4. Bridging wireless with VLAN and DHCP

Bridging wireless with VLAN and DHCP

  • J

    I am trying to bridge a Ethernet VLAN to wireless and strip the VLAN. Whole reason is that my network has multiple VLAN for guests etc. I followed this guide http://forum.pfsense.org/index.php/topic,20917.0.html but not much success (although it has worked for simpler setup). My config is:

    • <interfaces>- <wan><enable><if>vr0</if>
        <media><mediaopt>- <descr>-   ]]></descr>
        <alias-address><alias-subnet>32</alias-subnet>
        <spoofmac><ipaddr>dhcp</ipaddr></spoofmac></alias-address></mediaopt></media></enable></wan>
    • <lan><if>vr1</if>
        <enable>- <descr>-   ]]></descr>
        <spoofmac></spoofmac></enable></lan>
    • <opt1>- <descr>-   ]]></descr>
        <if>vr0_vlan30</if>
        <enable><spoofmac></spoofmac></enable></opt1>
    • <opt2>- <descr>-   ]]></descr>
        <if>ath0_wlan1</if>
    • <wireless><mode>hostap</mode>
        <standard>11g</standard>
        <protmode>rtscts</protmode>
        <ssid>LCHGuest</ssid>
        <channel>0</channel>
        <authmode><txpower>99</txpower>
        <distance><regdomain><regcountry><reglocation>- <wpa><macaddr_acl><auth_algs>1</auth_algs>
        <wpa_mode>1</wpa_mode>
        <wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
        <wpa_pairwise>CCMP TKIP</wpa_pairwise>
        <wpa_group_rekey>60</wpa_group_rekey>
        <wpa_gmk_rekey>3600</wpa_gmk_rekey>
        <passphrase><ext_wpa_sw></ext_wpa_sw></passphrase></macaddr_acl></wpa>
        <auth_server_addr><auth_server_port><auth_server_shared_secret></auth_server_shared_secret></auth_server_port></auth_server_addr></reglocation></regcountry></regdomain></distance></authmode></wireless>
        <enable><spoofmac></spoofmac></enable></opt2>
    • <opt3>- <descr>-   ]]></descr>
        <if>vr0_vlan14</if>
        <enable><spoofmac></spoofmac></enable></opt3>
    • <opt4>- <descr>-   ]]></descr>
        <if>ath0_wlan2</if>
    • <wireless><standard>11g</standard>
        <protmode>rtscts</protmode>
        <txpower>99</txpower>
        <channel>0</channel>
        <distance><regdomain><regcountry><reglocation><mode>hostap</mode>
        <ssid>LOWXXXXXXXXXXX</ssid>
        <authmode>- <wpa><macaddr_acl><auth_algs>1</auth_algs>
        <wpa_mode>1</wpa_mode>
        <wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
        <wpa_pairwise>CCMP TKIP</wpa_pairwise>
        <wpa_group_rekey>60</wpa_group_rekey>
        <wpa_gmk_rekey>3600</wpa_gmk_rekey>
        <passphrase><ext_wpa_sw></ext_wpa_sw></passphrase></macaddr_acl></wpa>
        <auth_server_addr><auth_server_port><auth_server_shared_secret>- <wep><enable>- <key><value>gfbdfhbfxgnxgfnnxg</value></key></enable></wep></auth_server_shared_secret></auth_server_port></auth_server_addr></authmode></reglocation></regcountry></regdomain></distance></wireless>
        <enable><spoofmac></spoofmac></enable></opt4>
    • <opt5>- <descr>-   ]]></descr>
        <if>bridge1</if>
        <enable><spoofmac></spoofmac></enable></opt5></interfaces>

    BRIDGE0 GUESTVLAN, GUESTSSID Guests 
    BRIDGE1 WIRELESSSTAFFVLAN, WIRELESSSTAFF, OPT5 Wireless Staff

    Could anyone point me in the right direction?

    0
  • J

    No one with an idea?

    0
  • C

    looks sane. What does ifconfig show?

    0
  • J

    vr0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
            options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:1b:df:8c
            inet6 fe80::20d:b9ff:fe1b:df8c%vr0 prefixlen 64 scopeid 0x1
            inet 10.100.7.103 netmask 0xffffff00 broadcast 10.100.7.255
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    vr1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:1b:df:8d
            inet6 fe80::20d:b9ff:fe1b:df8d%vr1 prefixlen 64 scopeid 0x2
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (none)
            status: no carrier
    ath0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 2290
            ether 00:1b:b1:07:d3:24
            media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
            options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
            inet6 ::1 prefixlen 128
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
            nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
            syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
    pflog0: flags=100 <promisc>metric 0 mtu 33200
    enc0: flags=0<> metric 0 mtu 1536
    vr0_vlan30: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
            ether 00:0d:b9:1b:df:8c
            inet6 fe80::20d:b9ff:fe1b:df8c%vr0_vlan30 prefixlen 64 scopeid 0x8
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
            vlan: 30 parent interface: vr0
    vr0_vlan14: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
            ether 00:0d:b9:1b:df:8c
            inet6 fe80::20d:b9ff:fe1b:df8c%vr0_vlan14 prefixlen 64 scopeid 0x9
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
            vlan: 14 parent interface: vr0
    ath0_wlan1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
            ether 00:1b:b1:07:d3:24
            inet6 fe80::21b:b1ff:fe07:d324%ath0_wlan1 prefixlen 64 scopeid 0xa
            nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
            ssid LCHGuest channel 1 (2412 MHz 11g) bssid 00:1b:b1:07:d3:24
            country US ecm authmode OPEN privacy OFF txpower 22 scanvalid 60
            protmode RTSCTS burst -apbridge dtimperiod 1 -dfs
    ath0_wlan2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
            ether 06:1b:b1:07:d3:24
            inet6 fe80::41b:b1ff:fe07:d324%ath0_wlan2 prefixlen 64 scopeid 0xb
            nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
            ssid LOWCOSTNETRH19 channel 11 (2462 MHz 11g) bssid 06:1b:b1:07:d3:24
            country US ecm authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit
            txpower 22 scanvalid 60 protmode RTSCTS burst -apbridge dtimperiod 1
            -dfs
    bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            ether 16:4a:dc:7e:0c:c0
            id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
            maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
            root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
            member: ath0_wlan1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 10 priority 128 path cost 370370
            member: vr0_vlan30 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 8 priority 128 path cost 55
    bridge1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            ether 0a:a8:58:df:63:39
            id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
            maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
            root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
            member: ath0_wlan2 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 11 priority 128 path cost 370370
            member: vr0_vlan14 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 9 priority 128 path cost 200000</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></hostap></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></hostap></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></hostap></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,promisc,simplex,multicast>

    0
  • C

    That's all good. What problem are you having specifically?

    0
  • J

    I don't any pass through of DHCP packets for the machines that connect to ether one of the wireless boxes.

    0
  • E

    Do you mean, your DHCP server is not pfSense … its on your VLAN. And clients on WIFI dont get an IP adress? You have to setup extra rules for that kind of traffic. IMHO it*s not enough to allow ANY to ANY ...

    Yes, you have heard right! You have to set a extra rule for this ... dont know exactly, but search for bridge and dhcp in the forum. There is a thread which is explaining the issue.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy