[steven.w51]

Hi,

I have been browsing the forum(s) for the last several days, and I have been unable to find a resolution for the below problem:

==========
Overview:
==========

I have a VLAN that was created for a guest network on my pfsense router. The guest network is tagged as VLAN 3 on the router, and also on DDWRT. I am able to obtain IPv4/IPv6 addresses and browse the internet via the pfsense DHCP server from an interface that is placed in VLAN 3 on DDWRT. I am able to see the SSID being broadcast, however when I try to connect to it, I am asked for the password, and an APIPA address is assigned. I never see any DHCP requests for VLAN 3 in the PFSense firewall logs.

==========
Setup:
==========
Router:
PCEngines APU4 running PFSense 2.5.1

AP:
Netgear R7000 running DD-WRT v3.0-r46446 std in AP mode (fresh install after resetting NVRAM)
Basic Setup:
WAN Connection type: disabled
WAN Port: Assign to switch
DHCP server: disabled
All other options are disabled except for NTP

Services:
DNSMASQ: disabled

Security:
Firewall: disabled, filter multicast enabled

IP tables rules have been flushed and set to default from the CLI.

Advanced Routing:
Router

Wireless VAP Setup:
wl0.1 - 2.4G Guest (default, bridged to br0)
wl0.2 - Test VAP (bridged to br1)
w.1.1 - 5G Guest (default, bridged to br0)

Wireless Security:
All wireless interfaces are using WPA2PSK with CCMP-128 AES

Switch Config:
ETH1: Default in VLAN 1, assigned to bridge LAN
ETH2: VLAN 3, untagged, assigned to bridge none
ETH3: VLAN 3, tagged, assigned to bridge none
All other interfaces are default

Networking:
Created bridge BR1
Associated VLAN 3 and wl0.2 to BR1
Added IP address to BR1 for DDWRT management/routing.

Bridge Table is below:
bridge name bridge id STP enabled interfaces
br0 8000.6ccdd6106d80 no eth1
eth2
vlan1
vlan2
wl0.1
wl1.1
br1 8000.6ccdd6106d80 no vlan3
wl0.2
==========
Physical Cabling:
==========
FW interface igb2 (Main LAN network) is connected to AP interface ETH1
AP Interface ETH2 (Used for testing VLAN3) currently disconnected
FW interface igb3.3 (VLAN 3) is connected to AP interface ETH3


Thank you all in advance for your help!

[egc]

Try with the VAP workarounds:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327063

[Per Yngve Berg]

Do you have connection to the IP of br1 from the VLAN3 connected client?

[steven.w51]

hi EGC and Per Yngve Berg, thank you for your responses!

EGC - I had tried some of the work-arounds that are listed in the post that you linked, and they were not successful. However, I downloaded and ran the script that msj100 posted on Apr. 16 2021, and and now I am able to associate on the test SSID, and I am able to get an IP address, browse the internet, etc. So all is good!

Per Yngve Berg,

To answer your question, I was able to ping the IP address that I assigned to br1, as well as the gateway, and 8.8.8.8 from a client that was physically connected to ETH 2 (assigned to VLAN 3). I was never able to associate to the test SSID, so I was never able reach anything on the VLAN 3 subnet via wireless before I ran the work-around script.