Will this network plan work?

[Bloodshed_x3d]

Hey guys,

 

Just planning out my new network. Note I have 1 ISP and only 1 WAN.

 

There is a correction to the diagram, I meant to put in an un-managed switch in between the Modem and the two routers.

 

What I want to do is have a manual failover router that can take over from the pfSense if something goes wrong on the pfSense.

 

The DrayTek Vigor 2925 would stay turned off until needed.

 

I know I still have single points of failure in the network. I want a setup like this as I am not at my house a lot and I manage it remotely. If something was to go wrong with the pfSense router, to get the network back up, it would need to be as simple as turning off the pfSense and turning on the DrayTek Vigor 2925 router (as my dad wouldn't know how to fix pfSense).

 

Also just a quick question, if anyone knows anything about the DrayTek Vigor 2860 dual band router,  is there a way to use it JUST as a Wireless point?

 

Or would I just be better off setting up a pfSense VM on my server and have that as failover?

 

Also if I was to setup a pfSense failover, if a bad config was configured on the main router, would that be copied over the the failover immediately, as that would defeat the point. 

 

Many Thanks

 

ps at the bottom, after the managed switch, that goes into the internal network

[brwainer]

If only one of the two routers will ever be on at the same time, then just configure them with the same LAN IP address and DHCP server settings, and the same WAN settings (DHCP or PPPoE, whatever yiur ISP uses). When one router is turned off and the other turned on, any LAN devices that still have an unexpired DHCP lease from the other router will still be using it's LAN IP for their gateway, but they won't care if the MAC for that IP changes, hence the LAN IP should be the same on both. The DHCP server is supposed to check (via arp) whether an address is in use before assigning an address, and most DHCP clients will do the same before ccepting a lease, but if you run into issues you can just give each router its own DHCP pool, like PFSense 192.168.1.50-100, Draytek 192.168.1.101-150, that way they don't provide conflicting leases during a transition period.

 

For the question of turning a 2860 into just an AP - I don't know specifically, but on most devices if you just disable their internal DHCP server, change their LAN IP address to something that doesn't conflict on your network, and only use the LAN ports (leave the WAN empty) you now have an AP.

 

A PFSense failover does not by default include any type of configuration syncing AFAIK, if it does I would expect that to be mentioned in the documentation for it.

[Bloodshed_x3d]

23 minutes ago, brwainer said:

If only one of the two routers will ever be on at the same time, then just configure them with the same LAN IP address and DHCP server settings, and the same WAN settings (DHCP or PPPoE, whatever yiur ISP uses). When one router is turned off and the other turned on, any LAN devices that still have an unexpired DHCP lease from the other router will still be using it's LAN IP for their gateway, but they won't care if the MAC for that IP changes, hence the LAN IP should be the same on both. The DHCP server is supposed to check (via arp) whether an address is in use before assigning an address, and most DHCP clients will do the same before ccepting a lease, but if you run into issues you can just give each router its own DHCP pool, like PFSense 192.168.1.50-100, Draytek 192.168.1.101-150, that way they don't provide conflicting leases during a transition period.

 

For the question of turning a 2860 into just an AP - I don't know specifically, but on most devices if you just disable their internal DHCP server, change their LAN IP address to something that doesn't conflict on your network, and only use the LAN ports (leave the WAN empty) you now have an AP.

 

A PFSense failover does not by default include any type of configuration syncing AFAIK, if it does I would expect that to be mentioned in the documentation for it.

Thanks a lot for the advice. I think the pfSense failover does include config sync. As I know firewall rules can be mirrored between the two.