Messages

so, i wasn't able to fix the problem, and ended up buying TL-SG1016D (16-Port Switch).
My current setup is using 1 port to wan, 1 port to lan without any bridges, and remaining 4 ports being unused.
Now all my connections rely on the newly bought 16 port switch, including the wifi ap. with this setup, wifi devices do get internet connection.

[22:b2:b5:e8:db:00]

Have you checked the MAC addresses learned from ARP on each device? Actual values, not just presence. Looking for a problem proxy.

From ARP Table, I see:
192.168.1.1 → 58:9c:fc:10:e1:13 (OPN MAC)
192.168.1.134 → 22:b2:b5:e8:db:00 (Wifi Client)
192.168.1.99→ 3c:78:95:90:de:da (Wifi AP)

When I do packet capture, I see:
22:b2:b5:e8:db:00 ff:ff:ff:ff:ff:ff ARP, length 64: Request who-has 192.168.1.1 tell 192.168.1.134, length 50
58:9c:fc:10:e1:13 22:b2:b5:e8:db:00 ARP, length 46: Reply 192.168.1.1 is-at 58:9c:fc:10:e1:13, length 32 LAN

This is what you are advising me to check, correct?

If that is the case then you need to figure out what is going on at your Omada Accesspoint ?!

Yea, at first I was suspicious of Omada AP. But AP and its wifi clients work fine when AP is directly connected to ISP mode/router or to OPN non-bridge. (ie. OPN's LAN assigned to a physical port igc1). So the internet inaccessibility is only prevalent during bridge, so that is why I'm assuming its OPN problem.

For example : If the WiFi SSID has Tagged VLAN setup instead of just using the Native/Untagged VLAN then the Clients obviously won't have any Internet Access in this new setup :)

Just double checked this in AP's web ui. VLAN is disabled.

- Did you setup new Firewall Rules similar to those that the LAN network has by Default ?

No. I did not add any additional firewall rules.
This is my third attempt, and I factory-reset OPN before each try.
I intentionally kept the firewall rules in their out-of-box state so that any custom rules would not introduce variables or interfere when asking for community support.

- DHCP settings are also adjusted ?

When I was setting up OPN, for WAN ipv4 config type = DHCP, for LAN ipv4 config type was static ipv4 with dhcp server for LAN interface. not sure if this answers the question, or are you referring to something else?

I may not be following your precise configuration. Is the AP in bridge mode?

yes, AP is in bridge mode. dhcp handled from OPN.
As from my first post, below is the setting:
ISP modem/router → opnsense (w/ 6 ports; 1 port WAN, 5 ports bridged as bridge0 assigned to LAN) → Wifi AP (EAP 610)

Coming back from some more additional findings:
When I ping OPN (192.168.1.1) from wifi device (internet not working), I can see from OPN packet capture that ARP who is request (from wifi device) and ARP reply (from OPN) are being sent.
But after this OPN packet capture does not see ICMP echo request from wifi device.

I compared this behavior with wifi device pinging an other internal device (ie. my NAS). In the OPN capture, I see ARP request/reply, followed by ICMP packet echo request/reply.

Based on this and "considering that wifi device works fine when OPN not in bridging ports", could there be cirmcumstances where:
1. Although ARP reply is sent an OPN packet capture, it is blocked by firewall rules, and never reached to the wifi device
2. Or, ICMP echo request was sent from the wifi device, but firewall rules blocking the ICMP request to OPN (but passing any other ICMP request to internal devices), therefore OPN capture not seeing any ICMP request coming in.

Is there anyway to verify 1 and 2? Or any other ideas?

[Wi-Fi client (internet not working):]

yes, i rebooted OPN after tunable changes.this is actually my third attempt (each attempt, i factory defaulted OPN) and am pretty sure all steps in the documentation was followed. also, i'm not using ipv6.

As for the AP, TP Link EAP610 to be specific, its not running any dhcp server. When I compare the network parameter assignment between wired device (which internet works) and wifi device (no internet), they are quite identical.

Wi-Fi client (internet not working):

IP: 192.168.1.165
Subnet: 255.255.255.0
Default gateway: 192.168.1.1
DNS: 192.168.1.1

Wired client (internet working):

IP: 192.168.1.103
Subnet: 255.255.255.0
Default gateway: 192.168.1.1
DNS: 192.168.1.1

As for the firewall live log, can you advise what i should look for, or how i should test?

[so all the wired devices that are connected to the bridge port works fine.]

thank you for the response. but actually, the document was the exact document that I used to configure the bridge. I also change the configuration in the tunables already. so all the wired devices that are connected to the bridge port works fine.

the problem is the wifi clients not having access to internet, which i cannot figure out what else i need to tweak in opnsense configs.

Hi, I'm trying to configure wifi ap in following setup, and clients of wifi ap cannot access internet:

ISP modem/router → opnsense (w/ 6 ports; 1 port WAN, 5 ports bridged as bridge0 assigned to LAN) → Wifi AP (EAP 610)

What I tested so far:

- if i connect wifi ap directly into ISP modem/router: clients of wifi ap have internet access

- opnsense without bridge (1 port WAN, 1 port assigend to LAN, remaining 4 ports unused), and connect AP directly to the port assigned to LAN: clients of wifi ap have internet access

- opnsense without bridge (1 port WAN, 1 port assigend to LAN, remaining 4 ports unused), and connect unmanged switch to port assigned to LAN, then connect wifi AP to swtich: clients of wifi ap have internet access

So the moment that I bridge 5 ports together and assign the bridge0 as LAN, wifi clients no longer have internet access.

- When this happens, from the wifi client, I cannot ping 1) opnsense gateway (192.168.1.1), 2) outside (ie. 8.8.8.8 or 1.1.1.1) but I can ping internal machines that are wired to bridge0 (ie. my NAS).

- On the otherhand, it seems that internet connection exists on wifi AP itself, as when I check for firmware update via wifi AP's web UI (currently set to 192.168.1.99 on static), it checks and reverts with up-to-date message. (in the case of no internet, it reverts with no internet connection)

So, it seems that there's additional configurations that I need to do in opnsense to somehow allow traffic from outside to reach the wifi clients, but I can't seem to figure out what I need to configure. At the moment, I have not made any changes/addition to firewall rules and pretty much factory default set up, except the parts that I needed to configure to make ports bridge together (ie. Interfaces>Assignements)

Would appreciate community help on how I can get internet access from wifi clients!

(yes, I can remove bridge and set up wifi AP underneath the switch, but this means i need to buy a switch with more ports. So before I actually decide on spending more money, I want to try if I can some how work with current setup)