Bridging VLAN and Wifi

Question

I am in the process of building my own Linux-based router and have ran into an issue bridging the wifi and LAN networks. The box previously ran pfSense, but due to it's inability to use my internal wifi adapter, I decided to build my own router on top of CentOS 7.

The box only has one ethernet port, so I setup a managed switch to create two VLANs:

• enp3s0.10: LAN
• enp3s0.99: WAN

I setup hostapd, connected to the wifi access point, but noticed my device was unable to pull an IP from my DHCP server. The wifi devices connected to my network will need to be able to access other devices on the wired LAN, like my DHCP and DNS services.

I have tried bridging enp3s0.10 with the wifi adapter (wls4), but that only lead to my LAN port becoming inaccessible externally. Is it possible to bridge a VLAN with a wireless adapter, or is there a better way to accomplish this? How do the inexpensive consumer routers accomplish this?

Network Topology

As requested (thanks Damiano Verzulli), I have added a diagram of my network topology. Due to me having less than 10 reputation points, I was forced to provide a link.

Network Topology Diagram

Notes:

• The router Linux box ("Router" in the diagram) has one ethernet port (enp3s0) and an internal wifi adapter (wls4)
• With the exception of enp3s0.99 (which receives it's address/subnet from my cable modem), all other devices on my LAN have an address in the 192.168.1.0/24 space

Answer 1

I managed to solve my issue, and wanted to share with others who may face a similar problem in the future.

My network

• enp3s0 - Physical ethernet adapter
• enp3s0.10 - VLAN; connects to LAN
• enp3s0.99 - VLAN; connects to WAN (cable modem)
• wls4 - Wireless adapter

Solution

1. Define each network interface (including a bridge interface named br0)

   Set the value of /etc/sysconfig/network-scripts/ifcfg-enp3s0 to:

   TYPE=Ethernet
   BOOTPROTO=none
   DEVICE=enp3s0
   ONBOOT=yes
   

   Set the value of /etc/sysconfig/network-scripts/ifcfg-br0 to:

   DEVICE=br0
   TYPE=Bridge
   IPADDR=192.168.1.1
   NETMASK=255.255.255.0
   ONBOOT=yes
   BOOTPROTO=none
   

   Set the value of /etc/sysconfig/network-scripts/ifcfg-enp3s0.10 to:

   DEVICE=enp3s0.10
   BOOTPROTO=none
   ONBOOT=yes
   BRIDGE=br0
   VLAN=yes
   

   Set the value of /etc/sysconfig/network-scripts/ifcfg-enp3s0.99 to:

   DEVICE=enp3s0.99
   BOOTPROTO=dhcp
   ONBOOT=yes
   VLAN=Yes
   

2. Restart the network

   [admin@router ~]$ sudo service network start
   

3. Setup hostapd

   Set the value of /etc/hostapd/hostapd.conf to:

   #
   # For more information:
   #
   # https://wireless.wiki.kernel.org/en/users/Documentation/hostapd
   # https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
   #
   
   # Wireless Interface
   interface=wls4
   driver=nl80211
   
   # Wireless Environment
   ssid=[router_ssid_here]
   hw_mode=g
   channel=1
   
   # Authentication and Encryption
   macaddr_acl=0
   auth_algs=1
   ignore_broadcast_ssid=0
   wpa=2
   wpa_passphrase=[ap_password_here]
   wpa_key_mgmt=WPA-PSK
   wpa_pairwise=TKIP
   rsn_pairwise=CCMP
   
   # Country
   country_code=US
   ieee80211d=1
   
   # IEEE 802.11ac (req hw_mode=a)
   # ieee80211ac=1
   
   # IEEE 802.11n
   ieee80211n=1
   
   # WMM
   wmm_enabled=1
   

4. Create a systemd service to add wls4 to the bridge br0 and launch hostapd. I did this for the following reasons:

   • wls4 would sporadically drop from bridge br0 when I added the bridge declaration in hostapd.conf
   • Before hostapd can successfully launch, I first needed to call rfkill unblock wlan

5. Create /root/launch_hostapd.sh (must be done as root)

   #!/bin/bash
   
   # Set 4addr on wifi adapter
   iw dev wls4 set 4addr on
   
   # Add wifi adapter to bridge br0
   ip link set wls4 master br0
   
   # Unblock wlan
   rfkill unblock wlan
   
   # Launch hostapd
   systemctl start hostapd
   

6. Make /root/launch_hostapd.sh executable

   [admin@router ~]$ sudo chmod +x /root/launch_hostapd.sh
   

7. Create /etc/systemd/system/launch_hostapd.service (must be done as root)

   [Unit]
   Description=Runs "rfkill unblock wlan" and then launches hostapd
   After=network.target
   
   [Service]
   Type=simple
   ExecStart=/root/launch_hostapd.sh
   TimeoutStartSec=0
   
   [Install]
   WantedBy=default.target
   

8. Reload systemctl daemon

   [admin@router ~]$ sudo systemctl daemon-reload
   

9. Enable/start launch_hostpad service

   [admin@router ~]$ sudo systemctl enable launch_hostapd
   [admin@router ~]$ sudo systemctl start launch_hostapd
   

Conclusion

I hope this helps anyone else who may want to bridge their LAN and WLAN interfaces in the attempt to host an AP via hostapd.