ARP requests sent from wrong interface on Hostapd managed access pointChange ip addr label in LinuxConfusion about interfaces, iptables, connections, local connectionHow do I fix Debian that refuses to connect to the internet in VirtualBox?Wifi does not work in laptop 1 when laptop 2 is connectedLinux: outbound IP to my subnet do not appear in tcpdump and do not appear to be sentDebian8 server : Can't resolve IP adresses or DNSHow to find the network namespace of a veth peer ifindex?Conflict between wlan and ethernet boardRouting traffic to my ipv4 routes except 0.0.0.0 address?SSID of hostapd is not visible

How is the claim "I am in New York only if I am in America" the same as "If I am in New York, then I am in America?

Is it possible to run Internet Explorer on OS X El Capitan?

Can you really stack all of this on an Opportunity Attack?

What is a clear way to write a bar that has an extra beat?

A case of the sniffles

Revoked SSL certificate

What would happen to a modern skyscraper if it rains micro blackholes?

I'm flying to France today and my passport expires in less than 2 months

Important Resources for Dark Age Civilizations?

Modeling an IP Address

Why does Kotter return in Welcome Back Kotter?

How can bays and straits be determined in a procedurally generated map?

High voltage LED indicator 40-1000 VDC without additional power supply

How to move a thin line with the black arrow in Illustrator?

Unable to deploy metadata from Partner Developer scratch org because of extra fields

Did Shadowfax go to Valinor?

Approximately how much travel time was saved by the opening of the Suez Canal in 1869?

Why is Minecraft giving an OpenGL error?

Is it unprofessional to ask if a job posting on GlassDoor is real?

Are the number of citations and number of published articles the most important criteria for a tenure promotion?

How old can references or sources in a thesis be?

When a company launches a new product do they "come out" with a new product or do they "come up" with a new product?

infared filters v nd

Cross compiling for RPi - error while loading shared libraries



ARP requests sent from wrong interface on Hostapd managed access point


Change ip addr label in LinuxConfusion about interfaces, iptables, connections, local connectionHow do I fix Debian that refuses to connect to the internet in VirtualBox?Wifi does not work in laptop 1 when laptop 2 is connectedLinux: outbound IP to my subnet do not appear in tcpdump and do not appear to be sentDebian8 server : Can't resolve IP adresses or DNSHow to find the network namespace of a veth peer ifindex?Conflict between wlan and ethernet boardRouting traffic to my ipv4 routes except 0.0.0.0 address?SSID of hostapd is not visible






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








0















I am trying to setup a wireless access point, managed by Hostapd and with dynamic VLAN support. The VLANs are managed dynamically by a FreeRadius server that I use for 802.X authentication.



I am using two devices to test my configuration : a laptop (address 192.168.0.2) and a phone (address 192.168.0.3). The two are using the same VLAN and can communicate with each others.
But I am unable to ping the access point (address 192.168.0.1) from either one.



I have the following config for Hostapd :



###### GENERAL CONFIG ######
# define interface and driver
interface=wlp2s0
driver=nl80211
ssid=MUDDY
channel=1

# WPA2 enterprise auth
wpa=2
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP

# log level, all modules and somewhat verbose
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=1

# could be useful in the future
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

# we want 802.1x auth
ieee8021x=1

# whatever
eapol_key_index_workaround=0

# nope, no integrated eap
eap_server=0

###### RADIUS CONFIG ######
# probably irrelevant with nas_identifier set
own_ip_addr=127.0.0.1

# might make own_ip_addr irrelevant
#nas_identifier=my.nas

# address and port of RADIUS auth server
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=somuchsecret

# we want accounting and be able to receive CoA messages
acct_server_addr=127.0.0.1
acct_server_port=1813
acct_server_shared_secret=somuchsecret

radius_das_port=3799
radius_das_client=127.0.0.1 thatsabigsecretohyeah

# accounting every minute
radius_acct_interim_interval=60

# VLANs are dealt with by the Radius server
dynamic_vlan=1



The interfaces created by Hostapd are as follows :



$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
 link/ether 98:4f:ee:14:16:23 brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff
8: wlp2s0.149: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master brvlan149 state UNKNOWN mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff
9: brvlan149: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff


When my laptop sends an ARP request, the reply is sent through the brvlan149 bridge, and through the wlp2s0.149 port.



However, the ARP request to retrieve my laptop's IP (necessary to send the ping reply) is sent from the wlp2s0 interface, and the laptop never receives it.



I do not understand this behavior, and how Hostapd (or Linux) manages the interfaces. I am using version 2.6 of Hostapd.



I have deactivated reverse path filtering, as this seemed to be causing issues in similar configurations.



The routes I have are the following :



$ ip route show table all
default via 192.168.234.1 dev enp0s31f6 proto static metric 100 
130.225.68.3 via 192.168.234.1 dev enp0s31f6 proto dhcp metric 100 
169.254.0.0/16 dev enp0s31f6 proto static scope link metric 1000 
192.168.0.0/24 dev wlp2s0 proto kernel scope link src 192.168.0.1 
192.168.234.0/24 dev enp0s31f6 proto kernel scope link src 192.168.234.177 metric 100 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 192.168.0.0 dev wlp2s0 table local proto kernel scope link src 192.168.0.1 
local 192.168.0.1 dev wlp2s0 table local proto kernel scope host src 192.168.0.1 
broadcast 192.168.0.255 dev wlp2s0 table local proto kernel scope link src 192.168.0.1 
broadcast 192.168.234.0 dev enp0s31f6 table local proto kernel scope link src 192.168.234.177 
local 192.168.234.177 dev enp0s31f6 table local proto kernel scope host src 192.168.234.177 
broadcast 192.168.234.255 dev enp0s31f6 table local proto kernel scope link src 192.168.234.177 
fe80::/64 dev enp0s31f6 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0.149 proto kernel metric 256 pref medium
fe80::/64 dev brvlan149 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fe80::36f3:9aff:feb3:8d69 dev wlp2s0 table local proto kernel metric 0 pref medium
local fe80::36f3:9aff:feb3:8d69 dev wlp2s0.149 table local proto kernel metric 0 pref medium
local fe80::6c8a:e7ff:fe1a:55cc dev brvlan149 table local proto kernel metric 0 pref medium
local fe80::d124:3999:7e3:55fe dev enp0s31f6 table local proto kernel metric 0 pref medium
ff00::/8 dev enp0s31f6 table local metric 256 pref medium
ff00::/8 dev wlp2s0 table local metric 256 pref medium
ff00::/8 dev wlp2s0.149 table local metric 256 pref medium
ff00::/8 dev brvlan149 table local metric 256 pref medium


The details concerning the bridge are :



$ ip -details link show brvlan149
5: brvlan149: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff promiscuity 0 
 bridge forward_delay 0 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q addrgenmode eui64


How can I make the ARP requests from the access point be sent from the right interface ?






networking wifi network-interface hostapd arp







share|improve this question









New contributor




Twoflower is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • can you confirm brvlan149 is not a bridge? run ip -details link show brvlan149. Because it looks to me it is (hint: wlp2s0.149 master brvlan149). You might be confused between bridge and vlan. Most of the time (not always...) when you have to disable rp filtering that's for the wrong reason and this hides a problem.

    – A.B
    2 days ago











  • You're right, I was mixing up the bridge (brvlan149) and the bridge port wlp2s0.149. This makes more sense now. Will edit my question with the output of the command.

    – Twoflower
    2 days ago












  • What I can tell is:normally the IP is on the physical interface. If you're using it for vlan tagged traffic and have an untagged interface, you then put the IP on this untagged interface. If then you enslave this untagged interface to a bridge (not vlan aware, without vlan_filtering 1),you have to put the IP on the bridge because the bridge port's ip settings are ignored. So what should make sense,with 192.168.0.1 on vlan149, is to set this IP on (and only on) the bridge.Then hostapd's configuration might requires changes that are beyond my knowledges. And what I'm telling here might not apply

    – A.B
    2 days ago












  • here's a random link found on internet: mhtechz.wordpress.com/2016/04/11/… it's using bridge= (you probably have to) dynamic_vlan=1 and radius. I don't know how is handled the vlan there

    – A.B
    2 days ago

















0















I am trying to setup a wireless access point, managed by Hostapd and with dynamic VLAN support. The VLANs are managed dynamically by a FreeRadius server that I use for 802.X authentication.



I am using two devices to test my configuration : a laptop (address 192.168.0.2) and a phone (address 192.168.0.3). The two are using the same VLAN and can communicate with each others.
But I am unable to ping the access point (address 192.168.0.1) from either one.



I have the following config for Hostapd :



###### GENERAL CONFIG ######
# define interface and driver
interface=wlp2s0
driver=nl80211
ssid=MUDDY
channel=1

# WPA2 enterprise auth
wpa=2
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP

# log level, all modules and somewhat verbose
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=1

# could be useful in the future
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

# we want 802.1x auth
ieee8021x=1

# whatever
eapol_key_index_workaround=0

# nope, no integrated eap
eap_server=0

###### RADIUS CONFIG ######
# probably irrelevant with nas_identifier set
own_ip_addr=127.0.0.1

# might make own_ip_addr irrelevant
#nas_identifier=my.nas

# address and port of RADIUS auth server
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=somuchsecret

# we want accounting and be able to receive CoA messages
acct_server_addr=127.0.0.1
acct_server_port=1813
acct_server_shared_secret=somuchsecret

radius_das_port=3799
radius_das_client=127.0.0.1 thatsabigsecretohyeah

# accounting every minute
radius_acct_interim_interval=60

# VLANs are dealt with by the Radius server
dynamic_vlan=1



The interfaces created by Hostapd are as follows :



$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
 link/ether 98:4f:ee:14:16:23 brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff
8: wlp2s0.149: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master brvlan149 state UNKNOWN mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff
9: brvlan149: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff


When my laptop sends an ARP request, the reply is sent through the brvlan149 bridge, and through the wlp2s0.149 port.



However, the ARP request to retrieve my laptop's IP (necessary to send the ping reply) is sent from the wlp2s0 interface, and the laptop never receives it.



I do not understand this behavior, and how Hostapd (or Linux) manages the interfaces. I am using version 2.6 of Hostapd.



I have deactivated reverse path filtering, as this seemed to be causing issues in similar configurations.



The routes I have are the following :



$ ip route show table all
default via 192.168.234.1 dev enp0s31f6 proto static metric 100 
130.225.68.3 via 192.168.234.1 dev enp0s31f6 proto dhcp metric 100 
169.254.0.0/16 dev enp0s31f6 proto static scope link metric 1000 
192.168.0.0/24 dev wlp2s0 proto kernel scope link src 192.168.0.1 
192.168.234.0/24 dev enp0s31f6 proto kernel scope link src 192.168.234.177 metric 100 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 192.168.0.0 dev wlp2s0 table local proto kernel scope link src 192.168.0.1 
local 192.168.0.1 dev wlp2s0 table local proto kernel scope host src 192.168.0.1 
broadcast 192.168.0.255 dev wlp2s0 table local proto kernel scope link src 192.168.0.1 
broadcast 192.168.234.0 dev enp0s31f6 table local proto kernel scope link src 192.168.234.177 
local 192.168.234.177 dev enp0s31f6 table local proto kernel scope host src 192.168.234.177 
broadcast 192.168.234.255 dev enp0s31f6 table local proto kernel scope link src 192.168.234.177 
fe80::/64 dev enp0s31f6 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0.149 proto kernel metric 256 pref medium
fe80::/64 dev brvlan149 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fe80::36f3:9aff:feb3:8d69 dev wlp2s0 table local proto kernel metric 0 pref medium
local fe80::36f3:9aff:feb3:8d69 dev wlp2s0.149 table local proto kernel metric 0 pref medium
local fe80::6c8a:e7ff:fe1a:55cc dev brvlan149 table local proto kernel metric 0 pref medium
local fe80::d124:3999:7e3:55fe dev enp0s31f6 table local proto kernel metric 0 pref medium
ff00::/8 dev enp0s31f6 table local metric 256 pref medium
ff00::/8 dev wlp2s0 table local metric 256 pref medium
ff00::/8 dev wlp2s0.149 table local metric 256 pref medium
ff00::/8 dev brvlan149 table local metric 256 pref medium


The details concerning the bridge are :



$ ip -details link show brvlan149
5: brvlan149: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff promiscuity 0 
 bridge forward_delay 0 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q addrgenmode eui64


How can I make the ARP requests from the access point be sent from the right interface ?






networking wifi network-interface hostapd arp







share|improve this question









New contributor




Twoflower is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • can you confirm brvlan149 is not a bridge? run ip -details link show brvlan149. Because it looks to me it is (hint: wlp2s0.149 master brvlan149). You might be confused between bridge and vlan. Most of the time (not always...) when you have to disable rp filtering that's for the wrong reason and this hides a problem.

    – A.B
    2 days ago











  • You're right, I was mixing up the bridge (brvlan149) and the bridge port wlp2s0.149. This makes more sense now. Will edit my question with the output of the command.

    – Twoflower
    2 days ago












  • What I can tell is:normally the IP is on the physical interface. If you're using it for vlan tagged traffic and have an untagged interface, you then put the IP on this untagged interface. If then you enslave this untagged interface to a bridge (not vlan aware, without vlan_filtering 1),you have to put the IP on the bridge because the bridge port's ip settings are ignored. So what should make sense,with 192.168.0.1 on vlan149, is to set this IP on (and only on) the bridge.Then hostapd's configuration might requires changes that are beyond my knowledges. And what I'm telling here might not apply

    – A.B
    2 days ago












  • here's a random link found on internet: mhtechz.wordpress.com/2016/04/11/… it's using bridge= (you probably have to) dynamic_vlan=1 and radius. I don't know how is handled the vlan there

    – A.B
    2 days ago













0












0








0








I am trying to setup a wireless access point, managed by Hostapd and with dynamic VLAN support. The VLANs are managed dynamically by a FreeRadius server that I use for 802.X authentication.



I am using two devices to test my configuration : a laptop (address 192.168.0.2) and a phone (address 192.168.0.3). The two are using the same VLAN and can communicate with each others.
But I am unable to ping the access point (address 192.168.0.1) from either one.



I have the following config for Hostapd :



###### GENERAL CONFIG ######
# define interface and driver
interface=wlp2s0
driver=nl80211
ssid=MUDDY
channel=1

# WPA2 enterprise auth
wpa=2
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP

# log level, all modules and somewhat verbose
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=1

# could be useful in the future
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

# we want 802.1x auth
ieee8021x=1

# whatever
eapol_key_index_workaround=0

# nope, no integrated eap
eap_server=0

###### RADIUS CONFIG ######
# probably irrelevant with nas_identifier set
own_ip_addr=127.0.0.1

# might make own_ip_addr irrelevant
#nas_identifier=my.nas

# address and port of RADIUS auth server
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=somuchsecret

# we want accounting and be able to receive CoA messages
acct_server_addr=127.0.0.1
acct_server_port=1813
acct_server_shared_secret=somuchsecret

radius_das_port=3799
radius_das_client=127.0.0.1 thatsabigsecretohyeah

# accounting every minute
radius_acct_interim_interval=60

# VLANs are dealt with by the Radius server
dynamic_vlan=1



The interfaces created by Hostapd are as follows :



$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
 link/ether 98:4f:ee:14:16:23 brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff
8: wlp2s0.149: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master brvlan149 state UNKNOWN mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff
9: brvlan149: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff


When my laptop sends an ARP request, the reply is sent through the brvlan149 bridge, and through the wlp2s0.149 port.



However, the ARP request to retrieve my laptop's IP (necessary to send the ping reply) is sent from the wlp2s0 interface, and the laptop never receives it.



I do not understand this behavior, and how Hostapd (or Linux) manages the interfaces. I am using version 2.6 of Hostapd.



I have deactivated reverse path filtering, as this seemed to be causing issues in similar configurations.



The routes I have are the following :



$ ip route show table all
default via 192.168.234.1 dev enp0s31f6 proto static metric 100 
130.225.68.3 via 192.168.234.1 dev enp0s31f6 proto dhcp metric 100 
169.254.0.0/16 dev enp0s31f6 proto static scope link metric 1000 
192.168.0.0/24 dev wlp2s0 proto kernel scope link src 192.168.0.1 
192.168.234.0/24 dev enp0s31f6 proto kernel scope link src 192.168.234.177 metric 100 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 192.168.0.0 dev wlp2s0 table local proto kernel scope link src 192.168.0.1 
local 192.168.0.1 dev wlp2s0 table local proto kernel scope host src 192.168.0.1 
broadcast 192.168.0.255 dev wlp2s0 table local proto kernel scope link src 192.168.0.1 
broadcast 192.168.234.0 dev enp0s31f6 table local proto kernel scope link src 192.168.234.177 
local 192.168.234.177 dev enp0s31f6 table local proto kernel scope host src 192.168.234.177 
broadcast 192.168.234.255 dev enp0s31f6 table local proto kernel scope link src 192.168.234.177 
fe80::/64 dev enp0s31f6 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0.149 proto kernel metric 256 pref medium
fe80::/64 dev brvlan149 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fe80::36f3:9aff:feb3:8d69 dev wlp2s0 table local proto kernel metric 0 pref medium
local fe80::36f3:9aff:feb3:8d69 dev wlp2s0.149 table local proto kernel metric 0 pref medium
local fe80::6c8a:e7ff:fe1a:55cc dev brvlan149 table local proto kernel metric 0 pref medium
local fe80::d124:3999:7e3:55fe dev enp0s31f6 table local proto kernel metric 0 pref medium
ff00::/8 dev enp0s31f6 table local metric 256 pref medium
ff00::/8 dev wlp2s0 table local metric 256 pref medium
ff00::/8 dev wlp2s0.149 table local metric 256 pref medium
ff00::/8 dev brvlan149 table local metric 256 pref medium


The details concerning the bridge are :



$ ip -details link show brvlan149
5: brvlan149: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff promiscuity 0 
 bridge forward_delay 0 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q addrgenmode eui64


How can I make the ARP requests from the access point be sent from the right interface ?






networking wifi network-interface hostapd arp







share|improve this question









New contributor




Twoflower is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












I am trying to setup a wireless access point, managed by Hostapd and with dynamic VLAN support. The VLANs are managed dynamically by a FreeRadius server that I use for 802.X authentication.



I am using two devices to test my configuration : a laptop (address 192.168.0.2) and a phone (address 192.168.0.3). The two are using the same VLAN and can communicate with each others.
But I am unable to ping the access point (address 192.168.0.1) from either one.



I have the following config for Hostapd :



###### GENERAL CONFIG ######
# define interface and driver
interface=wlp2s0
driver=nl80211
ssid=MUDDY
channel=1

# WPA2 enterprise auth
wpa=2
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP

# log level, all modules and somewhat verbose
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=1

# could be useful in the future
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

# we want 802.1x auth
ieee8021x=1

# whatever
eapol_key_index_workaround=0

# nope, no integrated eap
eap_server=0

###### RADIUS CONFIG ######
# probably irrelevant with nas_identifier set
own_ip_addr=127.0.0.1

# might make own_ip_addr irrelevant
#nas_identifier=my.nas

# address and port of RADIUS auth server
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=somuchsecret

# we want accounting and be able to receive CoA messages
acct_server_addr=127.0.0.1
acct_server_port=1813
acct_server_shared_secret=somuchsecret

radius_das_port=3799
radius_das_client=127.0.0.1 thatsabigsecretohyeah

# accounting every minute
radius_acct_interim_interval=60

# VLANs are dealt with by the Radius server
dynamic_vlan=1



The interfaces created by Hostapd are as follows :



$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
 link/ether 98:4f:ee:14:16:23 brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff
8: wlp2s0.149: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master brvlan149 state UNKNOWN mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff
9: brvlan149: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff


When my laptop sends an ARP request, the reply is sent through the brvlan149 bridge, and through the wlp2s0.149 port.



However, the ARP request to retrieve my laptop's IP (necessary to send the ping reply) is sent from the wlp2s0 interface, and the laptop never receives it.



I do not understand this behavior, and how Hostapd (or Linux) manages the interfaces. I am using version 2.6 of Hostapd.



I have deactivated reverse path filtering, as this seemed to be causing issues in similar configurations.



The routes I have are the following :



$ ip route show table all
default via 192.168.234.1 dev enp0s31f6 proto static metric 100 
130.225.68.3 via 192.168.234.1 dev enp0s31f6 proto dhcp metric 100 
169.254.0.0/16 dev enp0s31f6 proto static scope link metric 1000 
192.168.0.0/24 dev wlp2s0 proto kernel scope link src 192.168.0.1 
192.168.234.0/24 dev enp0s31f6 proto kernel scope link src 192.168.234.177 metric 100 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 192.168.0.0 dev wlp2s0 table local proto kernel scope link src 192.168.0.1 
local 192.168.0.1 dev wlp2s0 table local proto kernel scope host src 192.168.0.1 
broadcast 192.168.0.255 dev wlp2s0 table local proto kernel scope link src 192.168.0.1 
broadcast 192.168.234.0 dev enp0s31f6 table local proto kernel scope link src 192.168.234.177 
local 192.168.234.177 dev enp0s31f6 table local proto kernel scope host src 192.168.234.177 
broadcast 192.168.234.255 dev enp0s31f6 table local proto kernel scope link src 192.168.234.177 
fe80::/64 dev enp0s31f6 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0.149 proto kernel metric 256 pref medium
fe80::/64 dev brvlan149 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fe80::36f3:9aff:feb3:8d69 dev wlp2s0 table local proto kernel metric 0 pref medium
local fe80::36f3:9aff:feb3:8d69 dev wlp2s0.149 table local proto kernel metric 0 pref medium
local fe80::6c8a:e7ff:fe1a:55cc dev brvlan149 table local proto kernel metric 0 pref medium
local fe80::d124:3999:7e3:55fe dev enp0s31f6 table local proto kernel metric 0 pref medium
ff00::/8 dev enp0s31f6 table local metric 256 pref medium
ff00::/8 dev wlp2s0 table local metric 256 pref medium
ff00::/8 dev wlp2s0.149 table local metric 256 pref medium
ff00::/8 dev brvlan149 table local metric 256 pref medium


The details concerning the bridge are :



$ ip -details link show brvlan149
5: brvlan149: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
 link/ether 34:f3:9a:b3:8d:69 brd ff:ff:ff:ff:ff:ff promiscuity 0 
 bridge forward_delay 0 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q addrgenmode eui64


How can I make the ARP requests from the access point be sent from the right interface ?






networking wifi network-interface hostapd arp




networking wifi network-interface hostapd arp






share|improve this question









New contributor




Twoflower is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Twoflower is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited yesterday









Rui F Ribeiro

41.9k1483142




41.9k1483142






New contributor




Twoflower is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 2 days ago









TwoflowerTwoflower

11




11




New contributor




Twoflower is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Twoflower is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Twoflower is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • can you confirm brvlan149 is not a bridge? run ip -details link show brvlan149. Because it looks to me it is (hint: wlp2s0.149 master brvlan149). You might be confused between bridge and vlan. Most of the time (not always...) when you have to disable rp filtering that's for the wrong reason and this hides a problem.

    – A.B
    2 days ago











  • You're right, I was mixing up the bridge (brvlan149) and the bridge port wlp2s0.149. This makes more sense now. Will edit my question with the output of the command.

    – Twoflower
    2 days ago












  • What I can tell is:normally the IP is on the physical interface. If you're using it for vlan tagged traffic and have an untagged interface, you then put the IP on this untagged interface. If then you enslave this untagged interface to a bridge (not vlan aware, without vlan_filtering 1),you have to put the IP on the bridge because the bridge port's ip settings are ignored. So what should make sense,with 192.168.0.1 on vlan149, is to set this IP on (and only on) the bridge.Then hostapd's configuration might requires changes that are beyond my knowledges. And what I'm telling here might not apply

    – A.B
    2 days ago












  • here's a random link found on internet: mhtechz.wordpress.com/2016/04/11/… it's using bridge= (you probably have to) dynamic_vlan=1 and radius. I don't know how is handled the vlan there

    – A.B
    2 days ago

















  • can you confirm brvlan149 is not a bridge? run ip -details link show brvlan149. Because it looks to me it is (hint: wlp2s0.149 master brvlan149). You might be confused between bridge and vlan. Most of the time (not always...) when you have to disable rp filtering that's for the wrong reason and this hides a problem.

    – A.B
    2 days ago











  • You're right, I was mixing up the bridge (brvlan149) and the bridge port wlp2s0.149. This makes more sense now. Will edit my question with the output of the command.

    – Twoflower
    2 days ago












  • What I can tell is:normally the IP is on the physical interface. If you're using it for vlan tagged traffic and have an untagged interface, you then put the IP on this untagged interface. If then you enslave this untagged interface to a bridge (not vlan aware, without vlan_filtering 1),you have to put the IP on the bridge because the bridge port's ip settings are ignored. So what should make sense,with 192.168.0.1 on vlan149, is to set this IP on (and only on) the bridge.Then hostapd's configuration might requires changes that are beyond my knowledges. And what I'm telling here might not apply

    – A.B
    2 days ago












  • here's a random link found on internet: mhtechz.wordpress.com/2016/04/11/… it's using bridge= (you probably have to) dynamic_vlan=1 and radius. I don't know how is handled the vlan there

    – A.B
    2 days ago
















can you confirm brvlan149 is not a bridge? run ip -details link show brvlan149. Because it looks to me it is (hint: wlp2s0.149 master brvlan149). You might be confused between bridge and vlan. Most of the time (not always...) when you have to disable rp filtering that's for the wrong reason and this hides a problem.

– A.B
2 days ago





can you confirm brvlan149 is not a bridge? run ip -details link show brvlan149. Because it looks to me it is (hint: wlp2s0.149 master brvlan149). You might be confused between bridge and vlan. Most of the time (not always...) when you have to disable rp filtering that's for the wrong reason and this hides a problem.

– A.B
2 days ago













You're right, I was mixing up the bridge (brvlan149) and the bridge port wlp2s0.149. This makes more sense now. Will edit my question with the output of the command.

– Twoflower
2 days ago






You're right, I was mixing up the bridge (brvlan149) and the bridge port wlp2s0.149. This makes more sense now. Will edit my question with the output of the command.

– Twoflower
2 days ago














What I can tell is:normally the IP is on the physical interface. If you're using it for vlan tagged traffic and have an untagged interface, you then put the IP on this untagged interface. If then you enslave this untagged interface to a bridge (not vlan aware, without vlan_filtering 1),you have to put the IP on the bridge because the bridge port's ip settings are ignored. So what should make sense,with 192.168.0.1 on vlan149, is to set this IP on (and only on) the bridge.Then hostapd's configuration might requires changes that are beyond my knowledges. And what I'm telling here might not apply

– A.B
2 days ago






What I can tell is:normally the IP is on the physical interface. If you're using it for vlan tagged traffic and have an untagged interface, you then put the IP on this untagged interface. If then you enslave this untagged interface to a bridge (not vlan aware, without vlan_filtering 1),you have to put the IP on the bridge because the bridge port's ip settings are ignored. So what should make sense,with 192.168.0.1 on vlan149, is to set this IP on (and only on) the bridge.Then hostapd's configuration might requires changes that are beyond my knowledges. And what I'm telling here might not apply

– A.B
2 days ago














here's a random link found on internet: mhtechz.wordpress.com/2016/04/11/… it's using bridge= (you probably have to) dynamic_vlan=1 and radius. I don't know how is handled the vlan there

– A.B
2 days ago





here's a random link found on internet: mhtechz.wordpress.com/2016/04/11/… it's using bridge= (you probably have to) dynamic_vlan=1 and radius. I don't know how is handled the vlan there

– A.B
2 days ago










0






active

oldest

votes












Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);






Twoflower is a new contributor. Be nice, and check out our Code of Conduct.









draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f510243%2farp-requests-sent-from-wrong-interface-on-hostapd-managed-access-point%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes








Twoflower is a new contributor. Be nice, and check out our Code of Conduct.









draft saved

draft discarded


















Twoflower is a new contributor. Be nice, and check out our Code of Conduct.












Twoflower is a new contributor. Be nice, and check out our Code of Conduct.











Twoflower is a new contributor. Be nice, and check out our Code of Conduct.














Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f510243%2farp-requests-sent-from-wrong-interface-on-hostapd-managed-access-point%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

getting Checkpoint VPN SSL Network Extender working in the command lineHow to connect to CheckPoint VPN on Ubuntu 18.04LTS?Will the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayVPN SSL Network Extender in FirefoxLinux Checkpoint SNX tool configuration issuesCheck Point - Connect under Linux - snx + OTPSNX VPN Ububuntu 18.XXUsing Checkpoint VPN SSL Network Extender CLI with certificateVPN with network manager (nm-applet) is not workingWill the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayImport VPN config files to NetworkManager from command lineTrouble connecting to VPN using network-manager, while command line worksStart a VPN connection with PPTP protocol on command linestarting a docker service daemon breaks the vpn networkCan't connect to vpn with Network-managerVPN SSL Network Extender in FirefoxUsing Checkpoint VPN SSL Network Extender CLI with certificate

Image
If human space travel is limited by the G force vulnerability, is there a way to counter G forces? Did Shadowfax go to Valinor? Do I have a twin with permutated remainders? Blender 2.8 I can't see vertices, edges or faces in edit mode 1960's book about a plague that kills all white people How can I make my BBEG immortal short of making them a Lich or Vampire? Alternative to sending password over mail? Is it inappropriate for a student to attend their mentor's dissertation defense? Why is Collection not simply treated as Collection<?> Took a trip to a parallel universe, need help deciphering Assassin's bullet with mercury Why is it a bad idea to hire a hitman to eliminate most corrupt politicians? I Accidentally Deleted a Stock Terminal Theme Is there a hemisphere-neutral way of specifying a season? What about the virus in 12 Monkeys? Why can't we play rap on piano? Arrow those variables! Today is the Center Modeling an IP Ad
Read more

Cannot Extend partition with GParted The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election ResultsCan't increase partition size with GParted?GParted doesn't recognize the unallocated space after my current partitionWhat is the best way to add unallocated space located before to Ubuntu 12.04 partition with GParted live?I can't figure out how to extend my Arch home partition into free spaceGparted Linux Mint 18.1 issueTrying to extend but swap partition is showing as Unknown in Gparted, shows proper from fdiskRearrange partitions in gparted to extend a partitionUnable to extend partition even though unallocated space is next to it using GPartedAllocate free space to root partitiongparted: how to merge unallocated space with a partition

Image
Make it rain characters Keeping a retro style to sci-fi spaceships? How to split my screen on my Macbook Air? How can I define good in a religion that claims no moral authority? does high air pressure throw off wheel balance? Scientific Reports - Significant Figures Relations between two reciprocal partial derivatives? How to delete random line from file using Unix command? How did passengers keep warm on sail ships? How are presidential pardons supposed to be used? Are my PIs rude or am I just being too sensitive? He got a vote 80% that of Emmanuel Macron’s Change bounding box of math glyphs in LuaTeX Match Roman Numerals Was credit for the black hole image misattributed? How to pronounce 1ターン? how can a perfect fourth interval be considered either consonant or dissonant? Working through the single responsibility principle (SRP) in Python when calls are expensive High Q peak in frequency response means what in time domain? Would an alien lifeform
Read more

NetworkManager fails with “Could not find source connection”Trouble connecting to VPN using network-manager, while command line worksHow can I be notified about state changes to a VPN adapterBacktrack 5 R3 - Refuses to connect to VPNFeed all traffic through OpenVPN for a specific network namespace onlyRun daemon on startup in Debian once openvpn connection establishedpfsense tcp connection between openvpn and lan is brokenInternet connection problem with web browsers onlyWhy does NetworkManager explicitly support tun/tap devices?Browser issues with VPNTwo IP addresses assigned to the same network card - OpenVPN issues?Cannot connect to WiFi with nmcli, although secrets are provided

Image
What typically incentivizes a professor to change jobs to a lower ranking university? Reorder a Master List Based on a Reordered Subset How does one intimidate enemies without having the capacity for violence? Is it possible to do 50 km distance without any previous training? Java Casting: Java 11 throws LambdaConversionException while 1.8 does not How much RAM could one put in a typical 80386 setup? Is it legal for company to use my work email to pretend I still work there? Are astronomers waiting to see something in an image from a gravitational lens that they've already seen in an adjacent image? How is it possible to have an ability score that is less than 3? Why does Kotter return in Welcome Back Kotter? Can I ask the recruiters in my resume to put the reason why I am rejected? Why is consensus so controversial in Britain? Which country benefited the most from UN Security Council vetoes? Do infinite dimensional systems make sense? What's the poi
Read more