Bridging wireless with VLAN and DHCP
-
I am trying to bridge a Ethernet VLAN to wireless and strip the VLAN. Whole reason is that my network has multiple VLAN for guests etc. I followed this guide http://forum.pfsense.org/index.php/topic,20917.0.html but not much success (although it has worked for simpler setup). My config is:
- <interfaces>- <wan><enable><if>vr0</if>
<media><mediaopt>- <descr>- ]]></descr>
<alias-address><alias-subnet>32</alias-subnet>
<spoofmac><ipaddr>dhcp</ipaddr></spoofmac></alias-address></mediaopt></media></enable></wan> - <lan><if>vr1</if>
<enable>- <descr>- ]]></descr>
<spoofmac></spoofmac></enable></lan> - <opt1>- <descr>- ]]></descr>
<if>vr0_vlan30</if>
<enable><spoofmac></spoofmac></enable></opt1> - <opt2>- <descr>- ]]></descr>
<if>ath0_wlan1</if> - <wireless><mode>hostap</mode>
<standard>11g</standard>
<protmode>rtscts</protmode>
<ssid>LCHGuest</ssid>
<channel>0</channel>
<authmode><txpower>99</txpower>
<distance><regdomain><regcountry><reglocation>- <wpa><macaddr_acl><auth_algs>1</auth_algs>
<wpa_mode>1</wpa_mode>
<wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
<wpa_pairwise>CCMP TKIP</wpa_pairwise>
<wpa_group_rekey>60</wpa_group_rekey>
<wpa_gmk_rekey>3600</wpa_gmk_rekey>
<passphrase><ext_wpa_sw></ext_wpa_sw></passphrase></macaddr_acl></wpa>
<auth_server_addr><auth_server_port><auth_server_shared_secret></auth_server_shared_secret></auth_server_port></auth_server_addr></reglocation></regcountry></regdomain></distance></authmode></wireless>
<enable><spoofmac></spoofmac></enable></opt2> - <opt3>- <descr>- ]]></descr>
<if>vr0_vlan14</if>
<enable><spoofmac></spoofmac></enable></opt3> - <opt4>- <descr>- ]]></descr>
<if>ath0_wlan2</if> - <wireless><standard>11g</standard>
<protmode>rtscts</protmode>
<txpower>99</txpower>
<channel>0</channel>
<distance><regdomain><regcountry><reglocation><mode>hostap</mode>
<ssid>LOWXXXXXXXXXXX</ssid>
<authmode>- <wpa><macaddr_acl><auth_algs>1</auth_algs>
<wpa_mode>1</wpa_mode>
<wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
<wpa_pairwise>CCMP TKIP</wpa_pairwise>
<wpa_group_rekey>60</wpa_group_rekey>
<wpa_gmk_rekey>3600</wpa_gmk_rekey>
<passphrase><ext_wpa_sw></ext_wpa_sw></passphrase></macaddr_acl></wpa>
<auth_server_addr><auth_server_port><auth_server_shared_secret>- <wep><enable>- <key><value>gfbdfhbfxgnxgfnnxg</value></key></enable></wep></auth_server_shared_secret></auth_server_port></auth_server_addr></authmode></reglocation></regcountry></regdomain></distance></wireless>
<enable><spoofmac></spoofmac></enable></opt4> - <opt5>- <descr>- ]]></descr>
<if>bridge1</if>
<enable><spoofmac></spoofmac></enable></opt5></interfaces>
BRIDGE0 GUESTVLAN, GUESTSSID Guests
BRIDGE1 WIRELESSSTAFFVLAN, WIRELESSSTAFF, OPT5 Wireless StaffCould anyone point me in the right direction?
- <interfaces>- <wan><enable><if>vr0</if>
-
No one with an idea?
-
looks sane. What does ifconfig show?
-
vr0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:1b:df:8c
inet6 fe80::20d:b9ff:fe1b:df8c%vr0 prefixlen 64 scopeid 0x1
inet 10.100.7.103 netmask 0xffffff00 broadcast 10.100.7.255
nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vr1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:1b:df:8d
inet6 fe80::20d:b9ff:fe1b:df8d%vr1 prefixlen 64 scopeid 0x2
nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (none)
status: no carrier
ath0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 2290
ether 00:1b:b1:07:d3:24
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
pflog0: flags=100 <promisc>metric 0 mtu 33200
enc0: flags=0<> metric 0 mtu 1536
vr0_vlan30: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
ether 00:0d:b9:1b:df:8c
inet6 fe80::20d:b9ff:fe1b:df8c%vr0_vlan30 prefixlen 64 scopeid 0x8
nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 30 parent interface: vr0
vr0_vlan14: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
ether 00:0d:b9:1b:df:8c
inet6 fe80::20d:b9ff:fe1b:df8c%vr0_vlan14 prefixlen 64 scopeid 0x9
nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 14 parent interface: vr0
ath0_wlan1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
ether 00:1b:b1:07:d3:24
inet6 fe80::21b:b1ff:fe07:d324%ath0_wlan1 prefixlen 64 scopeid 0xa
nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
ssid LCHGuest channel 1 (2412 MHz 11g) bssid 00:1b:b1:07:d3:24
country US ecm authmode OPEN privacy OFF txpower 22 scanvalid 60
protmode RTSCTS burst -apbridge dtimperiod 1 -dfs
ath0_wlan2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
ether 06:1b:b1:07:d3:24
inet6 fe80::41b:b1ff:fe07:d324%ath0_wlan2 prefixlen 64 scopeid 0xb
nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
ssid LOWCOSTNETRH19 channel 11 (2462 MHz 11g) bssid 06:1b:b1:07:d3:24
country US ecm authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit
txpower 22 scanvalid 60 protmode RTSCTS burst -apbridge dtimperiod 1
-dfs
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
ether 16:4a:dc:7e:0c:c0
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: ath0_wlan1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 10 priority 128 path cost 370370
member: vr0_vlan30 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 8 priority 128 path cost 55
bridge1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
ether 0a:a8:58:df:63:39
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: ath0_wlan2 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 11 priority 128 path cost 370370
member: vr0_vlan14 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 9 priority 128 path cost 200000</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></hostap></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></hostap></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></hostap></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,promisc,simplex,multicast> -
That's all good. What problem are you having specifically?
-
I don't any pass through of DHCP packets for the machines that connect to ether one of the wireless boxes.
-
Do you mean, your DHCP server is not pfSense … its on your VLAN. And clients on WIFI dont get an IP adress? You have to setup extra rules for that kind of traffic. IMHO it*s not enough to allow ANY to ANY ...
Yes, you have heard right! You have to set a extra rule for this ... dont know exactly, but search for bridge and dhcp in the forum. There is a thread which is explaining the issue.