WPA2 is encrypted... I think you need to do some research into the difference between wpa2 psk, and wpa2 enterprise.. All that changes is the auth method... The encryption doesn't change depending on eap you use.
I am not familiar with eap-tls
Then I would not suggest you use it... Its not going to get you anything but a complex setup you do not understand.... You understand that consumer devices normally do not understand methods of wpa2 enterprise..
I suggest you create a secure PSK, and be done with it... Your wireless is now secure.
However, according to the OP, several IPs have been assigned to the same MAC, which might not be true
Yeah my mistake. In fact that is what I've seen before, the same MAC used for all IPs coming via the repeater.
Which is what the wikipedia page shows as expected: https://en.wikipedia.org/wiki/Wireless_repeater
It's probably in the wrong usb composition mode. Some modes only present MBIM or QMI interfaces which pfSense has no driver for. Since there is no way for pfSense so connect to it you would have to change the mode under Windows or maybe Linux.
I used a script to do that on the 7455 I have, linked as option 3 here:
For small deployments I like ruckus unleashed. the controller is in the APs. Ubiquiti cloud keys work too with minimal infrastructure needed. What bugs me about ubnt is you have to have a controller for just one AP.
The wireless tab is for wifi hardware in the pfSense box, yes.
It depends what the Fritzbox can do. If you can set that up to use a VLAN directly that traffic will probably pass your unmanaged switch and you can then connect to it using a VLAN interface in pfSense.
You could do something even more unconventional like setup a tunnel of some sort between the Fritzbox and pfSence to separate the traffic that way. A VPN if it can do that or even PPPoE can work.
A managed switch is a better way to do it but it depends how much you want to save money or like playing with network config. 😉
The problem I was facing was really about the firewall rule.
I created a new firewall rule for WLAN. I selected "WLAN net" for Source. Of course, I also selected "WLAN" for the interface. I also selected "any" as the protocol.
I made the settings for Captive Portal. From the DHCP Leases page, I have defined an IP address outside the DHCP range to my mobile phone. I added the static IP of my mobile phone on the Allowed IP Addresses tab from the Captive Portal Zone page.
I can connect to wireless internet automatically through Captive Portal.
well if anyone is wondering
etsi 2 -> <!-- ETSI w/o HT40 in 5GHz -->
etsi 3 -> <!-- ETSI minus channel 36 -->
there are probably some place in eu where u can't use HT40 or channel 36
in any case they are commented inside /etc/regdomain.xml
idk but i think you need to enable WPA to use 802.11n and i never used the "outdoor" settings. You probably had the interface up but hostapd is not starting for some misconfiguration, the SSID should not be a problem couse i have something very similar and i don't have any problem with it
However, if you want to keep things simple, you can put your WiFi and LAN clients on the same local subnet by using e.g. the router I linked to, turning it into AP, and then enabling the guest network on it for guest clients (which will only have access to the internet but not the local subnet).
Strictly speaking, you can use VLANs with an unmanaged switch, with pfSense and the AP configured to support the VLANs. Other devices on the network will just ignore the VLAN tagged frames. However, for a business installation, a managed switch is always a good idea and the proper way to do this in that environment.
Hmm, and you still don't get more than 22Mbps even on that client linked at 130Mbps?
I had a QCNFA335 which is based on that and had no issues with it. You probably need to do a local test to be sure you're not seeing a drop just over the WAN. Try testing with iperf between the client and a local server. You could run that on pfSense if you have nothing else but it's not ideal.
Ok so the APs are on a different subnet to the controller. Whatever discovery protocol they are using does not work between them which is not surprising.
The easiest thing might be to put the APs on LAN temporarily, adopt them to the controller and then mover them back. As long as they remember the controller IP and you have rules to allow the APs to reach the controller IP and port on the wifi interface that should work.
If they don't remember you can pass the IP to them via DHCP option 138:
Or you can just configure the controller IP via the EAP discovery tool:
I know the thread is old, but this is still a relevant issue, so I wanted to suggest Eero for those who might be looking for a good solution. I have found that multiple wired Eeros in Bridge mode work fantastic as a mesh access point. I've never set them up in a building small enough to warrant only two, but using three or four has worked out beautifully for my clients.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.