsink: Stock Intel Cooler RAM: EVGA 8GB (2x4) Superclocked @ 2133MHz Graphics: Sapphire R9 380 Nitro 4GB GDDR5 HDD: PNY 240GB SSD Motherboard: Gigabyte H81M-H mATX PowerSupply: EVGA 500W Case: Fractal Design Core 1100 MATX Mini Monitor (Living room TV): Magnavox 55" HDTV Operating System: Win10 Pro (x64) Configuration pfSense switch: TL-SG108E v2 wifi-ap: NG-N300 (wnr2000v5) VLAN Config(s): VLAN99 (WAN) - DHCP @ ISP VLAN10 (LAN) 192.168.10.1/24 (.5-.254 Range & .2-4 for Static IP Management) VLAN20 (WIFI AP) 192.168.20.1/24 (.5-.254 Range & .2-4 for Static IP Management) TL-SG108E Config: ***NOTE*** The current firmware on the TP-LINK SG108E will only support one physical "Save Config", anything after that will not be held in the data until they release a firmware fix (**Source link**) - They also indicate here that you can actually flash the v3 firmware to the v2 version (the one I have) although I have elected to not do this. Whichever way, the bug is still persistent in all firmware versions as of 03/05/2018. 1.) Connect a laptop and set your IPv4 Address to the following: 2.) Navigate to: 192.168.0.1 ---> login with usr: admin / pw: admin (I recommend to change these immediately) 3.) Change the IP Settings to what will be your new internal LAN sub-net for easier access. (192.168.10.2 - MGMT Interface - will be setup for easier management access via Ports 4-8 on your Switch). 4.) **DON'T FORGET TO SET IPv4 BACK TO DHCP** 5.) Navigate to VLAN --> 802.1Q VLAN --> Enable VLAN Config --> Apply Default VLAN --> Leave as is VLAN ID: 10, VLAN Name: LAN, Port 1 Tagged, Not Member Port 2&3, Untagged Ports 4-8 --> Add/Modify. VLAN ID: 99, VLAN Name: WAN, Port 1 Tagged, Untagged Port 2, Not member 3-8 -> Add/Modify VLAN ID: 20, VLAN Name: OPT1 (Wifi-AP), Port 1 Tagged, Port 3 Untagged, Not Member 2, 4-8 6.) Navigate to 802.1Q PVID Setting (and set the following by typing the PVID (10,99,20) and selecting the corresponding ports.) Port 1: 10, Port 2: 99, Port 3: 20, Port 4-8: 10 **Now it's safe to use Save config** If you used it prior to getting all of this setup, then you'll unfortunately need to reset the switch and start over unless they've fixed this bug. 7.) Now you can continue to configuring the pfSense Installation. I'd recommend using Rufus if you need to create a bootable USB to proceed. I didn't need to as I virtualized my pfSense router and just downloaded the ISO on my host machine. 8.) Once you get to this step you need to proceed with a "y" and then configure all of the pfSense VLAN Interfaces or any other extra Interfaces needed. This could be skipped and done later manually in the GUI but I'd go ahead and do it here. Your interface(s) may be different than mine. em1.99 (WAN) -> vlan99 em1.10 (LAN) -> vlan10 em1.20 (Wifi-AP / OPT1) em0 (OPT2) -> (set on 192.168.30.1/24) Extra virtual interface which will be configured within VirtualBox to be "Virtual NIC Adapter 2" so my HOST PC (pfSense router) can access the internet as it also serves as a HTPC. This may be an unnecessary step depending on your desired configuration. 9.) Once you set this to your specifications, then you can go into your Network settings and adjust the Virtual Adapter to pull DHCP from the em0 Interface you setup @ 192.168.30.1/24 if you need to pull internet on your VM HOST Machine. Physical Configuration: Switch:P1 -> Phys NIC Switch:P2 -> Cable Modem (ISP) Switch:P3 -> Wifi-AP (Configured to be 192.168.20.2 for MGMT and Set in AP Mode) Switch:P4-8 -> LAN Ports for any wired devices you may have. ***Issue(s) with: Realtek PCIe GBE Family Controller NIC*** I had to spend hours upon hours trying to figure out why I could not get a WAN IP (DHCP from my ISP). It turns out that the Realtek PCIe GBE Family Controller is known for stripping vlan tags unless you perform the latest driver update, and also add the following registry edits: Update drivers: Realtek PCIe GBE Family Controller Find reg sub-key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318} Add/update the following DWORDs: MonitorModeEnabled = 1 MonitorMode = 1 PriorityVLANTag = 0 SkDisableVlanStrip = 1 Tools:https://www.wireshark.org/https://wiki.wireshark.org/CaptureSetup/VLAN***Issues with websites not resolving and ping requests timing out*** I spent a significant amount of time figuring out why some websites would resolve fine, and others would not. It ended up being that I needed to find the optimal MTU & MSS settings to input in pfSense. (My personal settings are notated below, and in my diagram as well.) Great tutorial on how to find your own optimal MTU & MSS Settings - https://forum.peplink.com/t/how-to-determine-the-optimal-mtu-and-mss-size/7895This was my first technical write-up ever, and for a portion of my network setup. Here is an overview of the diagram I made as well: (Old Diagram from 2018, no longer my current network setup) - I change it up pretty regularly. +hedleigh and Circaflex 2 Share Link to comment https://www.neowin.net/forum/topic/1410917-how-to-pfsense-with-single-nic-vlans-and-a-wifi-ap-router-on-a-stick/ Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now