Bridging LAN and WLAN (again).
-
Here is some information on the "Standalone" method without the need for a bridge. This method is required for a pfSense based Access Point -Captive Portal- as they do not allow bridged interfaces with Captive Portal.
http://www.interspective.net/2012/07/one-pfsense-wireless-config-to-rule.html
-
Everyone does realize:
1. There would be no need for any of this if you used and external AP
2. You would probably get much faster and more stable wireless using all the latest wireless protocols
3. 1 and 2 aren't enough?
-
Well 802.11 has been built in to pfSense since 2004 and people been saying its broke ever since.
Why do so many people ask "why" in regards to something that has been built in forever? I don't get it. This is open source. Think different. ie cheap.
I think pfSense wireless works superb. Maybe not for big setups, but for home use.
Back on topic i have to disagree with info contained in this post here. You can do this with one physical wireless interface. You can create 8 separate Access Points with one module. The only kicker is they must all be in the same band, either 2.4ghz or 5ghz. Not both
For example Main wlan0 on 5ghz with own SSID and Guest wlan1 on 5ghz with own SSID.
Totally doable, rules for each interface must be applied. See the wireless tab under interfaces. -
How much does one of those cards plus some antennas cost? What modes and speed are supported reliably?
-
Well the atheros driver is working well so anything on thier list. Ar5BXB112 is around 12 bucks and 450M rate. I dont have any 3X cleints to test 450M yet. Still needing to do some laptop antenna mods for 3X MIMO.
They sell dipole antennas for 3-5 bucks each. rp-sma to u.fl pigtails around the same.
I should note -on my above instructions- that different rules would be needed for the main and guest networks so your LAN remains unexposed.
-
@Phishfry:
Here is some information on the "Standalone" method without the need for a bridge. This method is required for a pfSense based Access Point -Captive Portal- as they do not allow bridged interfaces with Captive Portal.
http://www.interspective.net/2012/07/one-pfsense-wireless-config-to-rule.html
Thanks for pointing me to a resource and the right direction. Really appreciate the help.
-
So once you get one wireless network up with the rules correct and working then setup the guest network. I would also spread the channels out to lowest and highest to add separation of different signal best you can. With that in mind i would only do 5ghz.
Note this link is only one persons way of doing the filtering. I am see there are other ways to apply rules while researching pfsense guest wireless..
-
Here is another approach. Forget that its an external AP, rules are rules. OPT1 internal or external -it don't matter for rules.
-
I need to correct my post above. It is only possible for 4 separate Access Points from one miniPCIe module. One main and three clones under the wireless tab. All can use separate channels. All must be in either 2.4 or 5ghz band not both.
-
Thanks - managed to get it to work WITHOUT a bridge. And also get a guest WLAN on the same single card setup and isolated from the LAN.
-
P.S. For goddamn sake, someone remove this bridge usage "example"/"suggestion" from the wiki. >:(
What do you want edited/remove dok
I was searching through the docs and found this
https://doc.pfsense.org/index.php/What_is_a_bridged_interface_and_how_would_one_be_used
So I edited the portion that says bridge lan to wireless to
Bridging a wireless interface to a LAN - Not a good idea, Don't Do This!
Point me to what else you think is wrong and be happy to edit/delete
-
If you want a wireless card and your LAN to be on the same subnet/broadcast domain you have no choice but to bridge them.
-
Before changing the manual why don't we fix the problem, I don't see any bug reports quoted or actual broken code.
Seems bridging is OK for transparent proxy bridge and untangle bridge, but not for wireless. I still am wondering exactly what the problem is, before condemning it.
I actually had a hard time finding instructions to provide for a bridge-less wireless setup for this user.
Seems like 95 percent of the web tutorials for wireless uses the bridge method.
Could all them be wrong?I am new here so please ignore my ignorance.
-
Do you have an extra OPT port to get access to pfSense while you create the bridge. Use WAN if you have to. It's hard to create these without blowing up your access over the interfaces you're working with.
-
I do know of one caveat of using a bridge. The ability to receive individual port statistics or graphs is lost due to the funnel like approach of the bridge. Overall traffic figures for the bridge are available. This condition only matters when the bridge has more than 2 members.
-
So really the issue is more related to setting up the bridge and not how it works.
Are there any security concerns when combining interfaces into a bridge? With 3 members i wonder about Layer2 packet routing between bridge members.
-
"If you want a wireless card and your LAN to be on the same subnet/broadcast domain you have no choice but to bridge them."
Sure – but why would you not just us an AP and there you go on the same broadcast domain if you want. Why would you want them on the same broadcast domain is the other question. But sure if your wanting to use a wireless card in pfsense as your AP (performance/features suck - no offense pfsense team) and you want to bridge that then sure.
When you can use a 20$ wifi router as an AP that will have way better performance and coverage area than any wifi card you might have in your pfsense box.. Why would anyone do that? Why??
While its great there is some support for it - it sure an the hell can not be the preferred setup to run wifi on a network..
-
So I edited the portion that says bridge lan to wireless to
Bridging a wireless interface to a LAN - Not a good idea, Don't Do This!Thanks. 8)
Perhaps you should rather ask the people here who keep bridging everything starting with from WLANs, continuing with OpenVPN and ending with their coffee maker and often mention they have followed "the docs" or some "howto" about where did they get the idea… because I just don't get it, seems like a mania lately.
-
OK i find myself answering the "why" question again.
My first entry into pfSense was a Steelhead Rivedbed 100/Axiomtek. It was swell for about 2 months. Then i graduated to an Astaro ASG110 Atom box. Much nicer. But what to do with my old hardware? I drilled two antenna holes in it, and plugged an Mini-PCI wifi card I had from my laptop repair work. So total cost was pigtails and antennas. Instant AP with it hanging off an interface on my Astero. I had just bought a Dell tablet so it all worked great for me.The features we are discussing here have been baked in since forever. So to question "why" goes completely against the grain of open source. Ease of setup may be lacking but it works very well for me.
Now in saying that -I understand your frustrations of helping people who can't seem to read the docs or research the topic better.
I will concede that building a bridge may require a physical cable swap and lockout is possible.
Much of that has been fixed by allowing ath0 interface assignment from the console.I don't mean to be such a cheerleader but when you have something working while others are saying it's broke deserves a response.
-
I was searching through the docs and found this
https://doc.pfsense.org/index.php/What_is_a_bridged_interface_and_how_would_one_be_used
So I edited the portion that says bridge lan to wireless to
Bridging a wireless interface to a LAN - Not a good idea, Don't Do This!
Point me to what else you think is wrong and be happy to edit/delete
The problem isn't bridging but trying to assign LAN to the bridge interface without really knowing what you're doing. Incorrect blog posts don't help.
You make it sound like bridges don't work, when they do.
Bridging is simple if you always have a switch connected to LAN that keeps the interface up instead of messing with reassignment of LAN. I think you have bigger problems than losing a bonus AP (which you should only be running at home) if you lose the switch.
