Acting as a bridge

Updated: April 19, 2023

When your WAP acts as a bridge, it's connecting your wireless and wired networks as if they were one physically connected network (broadcast domain, layer 2). In this case, all the wired and wireless hosts are on the same TCP/IP subnet and can directly exchange TCP/IP packets without the need for the WAP to act as a gateway.

In this case, you don't need to assign your WAP network interfaces an IP address to be able to exchange packets between the wireless and wired networks. A bridged WAP could be used to allow wireless clients onto your corporate or home network and have them configured in the same manner as the wireless hosts. You don't need to add more services (such as DHCP) or manipulate routing tables. The wireless clients use the same network resources that the wired network hosts use.

Note: While it isn't necessary to assign your WAP network interfaces an IP address for TCP/IP connectivity between the wireless clients and wired hosts, you probably will want to assign at least one of your WAP interfaces an IP address so that you can address the device in order to manage it or gather statistics.

To enable your WAP to act as a bridge, you first need to create a bridge interface:

ifconfig bridge0 create

In this case, bridge is the specific interface type, while 0 is a unique instance of the interface type. There can be no space between bridge and 0; bridge0 becomes the new interface name.

Use the brconfig command to create a logical link between the interfaces added to the bridge (in this case bridge0). This command adds the interfaces abc0 (our wireless interface) and wm0 (our wired interface). The up option is required to activate the bridge:

brconfig bridge0 add abc0 add wm0 up
Note: Remember to mark your bridge as up, or else it won't be activated.

To see the status of your defined bridge interface, you can use this command:

brconfig bridge0

bridge0: flags=41<UP,RUNNING>
    Configuration:
        priority 32768 hellotime 2 fwddelay 15 maxage 20
    Interfaces:
        en0 flags=3<LEARNING, DISCOVER>
            port 3 priority 128
        abc0 flags=3<LEARNING,DISCOVER>
            port 2 priority 128
    Address cache (max cache: 100, timeout: 1200):