Some simple newb help please: bridging LAN and OPT1 to enable a wireless access

  • Hello,

    I'm stuck on a problem here trying to add wireless access to my pfsense router set-up. The set-up is very simple; 3 NIC's, one for the WAN, one for the LAN, and a third to plug a wireless access point into. I'm using an old Netgear wireless router, DHCP disabled. The OPT1 interface is enabled, with IPv4 configuration type set to "None". The OPT1 and LAN interfaces are bridged without any of the additional options changed. The router/access point has been assigned an IP, and I can connect to it from another computer on the LAN. I can connect to the wired or wireless part of the router, but it will not allow the connected device to obtain an IP address (from the pfsense DHCP server).

    It's taken me a fair bit of effort as a pfsense newb to get this far, but now I'm stuck. Apologies if this is covered somewhere else. One peculiarity is that when I save the bridge, pfsense seems to get stuck saving the configuration, but then when I check the bridge under "Interfaces" it is indeed set up. Thanks for any help.

  • OK, realized one likely mistake: after I set up the bridge under Interfaces>Assign>Bridges, I hadn't assigned the bridge an interface. Did that now, OPT2, but still cannot connect with another wired or wireless device. Would it be simpler to set up the Netgear router as a router and DHCP server on a separate subnet?

  • Are you just trying to get wireless and wired on the same subnet?

  • Yes, currently I have just wired LAN access set up.

  • The easiest and best way would have been to plug a wireless AP into the switch connected to the wired LAN.  No fuss.  Easy.

  • I hadn't even realized that was possible initially. That would also let me see if there is a problem with the access point. Any security gains are from having additional devices on a separate subnet anyway, I guess. I checked the DHCP logs and there are no logs from other devices trying to connect. I will play around with this a bit more and see what else works. Thanks.

  • Yeah - Its possible and the least hassle.

    The only good reason to put the AP on a separate OPT port is to segregate wifi from wired by subnet and allow firewall rules to keep them separate, but that would be defeated by bridging.  I'd plug it into the LAN switch and declare victory.  Be sure that DHCP is off on the AP and that you give it an IP on the LAN with the correct subnet settings and that AP isolation is off.

    Good luck.

  • That works! Attached a simple switch to the LAN interface so that not everything has to go between through the crappy wireless access point.  ::) Wireless devices can connect, and I'll try to get the OPT1 interface working as a separate subnet another time. Thanks for the help.

  • Getting those other OPT interfaces up is easy and useful…

    If you wish to segregate a wired network or a wireless AP later for visitors, they will be useful.

    You will get it.  Just takes a little fooling around with it to learn.

  • Netgate Administrator


    Any security gains are from having additional devices on a separate subnet anyway, I guess.

    If you have two interfaces bridged into one subnet you can still apply firewall rules at those interfaces to filter traffic to some extent. So there some security gains if you need them. I would also just attach it to the switch though unless you really need filtering.


Log in to reply