I'm trying to put PiHole to a portion of my network especially for certain devices. So was planning to create a network endpoint specifically for these devices which are passed through PiHole
Below is a rough plan of what i'm planning to achieve.
So I've got an Ubuntu server with PiHole installed, and needed to connect to ISP router (WAN end of PiHole) and wanted to put the "LAN end of the PiHole" to a wifi switch so it can emit wireless connectivity for devices which can connect for ad-free experience. So ensuring the Ads are blocked ONLY on the wifi it emits and NOT on the entire ISP router.
I have had pfsense installed into my home system, but it had option of WAN & LAN, but is there a similar option for piHole?
I have used separate DHCP servers (possible on a single router in some cases, such as on RouterOS) and firewall for different WiFi SSIDs, or even for different groups of clients (determined by MAC address) on the same SSID.
One DHCP server points to the pi.hole (and has firewall rules blocking/redirecting client access to external DNS servers and ports).
Another DHCP server points its clients to other DNS servers, as desired.
Not 100% sure of the relevancy but I did something similar to what jgrisham described before. The network's router/AP provided a "guest" wifi and a regular wifi, and clients on each can't see each other. The router also had 2 spots in the DHCP server for IP addresses of DNS servers. Well I use Pi Zero W's for pihole so I just used two, one on the guest wifi and one on the regular wifi, and just put both IP addresses into the DHCP server's DNS IP slots, and the clients would use the pihole they could access. Worked really well, and provided the ad reduction and security benefits for both networks while still maintaining their separation.
