This is brilliant, very useful information. A point that I found particularly useful was about diversity, which others new to the wireless aspects of pfsense might easily be wondering also - A wireless card might have two antennas but each antenna cannot be used at the same time either transmitting or receiving (effectively doubling bandwidth contrary to one antenna) - it doesn't work like that; the two antennas are used separately and purely to create robustness where there is multipath distortion. In single antenna scenarios one should disable diversity and set the tx and rx antennas, available under the wireless configuration pages under the interface. I know I repeat what you posted (thanks again for your help in my previous post, its still working all good!) I repeat it incase others arrive at this page if searching for related issues!
Depending on the capabilities of the APs, the following flags can be included in the output:
E - Extended Service Set (ESS). Indicates that the station is part of an infrastructure network (in contrast to an IBSS/ad-hoc network).
I - IBSS/ad-hoc network. Indicates that the station is part of an ad-hoc network (in contrast to an ESS network).
P - Privacy. Data confidentiality is required for all data frames exchanged within the BSS. This means that this BSS requires the station to use cryptographic means such as WEP, TKIP or AES-CCMP to encrypt/decrypt data frames being exchanged with others.
S - Short Preamble. Indicates that the network is using short preambles (defined in 802.11b High Rate/DSSS PHY, short pre- amble utilizes a 56 bit sync field in contrast to a 128 bit field used in long preamble mode).
s - Short slot time. Indicates that the network is using a short slot time.
AID = Association ID (describes the ID that the AP has given to a certain mac/client)
IDLE = idletime
TXSEQ = Transmit Sequence
RXSEQ = Receive Sequence
ERP set to 0 means the device is 802.11 compliant. For more info about ERP read up on the 802.11 standard.
RSSI = Receive Signal Strength Indicator
RSSI to dBm can be calculated like this for Atheros cards:
RSSI_Max = 60
Convert % to RSSI
Subtract 95 from RSSI to derive dBm
Notice that this gives a dBm range of –35dBm at 100% and –95dBm at 0%.
PS. RSSI is different for most vendors. and can not be campared easily (ex. Cisco has 0 -->100 ). Also it is not a very acurate means to measure signal quality, rather it measures strengt only.
If you've added the interface and clients can connect to it then check they are getting an IP address from dhcp correctly. If they are then you are probably missing a firewall rule or possibly an outbound NAT rule if it not in automatic mode.
Thank you for your support.
I have already implemented the delay, that is correct. Unfortunately, my problem still exists. Currently I use a workaround. I reboot the device once a night and start a reset of the modem via cron 10 minutes later. So it works - for whatever reason.....
The wifi card will not work at all. There isn't any 802.11AC support in FreeBSD/pfSense, yet, let alone .AX.
I've set an ASUS Router I had to AP mode and put it behind pfSense. My exact setup looks like this:
Provider Router - pfSense - Switch - AP. QNAP is connected to the switch and I can access it with my mobile phone.
I made it. For other folks experiencing the same issue, please find the steps I had to perform below:
Verify whether you are running QMI or DIP. You need to have DIP.
If it shows /dev/cuau1, then you're in QMI mode; if it's /dec/cuaU1, then you're in DIP mode.
There is a switching Windows utility from Sierra, google for "BZ31018_DIP_QMI_ModeSwitch.zip".
If you prefer to verify on Windows, install Sierra MC drivers, find MC7710 in the device manager and look for the USB PID in details. 68A2 = QMI
68A3 = DIP
Upgrade your device firmware. I did on Windows. Go to Sierra Website and look for the latest firmware in an exe file. Note: Run it as administrator. (I used 126.96.36.199 btw.) https://source.sierrawireless.com/resources/airprime/software/mc7710-swi9200x_03,-d-,05,-d-,29,-d-,03_dip/#sthash.2BUNVsJm.dpbs
You may verify your card with the Sierra Windows Tool to make sure, hardware is all ok https://source.sierrawireless.com/resources/airprime/development_kits/airprime-mc-series-connection-manager-dip-build-3830/#sthash.qUh6avRG.dpbs
The Windows Store App did not work for me.
Put your card back into your APU and connect pigtail.
Add PPP interface using GUI, but use /dev/cuaU3.0. /dev/cuaU1.0 did not work for me.
Reboot. My APU automatically received a WAN IP, no additional config needed. Well, I had to plug my antenna, which I noticed quite well ;-)
By the way, this is a thread duplicate to: https://forum.netgate.com/topic/125081/pc-engines-alix-6f2-mc7710-issue-2-3-5-release-p1-i386/4
While true you can take any old soho wifi router and just use its AP features... soho wifi routers, include a routing function, switch ports and a AP in 1 box..
The switch is dumb, and therefor almost always the AP is dumb.. Or atleast configured that way via the native firmware. Other then allowing "guest" ssid that is not bridged to the switch ports.
While the hardware quite often, but not always does support doing vlans. I have never seen the native firmware leverage them for anything other than maybe the "guest" network most of them allow you to create, which really is just not bridged to the switch ports vlan.
Normally they do actual use vlans, this is how they isolate the wan and the lan. But the interface doesn't allow the user to change or manipulate them really in any way.
So simple way to just use them as a dumb AP is just turn off dhcp on them, and connect them to your network via one of the lan ports. Now anything on wifi (not guest ssid) is bridged to your switch ports = AP..
So if you want to actual do vlans, either put 3rd party firmware on the device to expose way to configure the vlans. Or get an actual AP, then yes normally would support vlans..
Finally got a time window over the weekend to reinstall the pfSense. This time, I went through the process as suggested by DAVe3283 and akuma1x. The details are below.
First, on the pfSense, I setup DHCP static addresses for the AP's and the controller PC using their MAC addresses.
Next, prior to shutting down the Untangle Firewall, I factory defaulted all of the AP's from the Unifi Controller software. Once they were all defaulted, I removed power from the AP's and also removed power from the ethernet switch they were connected to. Not sure if removing power was necessary, but, wanted to make sure the AP's would boot up and get a new IP from the pfSense with no issues.
On the controller PC, In the Unifi Controller software, made sure the gateway setting and network settings reflected the new network information: 192.168.14.1 and 192.168.14.x/23. Powered down the Unifi Controller PC.
Shutdown the Untangle Firewall and connected the pfSense Firewall in its place and powered it and the ethernet switch up. Used my laptop to connect to the webUI of pfSense via the ethernet switch. After the pfSense Firewall powered up and I could see that all interfaces were up from my laptop, I powered up the Unifi Controller PC.
The Unifi Controller PC booted up and got its new IP. In the Unifi Controller software, I adopted all the AP's one by one and verified they received the correct IPs and were "Connected". They were consistently connected for over an hour with no further issues as I'd had in the previous install attempt.
Verified client PCs were connecting the the APs and passing traffic successfully.
Started fail-over testing by disconnecting WAN1. Made sure internet traffic was flowing through WAN2 and then back through WAN1 when I reconnected WAN1. It did, and I was impressed at how fast and seamless the transition was!
After a couple of days, everything is still working great. Thanks to all who submitted suggestions - this one is solved!
Hello, I Prayut
My wireless at home dropped off a lot. I don't know why Open and close several times, it still does not disappear. Thank you for the good answer.
If you're running pfSense 2.4.5-p1 with a wireless card, check freebsd 11.3 hardware compatibility list.
My memory from hanging out in these forums is that wifi cards are generally are not going to work great with pfSense. I don't know the technical reasons but if I had to take a guess, a wireless card plugged into a PC running pfSense (freebsd) is generally going to be a card meant for a client PC to connect to a wireless access point. Whereas with pfSense, you're asking this client card to BE the access point for potentially many clients. This card's typical job is to handle a single connection, not ten different connections.
The most common recommendation is to use a dedicated wireless access point connected to pfsense via ethernet. If you have an old wireless router, disable DHCP on it and use the LAN interface on that to connect to pfSense.
Edit: More information,
I also tried throwing up a guest network, but again there doesn't appear to be a way to pass a tag along to pfsense. It doesn't appear to see it any different than my main SSID.
Pfsense definitely supports VLAN tags. Configure a VLAN interface on pfsense and AP with the same tag. Then, if you have a managed switch between them, you will have to configure it to pass the tagged frames.
Like make it hurt to have to enter that password on new devices... :)
I use 63 random character strings, from www.grc.com, for my passwords. The only exception is for my guest WiFi, which has a simple password. However, anything connected to the guest network is blocked from accessing anything else on my network, including pfSense.
As for only one device connecting, that can be configured in the DHCP server. You can create a rule to allow only certain IP addresses to connect to the management. Also, you should have a password on it and you can use a key for ssh.
You should try to define your needs, before trying to come up with a solution.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.