Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN redirection to central router

    L2/Switching/VLANs
    3
    6
    438
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SNR
      last edited by

      Hello,
      I have two pfSense boxes. One should become the manager and the other (lets call it client) is connected by cable and should provide an additinal WLAN access point.
      I created an VLAN (VLAN3) on router incl. DHCP. On "client"-router the eth- interface receives the VLAN3 (interface gets IP by central DHCP etc.). Now i like to configure the "clients" WLAN to be bridged with the VLAN3. All WLAN devices should get everything from central router (DHCP, ntp, DNS, internet access ....). If I connect my Labtop to the WLAN, the connection is established, IP is assigned, but I get no access to internet or even to the router. I can ping/ access WebIF to the "client"- router, only.

      I have configured an bridge from VLAN3- "client"- router interface to WLAN. WLAN has no IP set.
      I have to set an DHCP redirection service on WLAN-interface to central routers address. Otherwise the Labtop is not receiving an Ip by DHCP. Is this needed?
      I set an firewall rule to redirect all to "central"- routers address (ref. to picture).
      wlanap2_firewall_VLAN3_rules.png

      Please, can anyone guide me to the correct direction, how to redirect all request of the WLAN-devices via VLAN3 to the central router. Where I am wrong?

      Thanks in advance
      SNR

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @SNR
        last edited by

        @snr what exactly is providing the wireless? This 2nd pfsense box - or some AP, or a old wifi router your wanting to use as just an AP?

        pfsense with internal wifi is not a good option.

        I am not understand the point of the 2nd pfsense unless it has some wifi in it your trying to leverage?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • S
          SNR
          last edited by SNR

          Hello,
          Yes, both pfSense- boxes are equipped with WLAN-module. Maybe, this is not a good option, but this is the starting point. Both running on an APU-hardware/-board. The second pfSense is intended for WLAN extension, but is placed outside the range of 1st/ "central" router.
          I like to manage firewall filter rules on one box, only. Because of this idea and to get always the same IP for my Labtop and other devices, I created the VLAN to connect all these devices in all WLAN's together.
          If I connect my Labtop to the WLAN/VLAN3 on 1st/central box, I get all functionality. But on 2nd box, I get an connection to 2nd box, only.
          How can I configure this properly?
          Kind regards
          SNR

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @SNR
            last edited by

            @snr
            It would be more reliable to add a VLAN capable switch on the second position and connect an access point to it in addition to the firewall.

            Anyway, what is SNR_WLAN? I guess it's the bridge, isn't it.
            So I'm wondering, if you have set the proper tunables. By default filter rules have to be set on the bridge member interfaces, rules on the bridge are ignored.
            You can change this behavior in System > Advanced > Tunables if you need. See Bridging and firewalling.

            S 1 Reply Last reply Reply Quote 0
            • S
              SNR @viragomann
              last edited by

              @viragomann Ok, maybe I have to explain more about the config and the box. This box (the 2nd box) is not the only one, that is "reused". There is an 3rd as well. Lets get an closer look to the 2nd box. This pfSense-box is placed in living room and all 3 eth/LAN-ports are bridged to work as switch ("Bridge0"). One, "eth" or "LAN" is the physical connection to network. At "LAN1" a SmartTV and "LAN2" an bluray-player is connected. I do not like to use more devices than needed!
              On "LAN" an "VLAN3" connection is configured. This "VLAN3" is called "SNR_WLAN". So this is the VLAN- device. The "WLAN" is the wlan- device. These two devices are bridged to "BRIDGE1". I added the firewall rules to "WLAN" and "SNR_WLAN", but not to the "BRIDGE1".
              The bridge is configured similar to the eth- bridge and this is working (all services available on all 3 ports).
              If I use the diagnostic tools from pfSense, like "ping", I get answers from outside box 2! I can "ping" from "WLAN" or "SNR_WLAN", both works! If I connect my Labtop, or any other device, to WLAN, I get answers from box 2, only (ping, WebIF...). But no Internet or other devices in LAN or VLAN3 are available........and I do not know, where I am wrong.....
              I wonder, why on eth-bridge I do not need an DHCP-redirection and all devices get an IP. On WLAN without "DHCP-redirection" no IP is assigned to my Labtop....?
              Here are the screenshots of my config on box 2
              VLAN3_pfSense_2021-12-28.png

              Kind regards
              SNR

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @SNR
                last edited by

                @snr
                You have to enable the bridges. On the interfaces assignments tab hit the Add (Hinzufügen) button for both, edit the settings then and enable them.

                Then enable the DHCP relay on both bridges.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.