Browsed by
Month: December 2014

AirPort Extreme guest network with pfSense

AirPort Extreme guest network with pfSense

The AirPort Extreme is a great wireless router. I’m using it strictly as an access point (bridge mode) in front of pfSense.
Setup is a breeze, except for the guest network. You’ll need to configure a few things in pfSense:

  • Create a VLAN (tag 1003)
  • Create an interface for the VLAN
  • Enable DHCP on the VLAN interface
  • Create a rule to allow VLAN traffic
  • Configure NAT for VLAN IPs

Create a VLAN

Interfaces > Assign > VLANs > Add (+)

Parent interface should be your LAN interface (or wherever your AirPort is connected).
VLAN tag should be 1003 (the number hard-coded for AirPort guest network traffic).

Create VLAN interface

Interfaces > Assign > Add (+)

After clicking the plus, you’ll see a new interface (likely OPT1, which I later renamed GST).
Select VLAN 1003 from the dropdown, then click on the title of the new interface.

Enable the interface and select Static IPv4 from the IPv4 Configuration Type dropdown.
Set the IPv4 address. It should differ from your LAN’s IP address to avoid conflicts.

Enable DHCP

Services > DHCP Server > GST

Enable DHCP and set the Range of IP addresses.

Allow VLAN traffic

Firewall > Rules > GST

Add a rule to pass any type of of traffic, where the destination is not a LAN address.
This will allow users on the guest network to access the Internet, but not your network.

Configure NAT

Firewall > NAT > Outbound

Add a mapping for the VLAN IP address range.