Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WI-FI AP not working in LAN

    Scheduled Pinned Locked Moved Wireless
    8 Posts 3 Posters 8.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jpcyrenne
      last edited by

      Good day everyone,

      Been using pfSense for a while now.  Everythig was working fine.  I changed the subnet to a bigger range (255.255.255.0 to 255.255.240.0), cleanded up a few rules and no more wireless in my internal Access Point.  I put back the /24 like it was originally (LAN interface, DHCP). Everything else works. 75 internal laptops connect through DHCP (wired) on the firewall and access the internet.

      Problem:
      WI-FI not working. Authentification problems and no IP address is released.

      Description:
      I'm trying to get an internal wireless solution within the LAN for DEV site testing to work again. I tried 3 different AP routers (Cisco WAP4410N and 2 different WRT54GS with DD-WRT in AP mode).  These AP work in a different zone (WLAN) for customers.  They just don't want to work in the LAN.

      It's as simple as it gets.  My AP is connected to a switch and connected to the LAN port of the pfSense like all other computers. (not a WLAN interface)

      Wired in AP extra ports - It works if I plug into the LAN ports of the AP.  I get and get the web.

      Wireless - I see the AP, enter my password, get an authentification problems and don't get an IP. A windows machine tells me it is authenticating and fails.

      • It used to work, I did clean up some firewall rules.

      Config:
      Running 2.0-RC3 on bare metal appliance
      firewall: 192.168.1.1 /24
      AP : 192.168.1.254 /24  (tried other free IP 192.168.1.2 /24 with no success)
      DHCP comes from Firewall.  DHCP disabled on AP devices.

      WAN subnet PUBLIC IP /29
      WLAN 192.168.111.0 /24
      DMZ 192.168.222.0 /24

      I can't seem to understand why I can't get an IP from a wireless connection when it works in the same box wired?  Can't wait to know what I'm doing wrong? A protocol I must allow in the firewall on the LAN interface?  I compare the LAN and WLAN (192.168.111.0 /24) and dont see anthing different in configurations?  Don't seem to see anything in Status/System logs under the firewall or DHCP when I try to connect from the laptop…

      Thanks Ahead for your time and knowledge...

      JP

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        It looks to me as if the encryption settings in the AP and the encryption settings in the wireless client are not compatible. Hence the DHCP request from the wireless client is not able to be processed. OR you have wireless signal issues.

        1 Reply Last reply Reply Quote 0
        • J
          jpcyrenne
          last edited by

          Thanks for the reply wallabybob,

          If I move the AP to another interface (same AP, same firewall - different NIC), it works. If I unplug the AP from the network.  The laptop (or iPads) connect to the AP with 'limited network' because i never get an IP.  The moment I plug the AP back in the network switch, get this problem.  I've brought the box at my house and it works there.  Just not in the specific LAN interface???

          Could there be some sort of security setting that wouldn't allow the firewall to give an IP to the AP for the client?

          Thanks,

          JP

          1 Reply Last reply Reply Quote 0
          • W
            wallabybob
            last edited by

            Do you have non-default firewall rules on the pfSense LAN interface? Do these rules include a block rule? Do the block rules have the Log option ticked? Do you see the DHCP requests is the pfSense firewall log (Status -> System Logs, click on Firewall tab)?

            Do you see the DHCP requests in the pfSense DHCP log (Status -> System Logs, click on DHCP tab)?

            1 Reply Last reply Reply Quote 0
            • J
              jpcyrenne
              last edited by

              wallabybob,

              After another day of testing I think I will go with a WLAN interface solution that is bridged with the LAN.  Every documentation I find does it this way.  It's also, probably the right way to do it. I set one up and it works fine (havent briged it with the LAN yet, but i can access the WAN, say, ping www.google.com)

              em2 : LAN
              em3 : WLAN (new)
              em4 : WLAN_Clients

              I had looked at the rules once again and there are no rules on the LAN interface that could cause a problem.  Read up on the different Chanels (6, 1 or 11). I noticed that I do have many wireless networks around me (business tower: DDWRT has nice tools to mesure and see closest networks) but on test confirmed it all:  I took the wireless network that worked across the office (em4 : AP ping wired=.5ms / wireless=5ms from a laptop 5 feet from it) and moved it from it's zone (em4) to a switch in the LAN in the server room (nothing changed on the AP side - Channel, signal, collisions and all) and my problems came back (in switch in em2 : AP ping wired =>1ms / wireless=5000ms with 80% packet loss authentication problems, from the same laptop 5 feet from it - same untouched setup).  It now seems clear that there is something with the LAN interface?  Wether I use a Dell, MacBook Pro or iPad, with the same wireless set up, I have wifi problems???

              Since everything works normally on the new WLAN (em3), I'll bridge it up with LAN tomorrow and play with a new subnet mask (probably go from a /24 to /20) and see if everithing can talk well together with a machine running a static IP from the LAN (say 192.168.1.50 255.255.240.0) ?

              I'll come back and give you some news.

              Thanks again.  Your help is really appreciated.  I'm not pondering alone!

              1 Reply Last reply Reply Quote 0
              • W
                wallabybob
                last edited by

                @jpcyrenne:

                After another day of testing I think I will go with a WLAN interface solution that is bridged with the LAN.  Every documentation I find does it this way.  It's also, probably the right way to do it.

                The "right" way depends on what you want to do. Its fine if you want to allow conversations between wireless client and LAN clients, but if you don't want to allow such conversations there is no point bridging.

                @jpcyrenne:

                I took the wireless network that worked across the office (em4 : AP ping wired=.5ms / wireless=5ms from a laptop 5 feet from it) and moved it from it's zone (em4) to a switch in the LAN in the server room (nothing changed on the AP side - Channel, signal, collisions and all) and my problems came back (in switch in em2 : AP ping wired =>1ms / wireless=5000ms with 80% packet loss authentication problems, from the same laptop 5 feet from it - same untouched setup).

                I suspect if you put an AP in a server room you expose its sensitive receiver to a lot of radio signal which interferes with reception of the signal you want. Same thing if the wireless client is in the server room. You might get a better result if you ran a cable from the switch to the AP outside the server room.

                1 Reply Last reply Reply Quote 0
                • J
                  jpcyrenne
                  last edited by

                  That's what I did.  The wireless router stayed 75 feet away from server room and never moved (staid in working environment/element).  No difference in AP exposure.  I only moved the patch cord in server room form zone port em4 to switch in em2 and back.  Weird eh?

                  1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan
                    last edited by

                    Hi there !

                    I have many 54GLxxx (Linksys/Cisco) with the latest DDWRT firmware.
                    They are attatched to my Opt1 interface - my Public Wifi acces network, PfSense = 192.168.2.1 - AP1 192.168.2.2 AP2 192.168.2.3 etc etc
                    I have also 54GLxxx (Linksys/Cisco) with the latest DDWRT firmware in my LAN - PfSense = 192.168.1.1 (which is default) , the AP being 192.168.1.15
                    The gateway setting in the AP is (of course) 192.168.1.1 - DHCP server in the AP is set to off.
                    Needles to say that I DO NOT use the "WAN" plug on the back of the 54GLxxx, but one of the four plugs of the built in switch.

                    You could use one of your Pc's on your LAN section to see the web interface of the AP … and use the telnet (SSH) interface to see what happens in your AP. (Note that the AP DDWRT Firmware has a bare Linux kernel, so basic commands like ifconfig etc work).

                    What I didn't understood from your wors is that you could put it (teh AP) to work when connected to your Opt1 network.
                    Connecting it to the LAN network - and the AP stops working.
                    DID you change the gateway when you switched ?
                    If a connection on the switch from the AP always work, but not the Wifi part the the problem is situated in the AP.

                    If I recall well, all I change to make a DDWRT AP work, is:
                    Reset it. It should have a LAN IP that is 192.168.1.1 - dhcp server activated.
                    Connect a PC to it - using LAN cable on the back. (NOT the WAN port).
                    Change IP LAN from 192.168.1.1 to i.e. 192.168.1.2
                    While your at it, on the same page:
                    Switch "Connection type" to "Dissabled"
                    Local IP Address = 192.168.1.2
                    Mask 255.255.255.0
                    Gateway 192.168.1.1 (points to pfsense)
                    Local DNS : 192.168.1.1 (points to pfSense)
                    Shut down its DHCP.
                    (Think about using a NTP server ...)
                    Validate.

                    The AP should be up now. Mine is.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.