Access point issue

Derelict

The DHCP logs should tell you exactly what is going on. Have you looked there?

newbie_sense

to be honest I forgot to look,

I changed the IP from the AP to fit the subnet of OPT1, connected and worked like a charm got an IP address, DNS everything… so why it is not working on the LAN interface i do not know yet.. also added the MAC address in OPT1.. I will check logs later on why it may not work, will let you know

phil.davis

You really do not want your AP to have its DHCP server enabled - that will give out IP addresses to your WiFi devices but likely give them the IP of the AP as their gateway and DNS. You want the WiFi clients to get pfSense LAN IP as gateway and DNS.

The easiest way to do this stuff is to disable DHCP server on the AP. Connect an AP LAN port onto the wired LAN that is the pfSense LAN. Let pfSense be a general DHCP server on LAN. Wired and wireless clients will get DHCP from pfSense, which will give then the pfSense LAN IP as gateway and DNS.

You give the AP a static IP address in the LAN subnet (so you always know how to get to its management interface when needed), or let it also get DHCP from pfSense (in which case you could set it to have a static IP on pfSense).

W4RH34D

AFAIK an AP does not do anything but act as a wireless switch.  DHCP shouldn't even be an option.

phil.davis

@W4RH34D:

AFAIK an AP does not do anything but act as a wireless switch.  DHCP shouldn't even be an option.

Yes, I agree, if it is just an AP. I was a bit concerned when reading this that the device might be an all-in-one home router with the usual 4 LAN ports and WiFi. When re-purposing one of those to just be a "dumb" AP sitting on the pfSense LAN, it is necessary to make sure to disable any DHCP server function that the "home router" used to be doing.

gjaltemba

My AP has DHCPD disabled for the main ssid but it also runs a guest ssid on another segment with DHCPD enabled and nat to lan ip of AP.

phil.davis

@gjaltemba:

My AP has DHCPD disabled for the main ssid but it also runs a guest ssid on another segment with DHCPD enabled and nat to lan ip of AP.

That should be fine. As long as it does not give out DHCP on the pfSense LAN side, it can do what it likes with networks behind it that it NATs onto the pfSense LAN.

johnpoz

"DHCPD enabled and nat to lan ip of AP."

Huh??  How exactly is that guest??  What AP is this or router are you using as AP?

gjaltemba

It is dd-wrt running in router (ap) mode for main ssid. Create bridge for guest wlan with dhcpd. Using iptables to nat to br0.

johnpoz

"Using iptables to nat to br0."

What what possible reason would you do this?  If you want a guest vlan then have dd-wrt tag that traffic for that vlan and control it at pfsense.

gjaltemba

Sounds like a plan. dd-wrt gui only supports port-based vlans. Let me chew on this and see if I can get her done.