Ok, I just got my Cisco WAP121… and everything is running super smooth. When you fire up the AP the first time, you are presented with a config wizard; I simply entered VLAN 40 when it asks for the wireless VLAN. Didn't have to touch anything else. And now everything works perfectly. This makes me positive the D-Link DAP-1353 is either broken, bugged, or doesn't comply to the networking standards. At least the time spent on this "project" wasn't entirely wasted. I've honed my VLAN'ing skills, and learned a couple of new tricks :) AP only needs to be vlan capable when you want to run different SSIDs on different vlans I figured I'd need VLAN to separate the web interface from the guests, so I'd be able to config/snmp without having to access their network directly. Could this be done differently, even without VLANs?

One thing about shielded cables.  They're supposed to be grounded at one and only one point.  If they're not grounded, the shield is ineffective.  If grounded at more than one point, ground loops may occur. However, given that just moving the cable causes failure, it's likely a poor connection somewhere. Rule of thumb, when something fails, cables and connectors are the likely suspects.

Thanks both. I feel so silly for not thinking of starting a new pcap with a small count  :o

@jimp: If it is this issue, then you must upgrade to pfSense 2.4.2 or later. Once you are on 2.4.2, you can edit the LDAP server entry on pfSense and for the Peer Certificate Authority, set it to Global Root CA List This is a great fix BTW! Fingers crossed that it migrates to FreeRADIUS package too :)

Thank you John, V3lcr0, and marvosa, for the incredibly helpful replies above. I've taken time to read carefully and try and learn from and understand all the points made, which is why this reply has taken some time.  I now realise that my question was, as you said, poorly worded and a bit too clueless. I didn't actually know the right question to ask. I think I have a much more specific focus and a bit more of a clue now. Thank you for the effort in helping me. I've posted my more focused question in a new thread under "wireless" so this one can drop to the end and not accidentally confuse anyone who finds my OP unhelpful. :)  It should be more "to the point".

Is it a way to extract all settings, and then reinstall pfsense and re-deploy the settings? Or something like that?

Thank you very much Stewart! This topic is now solved! :)

@securedspace: How do I access it from my webbrowser via that combination? Just like you access any other FQDN on the planet… www.google.com is a FQDN... forum.pfsense.org is another, etc.. As to accessing it via IP, you can do that if you want.. if you don't want the error then just trust the CA you created the cert with... I have been over this multiple times, there are multiple threads about doing this..  To use an IP vs the fqdn you would have to create the SAN on the cert you want to access.. Only thing even slightly different from typical site on the internet would be if your using gui on different port than 443 you would have to put the port on the end of the fqdn via :port [image: sslcertnamesandip.png] [image: sslcertnamesandip.png_thumb]

All packages are up to: pkg version -vL= Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. pfSense-upgrade >>> Updating repositories metadata... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. >>> Unlocking package pfSense-kernel-pfSense... done. >>> Setting vital flag on pkg... done. >>> Setting vital flag on pfSense... done. Your packages are up to date

Boot single user and run /sbin/fsck -y / until it comes back clean. Maybe 4 times.

@kb: Hm… But I'm able to use admin user for that. No you're not, it isn't working (or you wouldn't have started this thread) :-) It's pretty well documented around that admin@ is not to be used for scp or anything that needs ssh features. It's locked to the menu. Just add another non-admin account and use it for whatever you need/want.

You might want to read here: https://doc.pfsense.org/index.php/Multi-WAN

It is up to the client whether it uses IPv4 or IPv6 when it thinks it has IPv6 connectivity and both AAAA and A records to choose from. With IPv6 disabled on WAN I can't see anything else helping more.

I guess no one has attempted to set anything like this up before?  I have some time this week so I may attempt it, but I am not sure I'll have any idea what I'm doing.

So yeah, multiple layer 3s are normal with IPv6. That might be pertinent had OP mentioned IPv6.

Hello, I'm just wondering if anyone has experienced the same issue or if anyone has some insights that could point me in the right direction (i.e. what/where I should be looking). As far as I know, there is no setting (at least in the pfSense GUI) to disable EAP. Any hints would be greatly appreciated. Cheers

Hi, Yeah it looks very normal indeed, and the traffic came in thru one door & exited thru another just right as expected … until I realized that I should count how many left by counting those who exited ... not by counting those who came in. In other words, for me those marked as OUT in the graph should be labeled OUT in the list. This screen is traffic statistics for the LAN interface only, not combined WAN/LAN. It's just labelling anyway. Thanks. Edwin