One pfsense router, multiple wireless access points



  • I have a pfsense box that is the firewall / router, and also two netgear wndr3700v4 running ddwrt (6/5/2015) set up as wireless access points.  i gave the netgears their own static ips outside the range, disabled the wan port, etc.  they are working great.  i can access them on the pfsense network, but i can't see them under the pfsense -> status -> dhcp leases.

    I realize this is a loaded question, but:  what am i doing wrong?  everything else that hits the network shows up under pfsense's dhcp leases (which then i assigned static ip's via mac address), except for the two netgears.  even when i manually add the netgears to the dhcp's static ips, they still show "offline" despite me being able to (1) use their wifi and (2) go to the ddwrt management page for each WAP via the static ip's i assigned in ddwrt.

    is this a dhcp issue, or NAT issue?  where do i start?  i realize it's a miniscule issue (not being able to see the WAPs "online" under the DHCP server on the pfsense), but i'd like to resolve this annoying matter if at all possible.

    thanks
    -Wakesk8r-


  • LAYER 8 Netgate

    Why would you think static IP addresses for devices outside the range would show up in the dhcp leases?  dhcpd knows nothing about them.



  • Derelict,

    I wouldn't think about it - i just set static IP's in the pfsense DHCP leases page, after the devices hit my pfsense router, and then i know they exist because they say "online" in pfSense's DHCP leases page.  Yet, all but two devices show up as "online" - both of my WAPs running DDWRT.

    For example: my available LAN range is 147.168.1.1 thru 1.126 (because my DHCPd is a /25 subnet).  The actual range i can give unregistered clients (that is, they are not entered yet into the static ips in the DHCP server) is 1.1 - 1.10.  So, when i go on my DHCP server / leases page, it shows the static ips that are outside the range, but within the available range, as "offline" or "online."  The available range is what matters, as i can see many devices beyond the 1.1 - 1.10  (modem is set to 1.100; wireless access points are set to 1.91 and 1.92).

    I hope that clears up your question.  I think it may be something with DDWRT on the WAPs (like a DNS masque / forwarding / dhcp forwarding), but i'm not sure yet.  This has happened before on similar pfsense builds.

    I've also attached a network schema - my apologies in advance, as i haven't used visio in a few years.

    ![Network 1 Diagram.png](/public/imported_attachments/1/Network 1 Diagram.png)
    ![Network 1 Diagram.png_thumb](/public/imported_attachments/1/Network 1 Diagram.png_thumb)



  • Consider yourself lucky that you are only having a cosmetic issue. I'm not sure how your setup works at all. You have the WAN and LAN in the same subnet?
    Why are you using the DoD's IPs? Anyway, the leases page only shows clients that have obtained their IPs by DHCP. If you want them to show up, for whatever reason, set the DDWRT boxes to DHCP instead of static.
    PS- this particular corner of the forum is for routing and multi-wan. There is a separate area for DHCP/DNS questions.


  • Banned



  • Thanks for your responses, guys.

    For future information:  turn on DHCP forwarding on DDWRT WAPs (instead of disable from this page:  http://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point#Long_Version)

    Step three states to disable dhcp server; whereas my pfsense box is the server, so i had to enable the waps DHCP fowarder to the pfsense box.


  • LAYER 8 Netgate

    Then you have your wireless devices configured as routers not bridges (APs) like they should be.



  • It was actually a static ARP entry matter - once i went to DHCP leases, selected the AP, and edited it to add it as an "ARP Table Static Entry", they know appear "online" on the DCHP Leases page, out of the available DHCP range but well within the total /25 range :-)

    Now if i could just get pfsense to forward the DNS names so that i can could see the actual device name in my DDWRT APs (rather than just ***** as a name, and then the actual subnet ip the wifi device is)…


Log in to reply