How to configure Wi-fi+Lan bridged access point in pfSense firewall router

I have installed wireless mini-PCIe card for my pfSense firewall. How do I configure a bridged LAN wifi access point (AP) network and setup pfSense?

 

In this tutorial, I will explain how to setup a bridged LAN Wi-fi network access point using pfSense. I am going to assume that you need to configure access point in a bridged mode. Our current setup look as follows on console:

Fig.01: The default WAN (igb0) and LAN (igb1) interfaces

 

The bridge will include LAN (igb2) and Wifi (ath0) interfaces:

bridge0 = LAN + WIFI

You need to configure additional interface (OPT1) and swap them as follows:

WAN = Public IP/upstream router IP

LAN = bridge0

OPT1 = LAN (igb2)

OPT2 = ath0 (wifi) (I’m using this Atheros AR9280 Chipset based mini pcie from Amazon)

You do not want to lose connectivity to your web interface. Hence you need to take help of OPT1. Do not assign an IP address to bridge0 or ath0 (wifi) interfaces. Make sure DHCP server enabled for LAN interface. Let’s get our hands dirty and make pfSense based all in one access point.

Step #1: Add OPT1 and OPT2 interface

Click on the Interfaces > Assign

Fig.02: The default WAN, LAN, and unconfigured ath0 wifi interfaces

 

Select igb3 network port from drop down menu (or which ever is free in your router) and click on the Add button to create OPT1:

Fig.03: Adding OPT1 interface

 

Next repeat the same step to add OPT2 interface with ath0 as a network port. At the end you should have four interfaces as follows:

Fig.04: Four interfaces

Step #2: Enable OPT1 interface

Click on the Interfaces > Assign > OPT1 and set it as follows:

Fig.05: Enable OPT1 with no IPv4 or IPv6 settings

 

Make sure you SAVE the changes.

Step #3: Enable OPT2 (ath0 wifi AP) interface

Click on the Interfaces > Assign > OPT2 and set it as follows (i.e activate access point):

Fig.06: Enable OPT1 with no IPv4 or IPv6 settings. Make sure you set standard and channel too.

 

Scroll down a little bit and set mode to ACCESS POINT, SSID, select WME, enable WPA, set WPA pre-shared key (wifi password), WPA mode to WPA2, WPA pairwise to AES as follows:

Fig.07: Set Wi-fi (OPT2/ath0) settings

 

Make sure you SAVE the changes. Please note that setup a different and strong pre-shared key and SSID for your network.

Step #4: Create a bridge (OPT1+OPT2)

Click on the Interfaces > Assign > select Bridges tab > click on Add button:

Fig.08: Add a new bridge (OPT1+OPT2)

 

Make sure you select both the OPT1 and OPT2 interfaces under Member Interfaces. Click on the save button.

Step #5: Assign correct interface

You need to swap and set correct network port for LAN and OPT1 interfaces as follows:

Interface Old Network port New Network port

LAN igb2 BRIDGE0

OPT1 igb3 igb2

Fig.09: Note down old network port values for LAN and OPT1 before swap

 

Next, assign the BRIDGE0 port to your LAN interface. And assign the port that was originally assigned to your LAN interface:

Fig.10: Set LAN interface network port to BRIDGE0 and old value of LAN interface to OPT1

 

Click on the save button. The pfSense take a little time to reload all changes, and there is no loss in network connectivity. You just finished configuring with the bridge that includes your LAN and wifi interfaces. Finally click on the pfSense logo to see your network status from dashboard:

Fig.11: pfSense wifi access point configured and working

 

Finally, tweak the wireless settings as per your needs. Also, don’t forget to setup the firewall rules for traffic to pass.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *