Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Access point issue

    Off-Topic & Non-Support Discussion
    6
    16
    7352
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      newbie_sense last edited by

      Hi all,

      I am trying to get an AP working in the LAN network from pfsense. I gave the AP the same IP range as the LAN and set it on dhcp. pfsense is set to 'Only the clients defined below will get DHCP leases from this server.'

      connecting to the AP works when having dhcp ON, just it won't allow me to get on the internet, because it gave me the wrong IP and DNS.
      when setting manually an IP on my laptop everything works.
      When having it automatic it gives me a wrong IP and DNS..
      setting the AP on static it won't connect at all unless I set it manually again.

      from LAN it goes to a switch from here the AP is connected with a lot more lan cables. (lan -> switch -> AP)

      any idea's anyone?

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Does this clear anything up?

        https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • N
          newbie_sense last edited by

          Yes and no.

          I set static IP on the AP in the same range as LAN. because I set 'Only the clients defined below will get DHCP leases from this server.' i used the MAC address to give the AP an IP and even with this option disabled my laptop does not get any IP while my mobile has no problem connecting and gets the IP giving from LAN, so where the issues lies at this moment i do not know.

          entering manually the IP and DNS in my laptop lets me connect to the internet, without it not.

          not sure if rebooting the pfsense would make any difference

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            That's because in this mode the firewall will see the MAC address of the wireless device. Not the AP. That's what a layer 2 bridge does. Why are you locking down MAC addresses like that? What are you hoping to accomplish there?

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • N
              newbie_sense last edited by

              I know there are 2 MAC addresses 1 is the lan AP and the otherone is the WIFI.. I did set the lan AP into dhcp of pfsense like someone else before me did this with OPT1 interface and this is working like a charm, that's why i do not understand why its giving me this issue, even with no MAC address enterd its not working

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                The DHCP logs should tell you exactly what is going on. Have you looked there?

                Chattanooga, Tennessee, USA
                The pfSense Book is free of charge!
                DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • N
                  newbie_sense last edited by

                  to be honest I forgot to look,

                  I changed the IP from the AP to fit the subnet of OPT1, connected and worked like a charm got an IP address, DNS everything… so why it is not working on the LAN interface i do not know yet.. also added the MAC address in OPT1.. I will check logs later on why it may not work, will let you know

                  1 Reply Last reply Reply Quote 0
                  • P
                    phil.davis last edited by

                    You really do not want your AP to have its DHCP server enabled - that will give out IP addresses to your WiFi devices but likely give them the IP of the AP as their gateway and DNS. You want the WiFi clients to get pfSense LAN IP as gateway and DNS.

                    The easiest way to do this stuff is to disable DHCP server on the AP. Connect an AP LAN port onto the wired LAN that is the pfSense LAN. Let pfSense be a general DHCP server on LAN. Wired and wireless clients will get DHCP from pfSense, which will give then the pfSense LAN IP as gateway and DNS.

                    You give the AP a static IP address in the LAN subnet (so you always know how to get to its management interface when needed), or let it also get DHCP from pfSense (in which case you could set it to have a static IP on pfSense).

                    As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                    If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                    1 Reply Last reply Reply Quote 0
                    • W
                      W4RH34D last edited by

                      AFAIK an AP does not do anything but act as a wireless switch.  DHCP shouldn't even be an option.

                      Did you really check your cables?

                      1 Reply Last reply Reply Quote 0
                      • P
                        phil.davis last edited by

                        @W4RH34D:

                        AFAIK an AP does not do anything but act as a wireless switch.  DHCP shouldn't even be an option.

                        Yes, I agree, if it is just an AP. I was a bit concerned when reading this that the device might be an all-in-one home router with the usual 4 LAN ports and WiFi. When re-purposing one of those to just be a "dumb" AP sitting on the pfSense LAN, it is necessary to make sure to disable any DHCP server function that the "home router" used to be doing.

                        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                        1 Reply Last reply Reply Quote 0
                        • G
                          gjaltemba last edited by

                          My AP has DHCPD disabled for the main ssid but it also runs a guest ssid on another segment with DHCPD enabled and nat to lan ip of AP.

                          1 Reply Last reply Reply Quote 0
                          • P
                            phil.davis last edited by

                            @gjaltemba:

                            My AP has DHCPD disabled for the main ssid but it also runs a guest ssid on another segment with DHCPD enabled and nat to lan ip of AP.

                            That should be fine. As long as it does not give out DHCP on the pfSense LAN side, it can do what it likes with networks behind it that it NATs onto the pfSense LAN.

                            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                            1 Reply Last reply Reply Quote 0
                            • johnpoz
                              johnpoz LAYER 8 Global Moderator last edited by

                              "DHCPD enabled and nat to lan ip of AP."

                              Huh??  How exactly is that guest??  What AP is this or router are you using as AP?

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

                              1 Reply Last reply Reply Quote 0
                              • G
                                gjaltemba last edited by

                                It is dd-wrt running in router (ap) mode for main ssid. Create bridge for guest wlan with dhcpd. Using iptables to nat to br0.

                                1 Reply Last reply Reply Quote 0
                                • johnpoz
                                  johnpoz LAYER 8 Global Moderator last edited by

                                  "Using iptables to nat to br0."

                                  What what possible reason would you do this?  If you want a guest vlan then have dd-wrt tag that traffic for that vlan and control it at pfsense.

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

                                  1 Reply Last reply Reply Quote 0
                                  • G
                                    gjaltemba last edited by

                                    Sounds like a plan. dd-wrt gui only supports port-based vlans. Let me chew on this and see if I can get her done.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post