No internet to clients connected to WIFI AP from opnsense in bridge mode

[darkencraft]

Hi, I'm trying to configure wifi ap in following setup, and clients of wifi ap cannot access internet:

ISP modem/router → opnsense (w/ 6 ports; 1 port WAN, 5 ports bridged as bridge0 assigned to LAN) → Wifi AP (EAP 610)

What I tested so far:

- if i connect wifi ap directly into ISP modem/router: clients of wifi ap have internet access

- opnsense without bridge (1 port WAN, 1 port assigend to LAN, remaining 4 ports unused), and connect AP directly to the port assigned to LAN: clients of wifi ap have internet access

- opnsense without bridge (1 port WAN, 1 port assigend to LAN, remaining 4 ports unused), and connect unmanged switch to port assigned to LAN, then connect wifi AP to swtich: clients of wifi ap have internet access

So the moment that I bridge 5 ports together and assign the bridge0 as LAN, wifi clients no longer have internet access.

- When this happens, from the wifi client, I cannot ping 1) opnsense gateway (192.168.1.1), 2) outside (ie. 8.8.8.8 or 1.1.1.1) but I can ping internal machines that are wired to bridge0 (ie. my NAS).

- On the otherhand, it seems that internet connection exists on wifi AP itself, as when I check for firmware update via wifi AP's web UI (currently set to 192.168.1.99 on static), it checks and reverts with up-to-date message. (in the case of no internet, it reverts with no internet connection)

So, it seems that there's additional configurations that I need to do in opnsense to somehow allow traffic from outside to reach the wifi clients, but I can't seem to figure out what I need to configure. At the moment, I have not made any changes/addition to firewall rules and pretty much factory default set up, except the parts that I needed to configure to make ports bridge together (ie. Interfaces>Assignements)

Would appreciate community help on how I can get internet access from wifi clients!

(yes, I can remove bridge and set up wifi AP underneath the switch, but this means i need to buy a switch with more ports. So before I actually decide on spending more money, I want to try if I can some how work with current setup)

[cookiemonster]

yes there are some additional settings to add. Please look in the documentation. Actually it is here https://docs.opnsense.org/manual/how-tos/lan_bridge.html#lan-bridge

[darkencraft]

thank you for the response. but actually, the document was the exact document that I used to configure the bridge. I also change the configuration in the tunables already. so all the wired devices that are connected to the bridge port works fine.

the problem is the wifi clients not having access to internet, which i cannot figure out what else i need to tweak in opnsense configs.

[cookiemonster]

did you reboot OPN after changing tunables? It is needed for these.
Otherwise review the steps just in case. AP definitively not running its own dhcp server or any other service?
Next is to look at firewall live log to see if the traffic is arriving. Are you using IPV6 ?

[darkencraft]

yes, i rebooted OPN after tunable changes.this is actually my third attempt (each attempt, i factory defaulted OPN) and am pretty sure all steps in the documentation was followed. also, i'm not using ipv6.

As for the AP, TP Link EAP610 to be specific, its not running any dhcp server. When I compare the network parameter assignment between wired device (which internet works) and wifi device (no internet), they are quite identical.

Wi-Fi client (internet not working):

IP: 192.168.1.165
Subnet: 255.255.255.0
Default gateway: 192.168.1.1
DNS: 192.168.1.1

Wired client (internet working):

IP: 192.168.1.103
Subnet: 255.255.255.0
Default gateway: 192.168.1.1
DNS: 192.168.1.1

As for the firewall live log, can you advise what i should look for, or how i should test?