Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bridging wireless with VLAN and DHCP

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jonb
      last edited by

      I am trying to bridge a Ethernet VLAN to wireless and strip the VLAN. Whole reason is that my network has multiple VLAN for guests etc. I followed this guide http://forum.pfsense.org/index.php/topic,20917.0.html but not much success (although it has worked for simpler setup). My config is:

      • <interfaces>- <wan><enable><if>vr0</if>
          <media><mediaopt>- <descr>-   ]]></descr>
          <alias-address><alias-subnet>32</alias-subnet>
          <spoofmac><ipaddr>dhcp</ipaddr></spoofmac></alias-address></mediaopt></media></enable></wan>
      • <lan><if>vr1</if>
          <enable>- <descr>-   ]]></descr>
          <spoofmac></spoofmac></enable></lan>
      • <opt1>- <descr>-   ]]></descr>
          <if>vr0_vlan30</if>
          <enable><spoofmac></spoofmac></enable></opt1>
      • <opt2>- <descr>-   ]]></descr>
          <if>ath0_wlan1</if>
      • <wireless><mode>hostap</mode>
          <standard>11g</standard>
          <protmode>rtscts</protmode>
          <ssid>LCHGuest</ssid>
          <channel>0</channel>
          <authmode><txpower>99</txpower>
          <distance><regdomain><regcountry><reglocation>- <wpa><macaddr_acl><auth_algs>1</auth_algs>
          <wpa_mode>1</wpa_mode>
          <wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
          <wpa_pairwise>CCMP TKIP</wpa_pairwise>
          <wpa_group_rekey>60</wpa_group_rekey>
          <wpa_gmk_rekey>3600</wpa_gmk_rekey>
          <passphrase><ext_wpa_sw></ext_wpa_sw></passphrase></macaddr_acl></wpa>
          <auth_server_addr><auth_server_port><auth_server_shared_secret></auth_server_shared_secret></auth_server_port></auth_server_addr></reglocation></regcountry></regdomain></distance></authmode></wireless>
          <enable><spoofmac></spoofmac></enable></opt2>
      • <opt3>- <descr>-   ]]></descr>
          <if>vr0_vlan14</if>
          <enable><spoofmac></spoofmac></enable></opt3>
      • <opt4>- <descr>-   ]]></descr>
          <if>ath0_wlan2</if>
      • <wireless><standard>11g</standard>
          <protmode>rtscts</protmode>
          <txpower>99</txpower>
          <channel>0</channel>
          <distance><regdomain><regcountry><reglocation><mode>hostap</mode>
          <ssid>LOWXXXXXXXXXXX</ssid>
          <authmode>- <wpa><macaddr_acl><auth_algs>1</auth_algs>
          <wpa_mode>1</wpa_mode>
          <wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
          <wpa_pairwise>CCMP TKIP</wpa_pairwise>
          <wpa_group_rekey>60</wpa_group_rekey>
          <wpa_gmk_rekey>3600</wpa_gmk_rekey>
          <passphrase><ext_wpa_sw></ext_wpa_sw></passphrase></macaddr_acl></wpa>
          <auth_server_addr><auth_server_port><auth_server_shared_secret>- <wep><enable>- <key><value>gfbdfhbfxgnxgfnnxg</value></key></enable></wep></auth_server_shared_secret></auth_server_port></auth_server_addr></authmode></reglocation></regcountry></regdomain></distance></wireless>
          <enable><spoofmac></spoofmac></enable></opt4>
      • <opt5>- <descr>-   ]]></descr>
          <if>bridge1</if>
          <enable><spoofmac></spoofmac></enable></opt5></interfaces>

      BRIDGE0 GUESTVLAN, GUESTSSID Guests 
      BRIDGE1 WIRELESSSTAFFVLAN, WIRELESSSTAFF, OPT5 Wireless Staff

      Could anyone point me in the right direction?

      Hosted desktops and servers with support without complication.
      www.blueskysystems.co.uk

      1 Reply Last reply Reply Quote 0
      • J
        Jonb
        last edited by

        No one with an idea?

        Hosted desktops and servers with support without complication.
        www.blueskysystems.co.uk

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          looks sane. What does ifconfig show?

          1 Reply Last reply Reply Quote 0
          • J
            Jonb
            last edited by

            vr0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
                    options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:1b:df:8c
                    inet6 fe80::20d:b9ff:fe1b:df8c%vr0 prefixlen 64 scopeid 0x1
                    inet 10.100.7.103 netmask 0xffffff00 broadcast 10.100.7.255
                    nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
                    status: active
            vr1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
                    options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:1b:df:8d
                    inet6 fe80::20d:b9ff:fe1b:df8d%vr1 prefixlen 64 scopeid 0x2
                    nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (none)
                    status: no carrier
            ath0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 2290
                    ether 00:1b:b1:07:d3:24
                    media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
            lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
                    options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
                    inet6 ::1 prefixlen 128
                    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
                    nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
                    syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
            pflog0: flags=100 <promisc>metric 0 mtu 33200
            enc0: flags=0<> metric 0 mtu 1536
            vr0_vlan30: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
                    ether 00:0d:b9:1b:df:8c
                    inet6 fe80::20d:b9ff:fe1b:df8c%vr0_vlan30 prefixlen 64 scopeid 0x8
                    nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
                    status: active
                    vlan: 30 parent interface: vr0
            vr0_vlan14: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
                    ether 00:0d:b9:1b:df:8c
                    inet6 fe80::20d:b9ff:fe1b:df8c%vr0_vlan14 prefixlen 64 scopeid 0x9
                    nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
                    status: active
                    vlan: 14 parent interface: vr0
            ath0_wlan1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
                    ether 00:1b:b1:07:d3:24
                    inet6 fe80::21b:b1ff:fe07:d324%ath0_wlan1 prefixlen 64 scopeid 0xa
                    nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
                    ssid LCHGuest channel 1 (2412 MHz 11g) bssid 00:1b:b1:07:d3:24
                    country US ecm authmode OPEN privacy OFF txpower 22 scanvalid 60
                    protmode RTSCTS burst -apbridge dtimperiod 1 -dfs
            ath0_wlan2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
                    ether 06:1b:b1:07:d3:24
                    inet6 fe80::41b:b1ff:fe07:d324%ath0_wlan2 prefixlen 64 scopeid 0xb
                    nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
                    ssid LOWCOSTNETRH19 channel 11 (2462 MHz 11g) bssid 06:1b:b1:07:d3:24
                    country US ecm authmode OPEN privacy ON deftxkey 1 wepkey 1:104-bit
                    txpower 22 scanvalid 60 protmode RTSCTS burst -apbridge dtimperiod 1
                    -dfs
            bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
                    ether 16:4a:dc:7e:0c:c0
                    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
                    maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
                    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
                    member: ath0_wlan1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 10 priority 128 path cost 370370
                    member: vr0_vlan30 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 8 priority 128 path cost 55
            bridge1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
                    ether 0a:a8:58:df:63:39
                    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
                    maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
                    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
                    member: ath0_wlan2 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 11 priority 128 path cost 370370
                    member: vr0_vlan14 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 9 priority 128 path cost 200000</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></hostap></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></hostap></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></hostap></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,promisc,simplex,multicast>

            Hosted desktops and servers with support without complication.
            www.blueskysystems.co.uk

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              That's all good. What problem are you having specifically?

              1 Reply Last reply Reply Quote 0
              • J
                Jonb
                last edited by

                I don't any pass through of DHCP packets for the machines that connect to ether one of the wireless boxes.

                Hosted desktops and servers with support without complication.
                www.blueskysystems.co.uk

                1 Reply Last reply Reply Quote 0
                • E
                  EmL
                  last edited by

                  Do you mean, your DHCP server is not pfSense … its on your VLAN. And clients on WIFI dont get an IP adress? You have to setup extra rules for that kind of traffic. IMHO it*s not enough to allow ANY to ANY ...

                  Yes, you have heard right! You have to set a extra rule for this ... dont know exactly, but search for bridge and dhcp in the forum. There is a thread which is explaining the issue.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.