Posted: Mon May 10, 2021 16:10 Post subject: Bridged VAP is unable to get a DHCP IP address from pfsense
Hi,
I have been browsing the forum(s) for the last several days, and I have been unable to find a resolution for the below problem:
==========
Overview:
==========
I have a VLAN that was created for a guest network on my pfsense router. The guest network is tagged as VLAN 3 on the router, and also on DDWRT. I am able to obtain IPv4/IPv6 addresses and browse the internet via the pfsense DHCP server from an interface that is placed in VLAN 3 on DDWRT. I am able to see the SSID being broadcast, however when I try to connect to it, I am asked for the password, and an APIPA address is assigned. I never see any DHCP requests for VLAN 3 in the PFSense firewall logs.
AP:
Netgear R7000 running DD-WRT v3.0-r46446 std in AP mode (fresh install after resetting NVRAM)
Basic Setup:
WAN Connection type: disabled
WAN Port: Assign to switch
DHCP server: disabled
All other options are disabled except for NTP
IP tables rules have been flushed and set to default from the CLI.
Advanced Routing:
Router
Wireless VAP Setup:
wl0.1 - 2.4G Guest (default, bridged to br0)
wl0.2 - Test VAP (bridged to br1)
w.1.1 - 5G Guest (default, bridged to br0)
Wireless Security:
All wireless interfaces are using WPA2PSK with CCMP-128 AES
Switch Config:
ETH1: Default in VLAN 1, assigned to bridge LAN
ETH2: VLAN 3, untagged, assigned to bridge none
ETH3: VLAN 3, tagged, assigned to bridge none
All other interfaces are default
Networking:
Created bridge BR1
Associated VLAN 3 and wl0.2 to BR1
Added IP address to BR1 for DDWRT management/routing.
Bridge Table is below:
bridge name bridge id STP enabled interfaces
br0 8000.6ccdd6106d80 no eth1
eth2
vlan1
vlan2
wl0.1
wl1.1
br1 8000.6ccdd6106d80 no vlan3
wl0.2
==========
Physical Cabling:
==========
FW interface igb2 (Main LAN network) is connected to AP interface ETH1
AP Interface ETH2 (Used for testing VLAN3) currently disconnected
FW interface igb3.3 (VLAN 3) is connected to AP interface ETH3
Thank you all in advance for your help!
Last edited by steven.w51 on Tue May 11, 2021 1:01; edited 1 time in total
hi EGC and Per Yngve Berg, thank you for your responses!
EGC - I had tried some of the work-arounds that are listed in the post that you linked, and they were not successful. However, I downloaded and ran the script that msj100 posted on Apr. 16 2021, and and now I am able to associate on the test SSID, and I am able to get an IP address, browse the internet, etc. So all is good!
Per Yngve Berg,
To answer your question, I was able to ping the IP address that I assigned to br1, as well as the gateway, and 8.8.8.8 from a client that was physically connected to ETH 2 (assigned to VLAN 3). I was never able to associate to the test SSID, so I was never able reach anything on the VLAN 3 subnet via wireless before I ran the work-around script.