Adding ASUS RT-AC68U as AP only

gklimeck

Hello,

I could use some help in setting up my RT-AC68U as an AP on my new pfSense router.

Here is my setup:

ISP > pfSense > Switch

igb2 = WAN
igb1 = LAN
igb0 = Wireless

I have my LAN up an running and now I need to know how to properly configure pfSense to see the ASUS AP. I have properly switched the ASUS RT-AC68U to AP mode and I gave it a static address of 192.168.1.2.

any help would be appreciated. I'll keep plugging away at this until I hear back.
Thanks,
Gary

NogBadTheBad

Disable DHCP on the ASUS RT-AC68U and connect it to igb0.

Add a DHCP scope on pfSense for the Wi-Fi.

I'm assuming you can route between igb0 & igb1.

johnpoz

"it a static address of 192.168.1.2."

So this is the network you have on your wireless interface.. igb0?

Never really a fan of these devices so called AP mode. All that is required to turn any wifi router into AP mode is turn off its dhcp server and connect it to your network via one of the wifi routers LAN ports.. And sure makes sense to put the routers lan IP on the network your connecting it to too so you can easy access its web gui.

Other problem you have with these devices and native firmware is many of them do not allow you to setup a gateway on its lan side. So its not possible to get to the web gui on the lan IP of the router from another network. Most 3rd party firmware allows for gateways.

Work around solution for devices that do no allow gateway to be set on the lan network is to source nat it on pfsense so that traffic from your lan network to yoru wireless for example would look like its coming from pfsense wireless interface IP. And the AP thinks who is talking to it local to its own network, and no need for gateway then.

gklimeck

DHCP is disabled on ASUS and is connected to igb0.
I need to know how to add a DHCP Scope.
I need to know how to be sure I can route between igb0 & 1gb1

"So this is the network you have on your wireless interface.. igb0?"
Yes, I set the address to be static on the ASUS which is plugged into igb0

NogBadTheBad

@gklimeck:

DHCP is disabled on ASUS and is connected to igb0.
I need to know how to add a DHCP Scope.
I need to know how to be sure I can route between igb0 & 1gb1

"So this is the network you have on your wireless interface.. igb0?"
Yes, I set the address to be static on the ASUS which is plugged into igb0

You create the DHCP scope on your pfSense box, have you put an IP address on igb0 ?

https://doc.pfsense.org/index.php/DHCP_Server

Services -> DHCP Server

My wording wasn't great TBH regarding "I'm assuming you can route between igb0 & igb1" I should have said if you connect a laptop to igb0 can you connnect to devices on igb1, if you can't you'll need to add firewall rules.

gklimeck

Ok, this is called scope. (learning)
Yes, I did that and I get an error about the IP address overlaps. See my attached screenshot.

"The following input errors were detected:
IPv4 address 192.168.1.2/24 is being used by or overlaps with: LAN (192.168.1.1/24)"

Capture.JPG_thumb

NogBadTheBad

You can't give two different interfaces an ip address in the same subnet range.

What are you trying to achieve by connecting the Wi-Fi to two different interfaces ?

gklimeck

my LAN DHCP igb1 handles wired connected devices?
and my WAP DHCP igb0 handle all of my Wireless devices?
Is this how I see it?

gklimeck

What are you trying to achieve by connecting the Wi-Fi to two different interfaces?
I am simply trying to broadcast wifi access in my home network using my ASUS RT as an AP.

NogBadTheBad

@gklimeck:

my LAN DHCP igb1 handles wired connected devices?
and my WAP DHCP igb0 handle all of my Wireless devices?
Is this how I see it?

So your not trying to block Wi-Fi access to your LAN network ?

If the above is true just re-ip address your RT-AC68U with an unused ip address that isn't in the DHCP range for the LAN and connect it to your LAN switch.

How many decives are you talking about at your location ?

gklimeck

Thanks.

I was initially read to configure the 3 ports on my pfsense router as previously mentioned and connect the ap to the 3rd i.e. igb0.

Ill do as you suggested.

My home network uses up to 20 wifi devices.

NogBadTheBad

@gklimeck:

Ill do as you suggested.

It's fine connecting it to igb0, you'll just need to :-

Allocate a new subnet for the interface and apply the ip address to the interface, maybe use 192.168.2.1/24

Configure the AP with a new IP address 192.168.2.2/24.

Set up the DHCP for the new interface, look how your LAN interface is set up.

Set up an any any firewall rules on the new interface.

gklimeck

I got it working!
Thanks for all the help and patience.

I had to set the source in my Wireless Rules to Wireless to Net.

NogBadTheBad

@gklimeck:

I got it working!
Thanks for all the help and patience.

I had to set the source in my Wireless Rules to Wireless to Net.

:)

Gertjan

@gklimeck:

…... I made Rules in my firewall to match my LAN rules but it can't get out to WAN from a wireless device. What am I missing?

Dono.
Didn't saw your firewall rules.

What about a "pass-all" rule to test ?
Afterward you make more specific rules- and test after each new rule - and step back when things won't work anymore.

gklimeck

@Gertjan:

@gklimeck:

…... I made Rules in my firewall to match my LAN rules but it can't get out to WAN from a wireless device. What am I missing?

Dono.
Didn't saw your firewall rules.

What about a "pass-all" rule to test?
Afterward, you make more specific rules- and test after each new rule - and step back when things won't work anymore.

Not a bad idea and I'll get better at this.
Thanks,
G