Guidance Needed Configuring SSID Dedicated to IoT (IPv6 & IPv4)

8Wires · July 6, 2025, 12:41pm

Hello

Any guidance on setting up a second SSID / wifi network dedicated to IoT / Smart Home devices that will permit IPv6 and IPv4 traffic.

In the process of setting up some Matter devices which require IPv6. From what I have read they rely on link-local.

OpenWRT is running in AP mode.
Router is pfSense.

egc · July 6, 2025, 1:48pm

8Wires · July 7, 2025, 9:39pm

I appreciate the link you provided but it's not exactly my use case, should have been clearer in my post.

My network routing, dhcp, vlans, etc... is done on a pfSense firewall / router.

I have my AP running OpenWrt connected to a smart switch with tagged and untagged traffic.

Main SSID for LAN is (192.168.1.0/24)

Second SSID for IoT will be a different VLAN (192.168.5.0 /24)

At the moment I seem to have the IoT device connect to the AP but no communication is taking place between it and the pfSence router.

mk24 · July 7, 2025, 11:42pm

For conventional v6 routing, the upstream router (pfsense) needs to delegate a prefix (/62 or larger) to your OpenWrt router. Then OpenWrt uses a /64 block from that prefix for each LAN. If your ISP does not supply a suitably large routable GUA prefix you can use ULAs, which I think is what Matter typically expects.

The alternative is to set up the AP to bridge its multiple SSIDs directly into different VLANs on the Ethernet cable, configure the managed switch so they all trunk back to the pfsense router, and let that main router handle it all. This is an extension of the "dumb AP" concept to have more than one network, yet all of them are "dumbly" yet separately bridged out. It is merely a wireless to wired converter not doing any routing. A bridged AP operates at layer 2; it does not care if the layer 3 traffic is v4 or v6 or both.

8Wires · July 8, 2025, 12:36am

Hello Mike.

Thanks for the insight.

That sounds like what I am attempting to do but I am lost in the weeds.

Below is the VLAN configuration on the 16 port switch.

VLAN ID	     VLAN Name	Member Ports	Tagged Ports	Untagged Ports
1	         Default	1-16		                    1-16	
33	         IoT-vm	    1-2,9	        1-2	            9

LAN is 192.168.1.0/24
VLAN 33 is 192.168.5.0/24

Port 9 goes to a NIC on my VM host.
Port 2 goes to a WRT1900ac running OpenWrt.

The AP has been providing WiFi Internet access for devices in my home.

Now I would like to add a IoT SSID configured for VLAN 33.

Took a look at the Guest Wi-Fi link that @egc provided. My attempt to implement was unsuccessful as I attempted to modify to meet my requirements. Was able to connect to the IoT SSID BUT did not pass traffic.

Using pfSense as my router/firewall.

Any guidance you could offer would be most appreciated.

I am going to reread a few times what you posted in hopes that it will sink in.