OPT1 for WLAN



  • Hi.  I am having some issues configuring a 3rd NIC for WLAN.  I want this traffic to be segregated from my LAN traffic.  My setup is  as follows:

    1 WAN - ISP
    1 LAN - 10.1.1.1
    1 WLAN (OPT1) - 10.1.2.1

    Everything works great besides WLAN.  I have created the same type of firewall rule for WLAN as LAN has. (default allow WLAN to any)
    DHCP is configured for 10.1.2.0/24 for a range of 10.1.2.100-200
    I have access point connected at 10.1.2.5
    No clients connected to the access point can get an IP from DHCP. I cannot ping 10.1.2.1 even if I assign one manually.  I have even gone in to pfsense cli via ssh and pinged the interface 10.1.2.1 and it replies, but then I cannot ping anything else further (10.1.2.5)  When I look at the packets sent/received for that interface, it is 0/0
    It is the same type of NIC as my WAN, intel pro 100.  I know it is not a hardware issue because I just used it on Untangle fine about 30 minutes ago and I was able to use WAN/LAN/WLAN and hand out IPs on WLAN.  I am desperate please help.  I am sure it is something simple, especially since no packets are coming in and out.  I have tried with different builds and even different NICs.



  • Have you ensured that both LAN and WLAN have at least a /24 subnet mask?



  • Thank you for the reply.  Yes I have made sure that both are the same mask.  I mean out of the box, after adding another NIC that is not bridged and on OPT1, what other configuration is needed besides the firewall rule?(if I even need that)  Is there anything else I need to do or am I missing something.



  • But when you say "the same mask" - what exactly is it?

    Is the link on OPT1 up?



  • Yes, sorry, they are both /24.  Here is the status of the nic

    WLAN interface (fxp0)
    Status 	up
    IP address 	10.1.2.1  
    Subnet mask 	255.255.255.0
    Media 	100baseTX <full-duplex>In/out packets 	0/0 (0 bytes/1 KB)
    In/out packets (pass) 	0/20 (0 bytes/1 KB)
    In/out packets (block) 	0/0 (0 bytes/0 bytes)
    In/out errors 	0/0
    Collisions 	0</full-duplex> 
    

    thanks for your help.



  • I can ping it from my PC (only the interface IP).  The odd thing is, that even though I am pinging it and it is replying, the packet count is not going up.  If it is replying to my PC, it would seme that the packets would increase.



  • I suspect that if you investigate carefully you'll find that something other than pfSense is replying to your pings (e.g. the access point). One way to investigate: What is the MAC address of the system replying to your pings? Is it the MAC address of the pfSense interface?



  • I'll second wallabybob's comment - you have another device on your network with that IP address.

    Ping the IP from your PC again and then type arp -a to see the MAC addresses - look for the line with 10.1.2.1 and compare that with the MAC address of the interface fxp0 on pfSense.



  • I pinged that IP and did an arp -a and it is not listed.

    If I do an arp if_addr 10.1.2.1 it lists nothing.

    I know the NIC is working and the mac is right because I can access the pfsense page on 10.1.2.1, just as I can on 10.1.1.1, on my main machine on 10.1.1.150.  So I am sure I am pinging the right hardware/software address.

    I am starting to think it is something to do with that slot or IRQs.  The riser card I have for the mini mobo has jumpers but I am not sure what the settings are not should I mess with them.  It is odd though, because when i installed the latest Untangle, all 3 NICs were active and I could ping both local subnets.



  • If you can ping it from the computer on 10.1.1.150 and arp -a doesn't list the MAC then you have a problem.  Can you test that again and check that you scroll up on the command prompt window in case it's scrolled off the top of the screen.



  • here is the pipe from the commands minus important macs

    arp -a

    
    Interface: 10.1.1.150 --- 0xb
      Internet Address      Physical Address      Type
      10.1.1.1              00-1c-**-**-**-**     dynamic   
      10.1.1.50             00-04-**-**-**-**     dynamic   
      10.1.1.199            00-1e-**-**-**-**     dynamic   
      10.1.1.244            f8-1e-df-f5-a0-bf     dynamic   
      10.1.1.245            00-1e-e5-e9-21-68     dynamic   
      10.1.1.255            ff-ff-ff-ff-ff-ff     static    
      224.0.0.22            01-00-5e-00-00-16     static    
      224.0.0.252           01-00-5e-00-00-fc     static    
      239.255.255.250       01-00-5e-7f-ff-fa     static    
      255.255.255.255       ff-ff-ff-ff-ff-ff     static    
    
    Interface: 169.254.199.249 --- 0x12
      Internet Address      Physical Address      Type
      169.254.255.255       ff-ff-ff-ff-ff-ff     static    
      224.0.0.22            01-00-5e-00-00-16     static    
      224.0.0.252           01-00-5e-00-00-fc     static    
      239.255.255.250       01-00-5e-7f-ff-fa     static    
    
    Interface: 192.168.133.1 --- 0x13
      Internet Address      Physical Address      Type
      192.168.133.255       ff-ff-ff-ff-ff-ff     static    
      224.0.0.22            01-00-5e-00-00-16     static    
      224.0.0.252           01-00-5e-00-00-fc     static    
      239.255.255.250       01-00-5e-7f-ff-fa     static    
    
    Interface: 169.254.91.160 --- 0x1b
      Internet Address      Physical Address      Type
      169.254.255.255       ff-ff-ff-ff-ff-ff     static    
      224.0.0.22            01-00-5e-00-00-16     static    
      224.0.0.252           01-00-5e-00-00-fc     static    
      239.255.255.250       01-00-5e-7f-ff-fa     static    
      255.255.255.255       ff-ff-ff-ff-ff-ff     static    
    
    

    ping 10.1.2.1

    
    Pinging 10.1.2.1 with 32 bytes of data:
    Reply from 10.1.2.1: bytes=32 time<1ms TTL=64
    Reply from 10.1.2.1: bytes=32 time<1ms TTL=64
    Reply from 10.1.2.1: bytes=32 time<1ms TTL=64
    Reply from 10.1.2.1: bytes=32 time<1ms TTL=64
    
    Ping statistics for 10.1.2.1:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
    
    

    10.1.2.1 is the OPT1

    thank you for your continued support.



  • Did you do the ping first?



  • arp entries generally disappear after a timeout. Hence you need to do the ping first THEN fairly promptly issue the command to display the arp entries.

    There appears something wrong here. The original complaint was that WLAN wasn't working. You should be pinging the pfSense WLAN interface from a system on the WLAN not on the LAN.

    The data suggests your PC is connected to the LAN. In that case the ping to pfSense comes in on the LAN interface and is responded to "internally" and hence the counters for the WLAN interface don't move since there were no packets received on the interface and no packets transmitted on the interface. I have assumed you were reporting with your PC connected to WLAN.

    Please provide output from pfSense shell command ifconfig -a so we can check your interfaces are in the correct state.


Locked