New interface
-
hi,
i've created a new VLAN based interface (VLAN40) and want to use this for the sharing of the internet through Captive Portal…..however I am not achieving good results...
My "WIRELESS" interface is on the 192.168.11.1/24 subnet, and my AP's are 192.168.11.2 & 192.168.11.3 for now and are static. I can ping these AP's from the pfSense firewall, and any client that authenticates via the AP's are getting an IP address in the correct range (192.168.11.100-110)...i have created a default "Allow ALL" rule, allowing the WIRELESS subnet access to every protocol on every network.....but when i attempt to ping anything from a wireless client, i get nothing.... but what is strange is that if I have 2 wirless clients they can ping each other (all software firewalls disabled on clients).....
i'm not sure where else I can go on this... is there anything that I can post to show whats going on?
-
Do you have a VLAN capable switch?
-
thought my post saying that I am creating a "new VLAN" would have given that away…...
yip, the switch is a cisco 2950 and has been configured as
VLAN10 - FastEthernet 0/1 (ADSL1)
VLAN20 - FastEthernet 0/2 (ADSL2)
VLAN30 - FastEthernet 0/3 (VOIP)
VLAN40 - FastEthernet 0/4 & 0/5 (WIRELESS)gigabit port 1 is trunk port going to pfsense firewall, even if the switch was configured wrongly, I would not get a DHCP address from pfSense....any ideas anyone on how to resolve/track down where the fault is lying?
-
Sorry just wanted to be sure ;)
Did you make sure that the switch sends untagged traffic to the clients?
And tagged traffic to the pfSense?Could it be that your AP's are blocking something?
Are the AP's in bridge mode, or are they working as router?
To test this do a tcp-dump on the pfSense and trying pinging the pfSense from one of the wireless clients.
In case they're in routing-mode: you need to create a static route pointing to the IP of the AP for the subnet behind.
(could it be that you have the same subnet on WAN and LAN on the AP?)Also it could be that you overlooked a rule or something.
Do you see anything blocked in the firewall-log? -
sorry for the earlier reply….this prob is doing my head in!
Going to wipe the AP's config, and rebuilt them..ensuring they get a DHCP address from pfSense on new VLAN (think I am going to choose 45) and use a range of 172.16.99.0/24 for the Wireless network, will leave the AP's open with no encryption, create a new "allow all" rule with logging enabled and do as you say.....i just don't understand how it can get a DHCP address and not allow anything else, and allow the clients to ping each other but not pfSense...
will report back this afternoon when i get onsite...
