Le point d'accès WiFi bridgé

Bridged WiFi access point


In the series of WiFi access points, we will see the bridged WiFi access point (or Dumb AP), which allows to add WiFi connectivity to an existing network, with no other new services than negotiation and authentication. It uses existing infrastructure services.

The network bridge

The network bridge is a low-level means (layer 2 of the OSI model) to connect network segments, usually of different technologies. We will use it here to connect an Ethernet segment to a WiFi segment. We will need the bridge-utils package:

We will start by separating the different interfaces into different configuration files using the mechanism of /etc/network/interfaces.d/. The first will contain the loopback interface and the inclusion of others:

As suggested in the comments, it may be useful to consult the man pages interfaces (5), ifup (8), and ifdown (8).

The Ethernet interface:

The WiFi interface:

And the network bridge:

Here we will set our access point in DHCP, but we can definitely set it in static if we wish.

As shown in line 9, the bridge connects eth0 (Ethernet) and wlan0 (WiFi) interfaces.

It is still necessary to restart the network stack. If you are connected in SSH on the access point and it is set as DHCP, the communication should cut a few seconds then reuse the previous lease and restore the connection:

You should now have 4 interfaces :


Hostapd is the daemon that will manage the WiFi access point and authentication. It is installed from the repository:

If there is no default configuration (and this was my case), the file /etc/default/hostapd tells us that we can find one in /usr/share/doc/hostapd/examples/hostapd.conf.gz. As often, this file is rather well documented. So we will start from it:

In case of problem, we can still start again from the original file.

In the launcher (/etc/init.d/hostapd), we will enter the path of the configuration file (/etc/hostapd/hostapd.conf) in the DAEMON_CONF variable.

In its configuration (/etc/hostapd/hostapd.conf) we will create a basic WiFi access point, but secure anyway. To make it shorter, I will ignore the comment lines here (thanks to the grep "^ [^ #]" /etc/hostapd/hostapd.conf command), and I will even show you only the lines that have changed compared to default values:

  1. The interface must match the one we saw above. Most often it will be wlan0.
  2. The SSID is the name under which the access point will be seen
  3. The channels are numbered from 1 to 14. We will place ourselves in the middle.
  4. The other lines set WPA2 security.

Finally, we will enable the transit of packets across the bridge:

To persist this configuration to disk in order to find it after reboot, it must be uncommented in /etc/sysctl.conf:

For more information, see the sysctl.conf (5) man page.

Apart from the Hostapd part, which is specific to WiFi networks, this configuration can also be used as is to connect two Ethernet segments, an Ethernet segment and a fiber segment, and so on.

The difference with a routed access point lies in the fact that the packets pass directly from one interface to another, without being altered, which makes it possible to extend the network without creating a new one. All IP parameters (mask, gateway, broadcast, etc.) remain unchanged, except for the address, of course.

Return to WiFi access points.


One comment

Leave a Reply

Your email address will not be published. Required fields are marked *