WIFI Router as an AP IP address question
-
I have 2 wireless routers I configured both as APs in their own config pages for testing, and both were connected to my pfs box (but not at the same time). I can access either one and get on the internet. One AP I can see it with an IP address in the pfs lease list, but the other AP I don’t see it in the pfs lease list. I know the AP is using an IP address because 1) I can access it and see the IP address, 2) pfs is letting it talk to the internet since I can browse online.
What would be the reason the one AP is not showing on the lease list? When I chose the AP option in the wifi router, I had to to choose an IP address which I chose in the same x.x.x.# range, of course.
I wasn’t sure if this is pfs or AP related, so I figured I’s start here. BTW my pfs is fairly vanilla with only snort installed with no special snort settings.
-
It almost sounds like you assigned a static IP to one of the routers.
How are they connected to the pfSense box? Do you have a switch on the LAN port they are both connected to or are they on separate LAN/OPT ports on the pfSense box?
I have found it easier to leave devices at DHCP but then in the DHCP server I assign static leases.
-
The test router/AP is currently connected directly to a separate lan port on the pfSense box.
Everything I have read seems to indicate the best way to assign a static ip is by doing so in the dhcp lease list in pfSense. But when I am connected directly to this cheap belkin router I'm experimenting with, in the AP section it forces you to select an address for it.
So I take it if a device is setting it's own ip address, you won't see that listed anywhere in pfSense? Hence, why you should always flag an ip address as static in the dhcp list?
-
@flybye
If the AP is forcing you to set an IP and won't let you do DHCP, then correct you will not see that in pfSense DHCP leases.
You may see it in the ARP table on pfSense.Yes, setting up a static mapping in DHCP server is often the best way to give something a static IP.
Why? Well if things need to change like DNS resolvers, gateway, NTP servers, you simply change it on the DHCP server, force renew of all outstanding leases and all the clients are updated.
If you have all the statements for static IP, you need to remember all of that. -
I just checked, and it's not in the ARP table.
I'm going to ditch this router then. I can't reject to provide an ip address, the firmware is up to date, and dd-wrt does not even support it. So I have no way of telling it to not give itself a static ip. And my long term goal is to connect it to a managed switch. So it sounds like any device providing itself a static ip is going to be problematic with management at pfSense and possibly with a managed switch.
Thx for the info!
-
@flybye said in WIFI Router as an AP IP address question:
So it sounds like any device providing itself a static ip is going to be problematic with management at pfSense and possibly with a managed switch.
huh??
-
Oh I was merely thinking that since it is better for pfSense to assign a static IP address, and the cheap router that I have doesn't give you the option to not assign a static IP address, I will probably be better off getting a wifi router/ap that does not have that restriction in order to make sure I have as much control over it as possible with pfSense.
-
Can pretty much promise you no wifi router is going to let you do dhcp on a lan interface.. You might be able to do that with 3rd party firmware.. But have never seen native firmware on any wifi router allow you to do that.
It makes no sense in their use case model.. So why would they support such a setup - it would just confuse the shit of their user base.. An generate unwanted help calls and emails after the user broke their setup when the wifi router is suppose to be the dhcp server for their user base.
As to "it is better" for pfsense to assign via reservation.. Don't see it. Not for something like a AP or other sort of networking gear.. It is an option if your device supports dhcp sure - but again wifi routers with native firmware are highly unlikely to allow for dhcp on their "lan" interface.
If you set the IP on the device and your not seeing it via arp table - then its not connected to your network correctly.. Or the IP is outside your network range - reset the device so it gets its default IP, normally 192.168.1.1 for example.. Connect a device to one of its lan ports and either set your device to be on the range the default IP is, or let your device get it dhcp from the wifi router.. Change the lan IP to be on your network.
Using any wifi router as AP is as simple as turning off the wifi routers dhcp server and connecting it to your network via one of the lan ports. Yes its nice to give it an IP on your network for ease of management of the wifi. But not required - you just need a device on the network that is on the same IP range as your wifi routers lan port to connect to it..
-
@johnpoz said in WIFI Router as an AP IP address question:
Can pretty much promise you no wifi router is going to let you do dhcp on a lan interface.. You might be able to do that with 3rd party firmware.. But have never seen native firmware on any wifi router allow you to do that.
I am not sure I understand you. Logged in to its oem firmware, I configured the router from acting as a dhcp server to an AP. On the back of the wifi router where the Rj45 ports are, I connected the "internet" RJ45 port to an available RJ45 on the back of the pfSense box. If this is not what you are referring to, please help me understand.
If you set the IP on the device and your not seeing it via arp table - then its not connected to your network correctly.. Or the IP is outside your network range - reset the device so it gets its default IP, normally 192.168.1.1 for example.. Connect a device to one of its lan ports and either set your device to be on the range the default IP is, or let your device get it dhcp from the wifi router.. Change the lan IP to be on your network.
It actually shows now! When I configured the AP this morning, the IP was not in the ARP table even after checking for a few minutes. I definitely see it now. My apologies for that confusion.
Using any wifi router as AP is as simple as turning off the wifi routers dhcp server and connecting it to your network via one of the lan ports. Yes its nice to give it an IP on your network for ease of management of the wifi. But not required - you just need a device on the network that is on the same IP range as your wifi routers lan port to connect to it..
Yes this is exactly what I did. The AP option in the oem firmware disables the dhcp server in it, but when I enable AP mode it forces me to assign an ip address to it.
-
@flybye said in WIFI Router as an AP IP address question:
but when I enable AP mode it forces me to assign an ip address to it.
Yeah makes sense... No need for their "ap" mode.. Unless need to leverage the wan port because you have use of the other ports needed. Any wifi router connected to network via its lan ports is automatically just an AP..
Wifi routers are just router, switch and AP in 1 box.. If you don't use the wan - it can not route, and therefore is AP with switch..
-
Yeah, there's no reason you can't use that as an AP just because it requires a static IP.
About the only thing a static dhcp leave gives you over that id the ability to change the IP fro pfSense directly without having to connect to the AP. But how often are you likely to do that?
Steve
-
Would the static ip AP make things any more or less difficult with a managed switch and vlans?
-
@flybye my opinion, as long as you remember it has a static IP and you don't hand that same IP out elsewhere, it really doesn't make a difference.
If you have a DHCP server handing out addresses in say 192.168.138.1-128, don't manually assign 192.168.138.37 as a static IP to something (unless you do it through DHCP and MAC addresses). Why? Because at some point the DHCP server is going to hand that out to a different machine. -
Thank you for the clarification! That was actually the next thing I was wondering was if a static ip needed to be in the lease range or not.
-
@flybye Not a problem. I've made the mistake in the past, seen "professionals" make it and then blame everyone else and get flustered when you point it out.
Home networks it's not hard to keep track of things; I like using DHCP to assign specific IPs to machines, it makes it easy to identify foreign devices on your network.
And yes I realize MAC addresses can be spoofed. -
@flybye said in WIFI Router as an AP IP address question:
if a static ip needed to be in the lease range or not.
It should be outside the DHCP lease range to avoid a potential conflict.
One thing to note is that in cases like this you can still set a static DHCP lease for the device in pfSense even if the AP itself doesn't use it. Doing so allows the DNS service to resolve it from a hostname (if that's enabled) and also prevents you accidentally giving that IP to another device.
Steve
