Bridging wireless with VLAN and DHCP

Jonb

I am trying to bridge a Ethernet VLAN to wireless and strip the VLAN. Whole reason is that my network has multiple VLAN for guests etc. I followed this guide http://forum.pfsense.org/index.php/topic,20917.0.html but not much success (although it has worked for simpler setup). My config is:

• <interfaces>- <wan><enable><if>vr0</if>
    <media><mediaopt>- <descr>-   ]]></descr>
    <alias-address><alias-subnet>32</alias-subnet>
    <spoofmac><ipaddr>dhcp</ipaddr></spoofmac></alias-address></mediaopt></media></enable></wan>
• <lan><if>vr1</if>
    <enable>- <descr>-   ]]></descr>
    <spoofmac></spoofmac></enable></lan>
• <opt1>- <descr>-   ]]></descr>
    <if>vr0_vlan30</if>
    <enable><spoofmac></spoofmac></enable></opt1>
• <opt2>- <descr>-   ]]></descr>
    <if>ath0_wlan1</if>
• <wireless><mode>hostap</mode>
    <standard>11g</standard>
    <protmode>rtscts</protmode>
    <ssid>LCHGuest</ssid>
    <channel>0</channel>
    <authmode><txpower>99</txpower>
    <distance><regdomain><regcountry><reglocation>- <wpa><macaddr_acl><auth_algs>1</auth_algs>
    <wpa_mode>1</wpa_mode>
    <wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
    <wpa_pairwise>CCMP TKIP</wpa_pairwise>
    <wpa_group_rekey>60</wpa_group_rekey>
    <wpa_gmk_rekey>3600</wpa_gmk_rekey>
    <passphrase><ext_wpa_sw></ext_wpa_sw></passphrase></macaddr_acl></wpa>
    <auth_server_addr><auth_server_port><auth_server_shared_secret></auth_server_shared_secret></auth_server_port></auth_server_addr></reglocation></regcountry></regdomain></distance></authmode></wireless>
    <enable><spoofmac></spoofmac></enable></opt2>
• <opt3>- <descr>-   ]]></descr>
    <if>vr0_vlan14</if>
    <enable><spoofmac></spoofmac></enable></opt3>
• <opt4>- <descr>-   ]]></descr>
    <if>ath0_wlan2</if>
• <wireless><standard>11g</standard>
    <protmode>rtscts</protmode>
    <txpower>99</txpower>
    <channel>0</channel>
    <distance><regdomain><regcountry><reglocation><mode>hostap</mode>
    <ssid>LOWXXXXXXXXXXX</ssid>
    <authmode>- <wpa><macaddr_acl><auth_algs>1</auth_algs>
    <wpa_mode>1</wpa_mode>
    <wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
    <wpa_pairwise>CCMP TKIP</wpa_pairwise>
    <wpa_group_rekey>60</wpa_group_rekey>
    <wpa_gmk_rekey>3600</wpa_gmk_rekey>
    <passphrase><ext_wpa_sw></ext_wpa_sw></passphrase></macaddr_acl></wpa>
    <auth_server_addr><auth_server_port><auth_server_shared_secret>- <wep><enable>- <key><value>gfbdfhbfxgnxgfnnxg</value></key></enable></wep></auth_server_shared_secret></auth_server_port></auth_server_addr></authmode></reglocation></regcountry></regdomain></distance></wireless>
    <enable><spoofmac></spoofmac></enable></opt4>
• <opt5>- <descr>-   ]]></descr>
    <if>bridge1</if>
    <enable><spoofmac></spoofmac></enable></opt5></interfaces>

BRIDGE0 GUESTVLAN, GUESTSSID Guests 
BRIDGE1 WIRELESSSTAFFVLAN, WIRELESSSTAFF, OPT5 Wireless Staff

Could anyone point me in the right direction?

Jonb

No one with an idea?

cmb

looks sane. What does ifconfig show?

Jonb

vr0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
        options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:1b:df:8c
        inet6 fe80::20d:b9ff:fe1b:df8c%vr0 prefixlen 64 scopeid 0x1
        inet 10.100.7.103 netmask 0xffffff00 broadcast 10.100.7.255
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
vr1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:1b:df:8d
        inet6 fe80::20d:b9ff:fe1b:df8d%vr1 prefixlen 64 scopeid 0x2
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (none)
        status: no carrier
ath0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 2290
        ether 00:1b:b1:07:d3:24
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
        options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
        syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
pflog0: flags=100 <promisc>metric 0 mtu 33200
enc0: flags=0<> metric 0 mtu 1536
vr0_vlan30: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
        ether 00:0d:b9:1b:df:8c
        inet6 fe80::20d:b9ff:fe1b:df8c%vr0_vlan30 prefixlen 64 scopeid 0x8
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        vlan: 30 parent interface: vr0
vr0_vlan14: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
        ether 00:0d:b9:1b:df:8c
        inet6 fe80::20d:b9ff:fe1b:df8c%vr0_vlan14 prefixlen 64 scopeid 0x9
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        vlan: 14 parent interface: vr0
ath0_wlan1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
        ether 00:1b:b1:07:d3:24
        inet6 fe80::21b:b1ff:fe07:d324%ath0_wlan1 prefixlen 64 scopeid 0xa
        nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
        ssid LCHGuest channel 1 (2412 MHz 11g) bssid 00:1b:b1:07:d3:24
        country US ecm authmode OPEN privacy OFF txpower 22 scanvalid 60
        protmode RTSCTS burst -apbridge dtimperiod 1 -dfs
ath0_wlan2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
        ether 06:1b:b1:07:d3:24
        inet6 fe80::41b:b1ff:fe07:d324%ath0_wlan2 prefixlen 64 scopeid 0xb
        nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
        ssid LOWCOSTNETRH19 channel 11 (2462 MHz 11g) bssid 06:1b:b1:07:d3:24
        country US ecm authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit
        txpower 22 scanvalid 60 protmode RTSCTS burst -apbridge dtimperiod 1
        -dfs
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        ether 16:4a:dc:7e:0c:c0
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: ath0_wlan1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 10 priority 128 path cost 370370
        member: vr0_vlan30 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 8 priority 128 path cost 55
bridge1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        ether 0a:a8:58:df:63:39
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: ath0_wlan2 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 11 priority 128 path cost 370370
        member: vr0_vlan14 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 9 priority 128 path cost 200000</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></hostap></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></hostap></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></hostap></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,promisc,simplex,multicast>

cmb

That's all good. What problem are you having specifically?

Jonb

I don't any pass through of DHCP packets for the machines that connect to ether one of the wireless boxes.

EmL

Do you mean, your DHCP server is not pfSense … its on your VLAN. And clients on WIFI dont get an IP adress? You have to setup extra rules for that kind of traffic. IMHO it*s not enough to allow ANY to ANY ...

Yes, you have heard right! You have to set a extra rule for this ... dont know exactly, but search for bridge and dhcp in the forum. There is a thread which is explaining the issue.