Access point issue



  • Hi all,

    I am trying to get an AP working in the LAN network from pfsense. I gave the AP the same IP range as the LAN and set it on dhcp. pfsense is set to 'Only the clients defined below will get DHCP leases from this server.'

    connecting to the AP works when having dhcp ON, just it won't allow me to get on the internet, because it gave me the wrong IP and DNS.
    when setting manually an IP on my laptop everything works.
    When having it automatic it gives me a wrong IP and DNS..
    setting the AP on static it won't connect at all unless I set it manually again.

    from LAN it goes to a switch from here the AP is connected with a lot more lan cables. (lan -> switch -> AP)

    any idea's anyone?


  • Netgate



  • Yes and no.

    I set static IP on the AP in the same range as LAN. because I set 'Only the clients defined below will get DHCP leases from this server.' i used the MAC address to give the AP an IP and even with this option disabled my laptop does not get any IP while my mobile has no problem connecting and gets the IP giving from LAN, so where the issues lies at this moment i do not know.

    entering manually the IP and DNS in my laptop lets me connect to the internet, without it not.

    not sure if rebooting the pfsense would make any difference


  • Netgate

    That's because in this mode the firewall will see the MAC address of the wireless device. Not the AP. That's what a layer 2 bridge does. Why are you locking down MAC addresses like that? What are you hoping to accomplish there?



  • I know there are 2 MAC addresses 1 is the lan AP and the otherone is the WIFI.. I did set the lan AP into dhcp of pfsense like someone else before me did this with OPT1 interface and this is working like a charm, that's why i do not understand why its giving me this issue, even with no MAC address enterd its not working


  • Netgate

    The DHCP logs should tell you exactly what is going on. Have you looked there?



  • to be honest I forgot to look,

    I changed the IP from the AP to fit the subnet of OPT1, connected and worked like a charm got an IP address, DNS everything… so why it is not working on the LAN interface i do not know yet.. also added the MAC address in OPT1.. I will check logs later on why it may not work, will let you know



  • You really do not want your AP to have its DHCP server enabled - that will give out IP addresses to your WiFi devices but likely give them the IP of the AP as their gateway and DNS. You want the WiFi clients to get pfSense LAN IP as gateway and DNS.

    The easiest way to do this stuff is to disable DHCP server on the AP. Connect an AP LAN port onto the wired LAN that is the pfSense LAN. Let pfSense be a general DHCP server on LAN. Wired and wireless clients will get DHCP from pfSense, which will give then the pfSense LAN IP as gateway and DNS.

    You give the AP a static IP address in the LAN subnet (so you always know how to get to its management interface when needed), or let it also get DHCP from pfSense (in which case you could set it to have a static IP on pfSense).



  • AFAIK an AP does not do anything but act as a wireless switch.  DHCP shouldn't even be an option.



  • @W4RH34D:

    AFAIK an AP does not do anything but act as a wireless switch.  DHCP shouldn't even be an option.

    Yes, I agree, if it is just an AP. I was a bit concerned when reading this that the device might be an all-in-one home router with the usual 4 LAN ports and WiFi. When re-purposing one of those to just be a "dumb" AP sitting on the pfSense LAN, it is necessary to make sure to disable any DHCP server function that the "home router" used to be doing.



  • My AP has DHCPD disabled for the main ssid but it also runs a guest ssid on another segment with DHCPD enabled and nat to lan ip of AP.



  • @gjaltemba:

    My AP has DHCPD disabled for the main ssid but it also runs a guest ssid on another segment with DHCPD enabled and nat to lan ip of AP.

    That should be fine. As long as it does not give out DHCP on the pfSense LAN side, it can do what it likes with networks behind it that it NATs onto the pfSense LAN.


  • Rebel Alliance Global Moderator

    "DHCPD enabled and nat to lan ip of AP."

    Huh??  How exactly is that guest??  What AP is this or router are you using as AP?



  • It is dd-wrt running in router (ap) mode for main ssid. Create bridge for guest wlan with dhcpd. Using iptables to nat to br0.


  • Rebel Alliance Global Moderator

    "Using iptables to nat to br0."

    What what possible reason would you do this?  If you want a guest vlan then have dd-wrt tag that traffic for that vlan and control it at pfsense.



  • Sounds like a plan. dd-wrt gui only supports port-based vlans. Let me chew on this and see if I can get her done.