Wireless AP Question
-
Hi All,
I have just added a new wireless router to my Pfsense setup. In my wireless router I disabled the DHCP, change it to act as "plain" router and assign IP addresses via Pfsense DHCP service to the wireless client.
My LAN subnet is 192.168.1.0/24 and wireless subnet is 19.168.5.0/24. All the connection and routing seemed to be fine, but one issue that still bug me is that I have an issue connecting to the AP's web interface from any network segments (LAN/WAN). I know it is not a major one, but I will need access to the AP web interface every now and then to change the password and all the admin stuff.
I know that this is probably just a simple network stuff that probably got overlooked, therefore I need your help in order to point me to the right direction. Thank you in advance.
-
The wireless router needs to have a default gateway set. Check to see if you can setup a default gateway on the LAN side. If you can't, you might be able to add a static route to your LAN subnet via the pfSense IP. The traffic is probably making it to the AP just fine, but the AP doesn't know where to send traffic back.
-
Thanks for the quick response blak111. As of now, I don't have any access to the AP without resetting it to the factory default and setup everything from scratch. I like your second option of setting the static route via the pfsense IP, but unsure on how to do it? Do I just add the route from my LAN segment to my WAN segment?
I'll play around with the setup later on tonight, and will post update if anything happened.
-
The static route would also have to be setup on the wireless AP. You would put the route on the wireless ap for your LAN network and set the router to your pfSense WLAN ip address. Either way, you will have to get on the wireless access point.
There is one more trickier method that wouldn't require a change on the AP.
Go to NAT > Outbound. Set it to manual and click save.
Add a new rule.
Set the interface to your WLAN interface.
Set the source to network and put in your LAN subnet.
Set the destination to Network and type the IP address of your AP and use a /32 subnet.
Leave the rest and click Save.This will make the traffic originating from your LAN subnet appear to be coming from the interface on the pfSense that shares a network with the wireless AP so its gateway will not come into play.
HOWEVER. All of my solutions may be for the wrong network design.
I interpreted your original message as having a pfSense box with three interfaces. A LAN, a WLAN, and a WAN. Then the access point is plugged into the WLAN interface with one of it's switch ports.
If this is true, refer to the above stuff.Looking back, it looks like you might have an access point that is just plugged into the LAN network on the pfSense with its WAN interface.
If this is the case, let me know and I can help you with that setup instead. -
Hi Again.
Thank you so much for your help. The other day I tried looking for static route for Pfsense and came across some instructions that tweak around System -> Static Route on the pfsense web admin page. Which then successfully brought the whole LAN and WAN down for good hour or so :-[ After recovering from the abuse from my girlfriend and flatmate, I was able to brought the connection back up. So on this occasion, I might wait until the internet is not heavily in use, before doing anything else. Most likely it is going to be this weekend.
To answer your question, my setup is exactly the same as your first thought (WAN, LAN, and WLAN interfaces). So I would probably give that a try later on this weekend and will keep you all posted.
Thanks again for your help with this, this forum has again proven to be the great source for information on Pfsense setup.
-
Set the destination to Network and type the IP address of your AP and use a /32 subnet.
Hi, just reading my previous reply and realized that I don't quite follow on why do I need to use /32 subnet instead of /24. Is this something to do with the routing table? Thanks
-
The static route is not on the pfSense router. The only thing on the pfSense router is the Manual outbound NAT method. The reason you use a /32 subnet mask is because you only want that rule to affect traffic going to the management interface of that access point.
-
Hello Again,
Well, after long and exhausting work. I finally nailed down the issue, it was actually not from Pfsense routing at all. Apparently when I disable the SSID for WRT54GL, it becomes unreachable from anywhere including its own network port. But it still routes the traffic and everything else, only not reachable for administrative purpose :(
I guess, now we know that this issue is not particular for pfsense. However, I truly appreciate the assistance provided by this forum.
I hope this can help anyone else for future issue.