I was tinkering with the wifi interfaces in bridge2 and scanning for my phone's hotspot. I clicked "Connect" then the hAP ax3 doesn't want to talk to the default gateway anymore. This is acting as a bridge, and now wifi1 and wifi2 are disabled. Bridge1 has eth04 and eth05
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, s - STATIC
Columns: DST-ADDRESS, GATEWAY, ROUTING-TABLE, DISTANCE
# DST-ADDRESS GATEWAY ROUTING-TABLE DISTANCE
0 As 0.0.0.0/0 192.168.11.254 main 1
DAc 172.17.0.0/24 containers main 0
DAc 192.168.11.0/24 bridge1 main 0
Ping to the gw times out:
ping 192.168.11.254 SEQ HOST SIZE TTL TIME STATUS 0 192.168.11.254 timeout 1 192.168.11.254 timeout 2 192.168.11.254 timeout
The default gateway shows in the ARP list.
2 DC 192.168.11.254 XX:XX:XX:XX:XX:XX bridge1 reachable
I see traffic coming in because a pihole is logging requests.
Doing a torch I see this occasionally but the ping times out.
It’s as if IPv4 is not passing but I’m not filtering anything, just accept and forward in the bridge. I’ve moved the wifi AP from the hAP ax3 to the pfsense router.
I’ve rebooted but to no avail, still the hAP ax3 does not want to talk to the default gateway or anything beyond it. Any suggestions?
The configuration is shared with /export and inserted into </> after selecting all the text, not line by line.
(redacting serial number, passwords and real IPs)
Aside from that, deleting the configuration also deletes the default route (and also the DNS).
Then for the rest the topic seems confusing enough to me to not understand exactly what is intended to be done,
and above all, what has already been done.
A guess: you want to configure hAP ax3 as transparent bridge between wireless and ethernet parts of your LAN. And that would mean you need to add both wifi and ether ports to same bridge.
If that's not it, then explain in details intended role of hAP ax3 and post full configuration export ... because snippets (of what you think is a problem) don't show the full picture (often in these discussions it turns out that problem is elsewhere ... and you as person asking for help are clearly not in position to decide which part of config is wrong or else you'd probably know how to fix it in the first place).
What I've done since is simplify everything in the previous post. I moved all the wifi AP connections and directly connected them to the pfsense router. My laptop is plugged into the pfsense router. The pfsense router is the gateway (192.168.11.254). No changes were made to the pfsense for this incident.
The hAP now has a very simple configuration after a reset:
/interface bridge
add name=bridge1
/interface wifi
set [ find default-name=wifi1 ] configuration.mode=ap
set [ find default-name=wifi2 ] configuration.mode=ap
/interface list
add name=WAN
add name=LAN
/interface bridge port
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.11.251/24 interface=bridge1 network=192.168.11.0
/ip dns
set servers=192.168.11.254
/ip firewall filter
add action=accept chain=forward
/ip route
add gateway=192.168.11.254
Consider now the hAP ax3 as a node. I can ping it from my laptop, I can connect to it via winbox. From the hAP ax3 I can see several devices from the ARP list and ping them, all except the pfsense router.
I have a dhcp server on the pfsense, so I made the hAP ax3 a DHCP client so the configuration is now:
/interface bridge
add name=bridge1
/interface wifi
set [ find default-name=wifi1 ] configuration.mode=ap
set [ find default-name=wifi2 ] configuration.mode=ap
/interface list
add name=WAN
add name=LAN
/interface bridge port
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip neighbor discovery-settings
set lldp-poe-power=no protocol=""
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.11.251/24 interface=bridge1 network=192.168.11.0
/ip dhcp-client
add default-route-tables=main interface=bridge1
/ip dns
set servers=192.168.11.254
/ip firewall filter
add action=accept chain=forward
/ip route
add gateway=192.168.11.254
I did turn off discovery protocol for a IoT device that doesn't like discovery.
Now the hAP ax3 can ping the pfsense router.
So I must've been missing something so basic. Very strange, or using the dhcp client kind of reset the ip4 stack? Again, no changes to the pfsense router, only the hAP ax3.
Pfsense will accept a manually assigned address. The event when communication stopped with the pfsense router was when I clicked "connect" on a wifi interface. Everything was working fine up until then.
Now, to somewhat reset the interface bridge1, I've had to convert it to a dhcp client, even if momentarily. I might keep it this way.
As it is now, it will accept wifi connections from stations. But those stations won't be able to receive IP settings (because wifi interfaces are not part of L2 network, spanning pfsense with its DHCP server nor there's a DHCP server running on hAP ax3) ... and even if those stations are configured with manual IP setup, they won't be able to communicate with the rest of LAN (and beyond) because (again) wifi interfaces are not part of same L2 network as the rest of LAN and neither is hAP ax3 configured to route between wifi interfaces and the rest of LAN.
The intent of the hAP ax3 is to monitor the wifi, host an SMB share, and run a pihole container. Eventually the wifi AP will be connected to the bridge1, then things will be back to normal.
I made it over the big hump of getting the hAP ax3 to talk to the pfsense router. Why it took changing from a static IP to a dhcp client I don't know. But I could stay at a dhcp client. I have options.
Now my next issue is getting a pihole image to repull since pasting in the container commands from a export doesn't seem to recreate the container and pull. The container wants to pull but I get:
pihole: import error: check url failed: ssl: no trusted CA certificate found (6)
