Guest Network Using VLAN created on pfSense

fahadshery · July 28, 2022, 9:35pm

Hi All,

I have configured OpenWRT as an access point and it is working fine as expected i.e. I can connect to it wirelessly and can get the IP via DHCP from pfSense router.

Now I wish to create a Guest network. I have already created VLAN10 for it on the pfSense, configured DHCP and firewall rules etc.

Then I created the same VLAN10 on my managed Cisco switch and tagged it to the port where OpenWRT AP is connected.

In the OpenWRT router, I just have br-lan at this point.

I then created the VLAN using: Network -> Interfaces -> Devices tab -> Add Device Configuration ... -> Device type = Vlan802.1q, Base device = Switch port lan1 (because LAN1 is connected to my router.

Back to Network -> Interfaces -> Add New Interface ... -> give it a name, select Device to be the = Software VLAN: "LAN1.10" -> Create Interface

It creates the interface with no issues and gets the DHCP IP address from the pfSense router correctly from the VLAN10 interface.

Now when I create the wireless interface and assigns this interface in the settings and connect to it, the pfSense router doesn't assign an IP to the connecting device...

I don't know why? I get some 169 IP which means that it failed to get an IP from VLAN10 on pfSense.

Any ideas on what am I missing?

d687r02j8g · July 28, 2022, 9:41pm

Can you post the contents of

/etc/config/network
/etc/config/wireless

fahadshery · July 28, 2022, 9:47pm

cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'redacted'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	option vlan_filtering '1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.2.2'
	option gateway '192.168.2.1'
	option defaultroute '0'
	option delegate '0'
	list dns '192.168.2.1'

config device
	option type '8021q'
	option ifname 'lan1'
	option vid '10'
	option name 'lan1.10'
	option ipv6 '0'

config interface 'GUESTNET'
	option proto 'dhcp'
	option device 'lan1.10'
	option type 'bridge'

cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option band '5g'
	option htmode 'VHT80'
	option country 'GB'
	option cell_density '0'
	option channel 'auto'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option macaddr 'redacted'
	option ssid 'pfSense-OpenWrt'
	option encryption 'psk2'
	option key 'redacted'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option disabled '1'
	option country 'FR'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'
	option macaddr 'redacted'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'GuestNet'
	option encryption 'psk2'
	option key 'redacted'
	option network 'GUESTNET'

fahadshery · July 29, 2022, 2:27pm

can anyone please look into this and help?

u5uyhystr · July 29, 2022, 6:25pm

I think your Wifi is not bridged properly because of missing device section
I tested the guest CLI script on my 1-port router (21.02) and this resulted:

config device 'guest_dev'
	option type 'bridge'
	option name 'br-guest'
	list ports 'eth0.10'
	option ipv6 '0'

config interface 'guest'
	option proto 'static'
	option device 'br-guest'
	option ......


config wifi-iface 'guest'
	option mode 'ap'
	option network 'guest'
	option ssid 'guest'
	option encryption 'psk2'
	option key 'redacted'
	option device 'radio0'