Check ip configuration on neighbors computer, it can be set to static ip, by default clients are on "obtain ip address" but if u change it and assign an ip address (out of pfsense's ip segment) to this interface, u can connect wifi link, but has no lan access.

Don't give up, If you have an ATH0 chances are it is fine. What exact Atheros module are you using?  Internal PCIe card or MiniPCIe Module? Brand? If generic -Atheros model# if you can find it. ie. AR5BXB112 is an example for generic laptop module.

So I just set this up to see how much of a hassle it was, went full blown eap-tls only because if your going to let something on your wifi might as well be freaking sure it's a device you want to let on so why just use peap with username and password ;)  And not someone that got your psk somewhere or shared it out via windows 10 ;) There is problem you most likely can not fully get rid of psk because of consumer type devices.  So for example my nest thermostat, my harmony smart hub remote.  Chromecast, but I put this on a wire when they came out with the $15 ethernet.. The chromecast doesn't move so wire it! ;) I wish I could do that with my thermostat and hub they don't move either.. Anyhoo - these sorts of devices are not going to suppport 802.1x or wpa/wpa2 enteprise so your going to have to leave up a psk network. And iphone and ipad kind of suck getting certs installed.. There has to be a password on the .p12 to install your ca and cert and key for the device that you can download..  A feature improvement to the cert manager might be more control over what certs you put into a .p12 file so you could put in say the ca and server file and your clients crt and key for easy eap-tls stuff..  So to get on my apple ios had to use openssl pkcs12 -export to get a password on it.  While there is a nice handy download button for the ca and cert and key you can not put a password on it and might be nice if also contained the server cert all in 1 p12.. You can do it with openssl but might be nice if just handy click download in the ca manager. My son's android nexus they force you to have a pin setup to install certs..  And was odd figuring out how to set it to tls vs default of peap since screen doesn't by default show you all options you have to hit advance checkbox, etc. But got all my devices on eap-tls, 4 laptops, 3 phones, ipad and my desktop for when need to play with wireless for something with it.. But its a desktop so its wired gig wifi is only play/test tool on it.  I then created a new psk nework just for my nest and hub and any future things that might be connected that don't support eap-tls.  And then broke out another network and ssid just for guests.  So there are 3 different segments for wireless with their own firewall..  I let the eap-tls one in to some services on my lan, ntp, file share, printer.  But the psk is limited really only to dns from pfsense and ping the gateway, and then the guest can not even use my local dns they get handed isp dns. I tested revoking a cert which works nice..  And it is kind of nice getting the wireless logins in the system logs which you could actually use to track users moving about the house depending on which AP they hit ;) Sep 12 10:15:29 radiusd[57374]: Login OK: [s-android] (from client uap-ac-lr port 0 cli 40-B0-FA-71-AE-5B) s-android Sep 12 10:11:37 radiusd[57374]: Login OK: [s-android] (from client uapac port 0 cli 40-B0-FA-71-AE-5B) s-android So for example there was my son's phone logging into my AP in the hall uapac to the one out by the patio and in the kitchen area one of the new LR models uap-ac-lr So while it was a bit of pain to setup, it didn't really take all that long.  Maybe I will put together a walk thru..  But to be honest anyone wanting to go this route shouldn't really need a walk thru, this sort of setup sure and the hell is not for billybob that just found pfsense and thought it might be fun and doesn't even understand what a vlan is.

I pulled the Dell out of my lappy.

Yeah client to the AP is 450 PHY..  But now next client you would have /2 of that automatically..  I can see how they can report PHY.. But come on – your wired interface is not even capable of half of your PHY your talking 1/4 of what your PHY is reported as so WTF would be the point??? Well you could get more if your client could do more than 1 stream.. Seems that is your limit.. You could in theory be seeing mid 90's with that AP but not if your client is only 1 stream.. 3 streams at 20mhz with 800ns gi is 195 so do /2 of that to get you in real world your bottleneck would be the 10/100 interface on the device.  But if your client only has 1 stream, low end laptop wifi, phones, etc.. very common to only have 1 stream..  What is your client in this testing??

Disconnecting from AC/DC power will not lose any setting because these are stored in EEPROM. I am also using few routers ( Linksys, TPLINK ) as switches and WIFI AP and I have even separate LANs - WIFI on the same router each connected with separate Ethernet cable to pfsense but in my case are with DD-WRT,Tomato firmware and I can also turn WIFI ON/OFF remote, I have them on schedule OFF at night. If you don't have free PCI slots for an Ethernet card but you have USB you can use an USB-Ethernet adapter and have your AP-router connected to a different NIC, from pfsense 2.2.4 I found that cheap USB-Ethernet adapter with chipset AX-88772b works OK at 100Mbs in pfsense 2.1.5 that adapter did not worked.

It is defiantly a valid config…...

stumbled on this one, might fit your budget. (no idea on quality/features/…) http://www.smallnetbuilder.com/wireless/wireless-news/32816-trendnet-shipping-ac1200-access-point

johnpoz, Yes this is now the plan. I will reuse my existing wireless router as AP. But I need to buy another NIC to setup as either WAN or LAN. My existing PC only have one NIC and one wireless card.

The Newegg photo shows RALink, but i cannot see the number on chip. Have you checked to see if your chip is supported by FreeBSD and then Access Point mode? RALink actually works some. Have you setup wifi before? Post your dmesg.boot file for help.

Thanks for that Phishfry. I will have a closer look at this. It seems that this is what iam looking for. thx

I checked out an entry-level home AP and it, too, had a transmit power setting.  Thanks for the reply and screenshot. I live in a small apartment so the family and one small child is often < 1m away from the wifi base station now.  I've read reports on both sides of the EMF-will-kill-you-and-burn-your-house-down camp, and I know I won't be able to eliminate it entirely (especially with cell phones, wifi from the neighbors, etc).  I'm not wearing a tin-foil hat, but I still prefer to reduce or eliminate EMF when I have the choice. I will go with a dedicated AP that officially supports adjusting the tx power level.

Just make sure you didn't configure any upstream gateway on your lan interface. Check DHCP settings and make sure your clients get the correct settings from your pfsense DHCP.

well from your drawing I would assume your laptop is on the 192.168 network from your wifi router..  Why would you think you should get to pfsense lan IP.. Did you forward ports, did you open up the web gui to the wan IP. Out of the box pfsense blocks all unsolicited traffic from wan side unless you forward and or create firewall rules to allow traffic.

You're feeding pfSense a trunk with all VLANs tagged or is that switch in L3 mode and does routing?

Thanks for your help. I haved to change the PCI Adapter. Actually I used a USB Wireless Adapter and run perfectly. Only I have a doubt. How I connect the Wireless Card to my Wireless Network in Pfsense 2.2.4? i cant find where introduce the Password for the Network.

Because there is none.  Get a wifi device and put it behind pfSense.

ok,thanks for support.

Thanks for the advice. All working now! cheers. I added the rules and it worked.  ::)