Migrating from old wifi to wifiwave2 with virtual access points.

bitmage · July 4, 2023, 4:02pm

I have a hAP ac3 that I’ve been using with 6.x and several virtual access points. I had firewall rules configured to disable traffic from those to local LAN devices. That’s all worked fine.

Today I upgraded to 7.10.1 and installed the wifiwave2-7.10.1 package. I’ve been setting up the wireless again. The two real interfaces work fine, but adding virtual APs is giving me issues.

I have created a virtual AP and assigned it’s datapath to bridge and interface:LAN. That works, but I’m unable to find a way to filter the traffic from it:

If I try adding a firewall rule with an In. Interface of the virtual AP, it returns:
interface matcher not possible when interface (virtap) is slave - use master instead (bridge)

If I try assigning a VLAN to the virtual AP under Datapath so I could filter it that way, I get:
vlan-id configured, but interface does not support assigning vlans

I’m also not able to assign a DHCP server to the virtual AP like I was before, attempting to assign one to the virtual AP interface returns “DHCP server can not run on slave interface!”

Is there any tutorial on setting up isolated virtual access points using wifiwave2?

Thanks!

holvoetn · July 4, 2023, 4:54pm

I assume you added those slave interfaces to bridge ?
Don’t.
The error message says you twice not to try that

bitmage · July 4, 2023, 5:25pm

There was no error message when assigning them to the bridge? When I didn’t assign them to the bridge they had no connectivity.

holvoetn · July 4, 2023, 5:32pm

Correct.
And if you want them to behave separately with connectivity, you have to assign IP address, dhcp server etc. to the slave interface.
Assign the slave interfaces to the bridge and they will behave within the perimeter of that bridge.
Or use a second bridge to combine the slave interfaces which should go together (not recommended but can be done).

The error did not come when you assigned them to the bridge.
The errors came when you wanted to add things to that interface which at that point, was a slave for bridge.
You can not do that.

Other option (cleaner) is to use VLANs across the board.

Both options will then allow you to use firewall rules to separate traffic.

bitmage · July 10, 2023, 12:12am

Thanks, was able to get it working by having them not assigned to bridge and configuring DHCP servers for each.