pfSense Support Subscription

Author Topic: HOW TO - EASY (wireless) bridge configuration in 2.0  (Read 108513 times)

0 Members and 1 Guest are viewing this topic.

Offline wallabybob

  • Hero Member
  • *****
  • Posts: 5240
  • Karma: +11/-1
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #15 on: March 01, 2011, 04:28:36 pm »
Some possible problems with this sort of configuration: when forwarding from VLAN to wireless does the bridge strip the VLAN tag? If wireless client sees a VLAN tag in an incoming frame does it ignore the VLAN altogether (and process the frame) or does it ignore the frame on the grounds of "I don't support VLANs so this mustn't be for me"? When forwarding from wireless to VLAN should the bridge add a VLAN tag? If it doesn't how will the frame be processed at the receiving end?

Neither the FreeBSD vlan man page nor the bridge man page say what the bridge will do to VLAN tags when you bridge a VLAN and non-VLAN so I would guess the FreBSD developers might feel free to change the behaviour at any time and not feel a need to document the change.

I think you will be on much firmer ground if you don't mix VLAN and non VLAN interfaces on a bridge.

Offline romainp

  • Full Member
  • ***
  • Posts: 133
  • Karma: +6/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #16 on: March 01, 2011, 08:13:28 pm »
Hi,
Thanks for those very good advices and they all make sense.
Since I have question:
- If I configure one port of my vlan capable switch to only accept vlan traffic, then wireless devices could not connect to the hosts that are filtered by the switch..
Any suggestion?
A big thank for your help.
Romain

Offline wallabybob

  • Hero Member
  • *****
  • Posts: 5240
  • Karma: +11/-1
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #17 on: March 02, 2011, 07:29:52 am »
- If I configure one port of my vlan capable switch to only accept vlan traffic, then wireless devices could not connect to the hosts that are filtered by the switch..
Sorry, I don't understand this description.

Here's a simplified concept description of my configuration. Perhaps this will help.

I have a ProCurve 1700-8 VLAN capable switch.

My pfSense box has physical interfaces ath0 (Wireless LAN), vr0 (LAN) and rl0. ath0 and vr0 are bridged. On rl0 I have VLANS with IDs 10 and 15. rl0 connects to port 7 on the switch. port 7 on the switch is configured as a member of VLAN 10 and VLAN 15. port 6 on the switch is the only other member of VLAN 10 and that connects to my ADSL modem. port 3 on the switch is the only other member of VLAN 15 and connects to a server. My WAN interface is pppoe on vlan 10 on rl0. My OPT3 (DMZ) interface is vlan 15 on rl0.

The switch ports are configured:
port 3 VLAN Aware Enabled=NO Ingress Filtering enabled=NO Packet Type=ALL PVID=15
port 6 VLAN Aware Enabled=NO Ingress Filtering enabled=NO Packet Type=ALL PVID=10
port 7 VLAN Aware Enabled=YES Ingress Filtering enabled=NO Packet Type=Tagged PVID=None

Offline romainp

  • Full Member
  • ***
  • Posts: 133
  • Karma: +6/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #18 on: March 08, 2011, 07:49:55 pm »
 Thanks for for comments
I use at home a  ProCurve 1800-8G

Quote
I have a ProCurve 1700-8 VLAN capable switch.

My pfSense box has physical interfaces ath0 (Wireless LAN), vr0 (LAN) and rl0. ath0 and vr0 are bridged. On rl0 I have VLANS with IDs 10 and 15. rl0 connects to port 7 on the switch. port 7 on the switch is configured as a member of VLAN 10 and VLAN 15. port 6 on the switch is the only other member of VLAN 10 and that connects to my ADSL modem. port 3 on the switch is the only other member of VLAN 15 and connects to a server. My WAN interface is pppoe on vlan 10 on rl0. My OPT3 (DMZ) interface is vlan 15 on rl0.

The switch ports are configured:
port 3 VLAN Aware Enabled=NO Ingress Filtering enabled=NO Packet Type=ALL PVID=15
port 6 VLAN Aware Enabled=NO Ingress Filtering enabled=NO Packet Type=ALL PVID=10
port 7 VLAN Aware Enabled=YES Ingress Filtering enabled=NO Packet Type=Tagged PVID=None


Ok I have read several times your post and still do not understand all the subtilities... Myabe because englsih is not my mother tongue ;-)

Let me resume:

ath0 and lan (vr0) are bridge. Fine. dhcp should gives IP for LAN and wifi. But no vlan here
Your WAN is vlan 10 or rl0
You also have have an interface for vlan15 on rl0 (DMZ)
But where your LAN (vr0) connects on the switch?
Is your wifi traffic tagged by the switch and are you able to go to your vlan'ed machines/servers with your wireless connection?

Thanks again for your precious advices

Offline wallabybob

  • Hero Member
  • *****
  • Posts: 5240
  • Karma: +11/-1
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #19 on: March 09, 2011, 08:52:23 am »
ath0 and lan (vr0) are bridge. Fine. dhcp should gives IP for LAN and wifi. But no vlan here
Your WAN is vlan 10 or rl0
You also have have an interface for vlan15 on rl0 (DMZ)
Correct.

But where your LAN (vr0) connects on the switch?
LAN doesn't use VLANs at all. The pfSense LAN port connect to a separate switch which is not VLAN capable.

Is your wifi traffic tagged by the switch and are you able to go to your vlan'ed machines/servers with your wireless connection?
No and yes.

Offline Bai Shen

  • Full Member
  • ***
  • Posts: 220
  • Karma: +1/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #20 on: March 10, 2011, 07:35:47 pm »
I found my missing step.  I needed to redo the LAN ip configuration.  After that, everything seems to be working.

Offline Bai Shen

  • Full Member
  • ***
  • Posts: 220
  • Karma: +1/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #21 on: March 10, 2011, 07:49:15 pm »
Okay, so I have LAN and WLAN bridged together.  But I can't seem to get a firewall rule to work that will block traffic from WLAN to LAN.  I want to block everything by default and only allow certain ports and ips access.  What do I need to configure on my firewall in order to do this?

Offline wallabybob

  • Hero Member
  • *****
  • Posts: 5240
  • Karma: +11/-1
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #22 on: March 10, 2011, 08:08:45 pm »
On my system I had to specifically enable DHCP traffic from WAN to LAN, otherwise it was blocked (quietly, if I recall correctly). So I think firewall rules on WLAN should be able to accomplish what you want. (Firewall rules apply on input.)

However, you should note that after tweaking with firewall rules it is sometimes necessary to reset firewall states to have the modified rules apply. I always (when I remember) reset firewall states after changing firewall rules. See Diagnostics -> States, click on Reset states tab for more information.

Offline Bai Shen

  • Full Member
  • ***
  • Posts: 220
  • Karma: +1/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #23 on: March 10, 2011, 08:31:10 pm »
I ended up turning filtering on interfaces back on.   Once I did that, my firewall rules worked.

EDIT: I take it back.  I can get DHCP on both LAN and WLAN.  Both of them can get out to the internet.  But they won't talk to each other.  And this is with no additional rules enabled.
« Last Edit: March 10, 2011, 08:40:46 pm by Bai Shen »

Offline MikeKulls

  • Newbie
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #24 on: March 20, 2011, 05:30:33 am »
I just tried this, and it hung at step 6.  I had to use the local console to reset my interfaces.

Also, I don't see a picture showing the Advanced changes that need to be made.

Same here. It took me a while to work this out but if you select LAN + WIFI in your bridge then it doesn't work, you need to select OPT2, WIFI or whatever you've called your wifi.
« Last Edit: March 20, 2011, 07:11:56 am by MikeKulls »

Offline Bai Shen

  • Full Member
  • ***
  • Posts: 220
  • Karma: +1/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #25 on: March 23, 2011, 12:32:45 pm »
I just tried this, and it hung at step 6.  I had to use the local console to reset my interfaces.

Also, I don't see a picture showing the Advanced changes that need to be made.

Same here. It took me a while to work this out but if you select LAN + WIFI in your bridge then it doesn't work, you need to select OPT2, WIFI or whatever you've called your wifi.

I also had to resetup the lan dhcp server from the console.  See my post above yours.

Offline Lutiana

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: HOW TO - recommended wireless configuration in 2.0
« Reply #26 on: April 12, 2011, 04:28:25 am »
Hi,

Yes, it still works. I'm on a snapshot from April 18th. I'll be testing the May 1st 2G Nano snapshot in the next hour.


I am running the latest RC1 build (April 11 2011) and I am trying to get Wireless to work. Unfortunately there does not appear to be any way to add another interface in the GUI, or at least if there is I can't seem to see it. I am stuck with the 3 physical interfaces (dc0 - WAN, nfe0 - LAN and ral0 - WLAN).

EDIT: After some playing around I managed to get it to work. I created a bridge between LAN and WLAN first, then I was able to create the OPT2 interface and set it to the bridge. Enabled OPT2, then went back to the assign page and shuffled the assignments around. Lastly I rebooted the pfSense machine. And now it all works.

My problem now is that my clients will connect at ~36mbps, but that drops to 1mbps almost instantly and stays there. Could this be a hardware issue? The client laptop is sitting about 4 feet from the pfSense machine, with nothing in between them.

Thanks for the help.
« Last Edit: April 12, 2011, 05:09:29 am by Lutiana »

Offline fastcon68

  • Sr. Member
  • ****
  • Posts: 593
  • Karma: +1/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #27 on: May 15, 2011, 06:35:57 pm »
I am using 2.0 RC 1, I can't get the bridge functions to work correctly.  I am using a WatchGuard 500x.
RC

Offline wallabybob

  • Hero Member
  • *****
  • Posts: 5240
  • Karma: +11/-1
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #28 on: May 15, 2011, 07:29:30 pm »
I am using 2.0 RC 1, I can't get the bridge functions to work correctly.  I am using a WatchGuard 500x.
RC
Insufficient information provided. Please complete the following sentence: When I do ... I see ... but I expected to see ...

Offline fastcon68

  • Sr. Member
  • ****
  • Posts: 593
  • Karma: +1/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #29 on: May 17, 2011, 06:59:56 pm »
This is Ron, I just checked the basic settings.  I have the LAN port and my other 4 ports selected.  Now if I connect my laptop I do not get a IP address.  If I turn the wireless on, an the network adapter is connected I do get an IP address.  I would like the to use the 4 optional interfaces like a switch.
RC