Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bridgeing: 2nd bridge does not pass traffic

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 1 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      maldex
      last edited by

      Hi all

      I'm having a bit a hard time here getting two bridge interfaces running. Requirement is simple: accesspoint serving two SSIDs, each connected to an appropriate VLAN. Switchport provides untagged traffic for wlan1, and .1q tagged traffic for wlan2. There are already dhcp-servers and gateways available on these segments, so the pfsense does only L2 connectivity by extending these networks into the air.

      
Bridge0:	vr0_untag,  vr1_untag,  ath0_wlan1 (hostap)
Bridge1:	vr0_144,  vr1_144,  ath0_wlan2 (hostap)

      While setting this up was no problem, I'm having quite a tough time using the 2nd bridge. From my understanding and experience you can usually set IP addresses to both, the physical-member as well as to the bridge interface, so I should be able to dhcp-up all four interfaces: both Ethernet and both bridges, not?

      What works for me is:

      
vr0_untag 	DHCPC -> fine, gets an IP from DHCP on vlan0
vr0_144 	 DHCPC -> fine, gets an IP from DHCP on vlan144
bridge0		DHCPC -> fine, gets an IP from DHCP on vlan0
bridge1		DHCPC -> fail, never gets an address

      the problem with bridge1 is also reproducible when clients are connected to these bridges:
      wlan clients connected to ath0_wlan1 are getting onto the vlan0 network, all good
      wlan clients connected to ath0_wlan2 are getting dhcp'd, but cannot communicate otherwise

      this is very strange: I can see the DHCP-chitchat through bridge1, but see nothing further. Whatever the clients are doing after getting the ip: it's just not visible! Even arp-whohas won't get though, I cannot arp-resolve the ip of the dhcp server, just blanc.

      I made sure that there are enough IPs on the servers, doublechecked the switch (though vlan144 is fine otherwise vr0_144 would not get an ip neither), even made the same config to the 2nd Ethernet interface (vr0): exactely the same: native works just fine, vlan'd port does barely supply an IP that’s it. For analysis I've been through all combinations net.link.pfil_*, and also disabled all packet filtering, nothing.

      Difference from bridge0 to bridge1 is only that the later has a vlan-tagged member … but I've seen this working before.

      As I'm running out of ideas I was wondering if there's something I missed? Just having a 2nd bridge interface should not be a problem, not?  I've searched a lot in this forum but found only one bridge confirmed to work ...

      Cheers
      Alix hardware with 2.1-rel

      1 Reply Last reply Reply Quote 0
      • M Offline
        maldex
        last edited by

        i exchanged the bridges numbering with the same result: only the untagged-bridge works, the tagged does not, i cannot get an IP onto the bridge interface with vlan member.

        though if there is no bridge that includes the untagged vr0, the bridge with vr0_144 works fine.

        so what does not work is: bridge a vlan-member if it's untagged parent is part of another bridge … grrr...

        1 Reply Last reply Reply Quote 0
        • M Offline
          maldex
          last edited by

          and thats it: do not mix untagged and tagged interfaces with bridges.
          final hint came through this discussion: https://forum.pfsense.org/index.php?topic=31539.0

          sorry for bothering

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.