How to setup an Access Point (AP) in PfSense?
-
I'm trying to add a TP-Link TL-WA801ND Access Point (AP) to my PfSense Router, but I'm unable to connect to internet
These are my PfSense configurations:
Interfaces:
DHCP Server:
Rules:
and these are my Access Point TP-Link configurations:
LAN:
DHCP Settings:
But still I don't have Internet access, Could you help me? Do I have a configuration wrong?
ThanksIt's not a bug, it's an undocumented feature
-
Post a screenshot of your NAT rules. They are located in Firewall / NAT / Outbound
-
Is that on the same interface as your main LAN? If not, you'll have to provide a route to the Internet.
Also, I have one of those APs and stopped using it because it doesn't handle VLANs & 2nd SSID properly. It allowed leaking of multicasts from the main LAN to the VLAN.
-
-
@r0utevv3 said in How to setup an Access Point (AP) in PfSense?:
@nimrod
NAT Rules:
@JKnott
I have two interfaces, LAN and OPT1, how do I provide a route for the Internet?Here are the rules for my guest WiFi. The last one is the one you're interested in. I guess I should have used a different word, as these are firewall rules, not specific IP routes.
These rules only allow access to the Internet and pinging the interface.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
Did you bridge the LAN and OPT interfaces?
-
@JonathanLee I didn't bridge it, why do I have to bridge them and how can I do it? I thought LAN and OPT1 were independent since they're connected in different physical ports
-
I have not attempted a bridge inside PfSense software just yet, I set up my wifi by just changing my LAN interface to use the wireless mini pcie adapter.
Here is something interesting as I am still researching the internal bridges currently:
https://www.servethehome.com/how-to-setup-wi-fi-with-pfsense/
Theory is that if you bridge LAN and wireless adapters it will work with the current ruleset in LAN. It would act as an extension of LAN interface.
-
@JKnott so, why do I need a VLAN? What's a VLAN? I'm using a protectli vault with 4 ports, the first port is connected to WAN and thus to my modem, the second one to LAN and thus to a desktop computer, and the third is connected to OPT and thus to my Access Point, I'm not using the fourth one, why do I have to create something virtual when I have physical ports?
It's not a bug, it's an undocumented feature
-
Hey,
Might be wrong, but...
In your rules Screenshot (first posting) you have that rule for Interface opt1 but source LAN...why? -
A VLAN is a means of separating logical networks over a physical network. As I mentioned, I have a guest WiFi, which is allowed to only access the Internet. The way I did this was to configure a 2nd SSID on my access point, which connects to the VLAN. My main SSID connects to the native LAN. This means both the main and guest WiFi travel over the same cable, but are logically separate. I do not separate my main WiFi from my main LAN. Both wired and wireless devices are on the same subnet.
