Do I need to do any additional config with AP



  • Hello,

    I have 3Access Points (AP) which is plugged into our switch, which is plugged to our pfsense and internet cable is plugged into pfsense.
    The previous guy before me have AP IP under pfsense -> firewall and under destination section he have selected 'LAN net' under type.
    Is this required? our AP is plugged into switch which is a LAN network so I have have to specify it again on pfsense?

    Am I missing something?



  • You're not missing anything, the AP looks like just another switch to pfSense. PfSense doesn't care if it's in fact a wireless AP. I don't quite get what the "previous guy" has done from your description though, some firewall rule?



  • yes he added a firewall rule and declared AP IP a 'LAN net' under type.



  • There is no "type" field on a firewall rule in pfSense so I'm still not sure of what you're referring to, maybe you mean just the destination selection box with any/single host or alias/network etc ?

    A screenshot would help although I'm about 100% sure the rule is non-functional and can be deleted right away.


  • Rebel Alliance Global Moderator

    What tab was the dest lan net set on.  If your AP are just connected to your lan switch and the rule was on your lan interface then a dest of lan net is pointless.  Since nothing on the lan actual talk to pfsense to get to other stuff on the lan.

    Pfsense is the gateway to get off the lan, or other network connected to it.  For a device to talk to other devices on the same network it doesn't need to talk to pfsense.  Other than possible dns for a lookup of a name of a device and to get a lease from dhcp server running on pfsense.

    A screenshot of your rules would be most helpful in evaluating if they make sense, etc.



  • If there are VLANs in use, and one of your AP's is in that different VLAN, then that rule could be preventing access to the LAN network… like for guest users, you wouldn't want them to have access to your main LAN. So where that rule is located is important. Screenshots would definitely help.



  • So where that rule is located is important. Screenshots would definitely help.

    me too here, I would consider that will be the right way to help out. Many users see what they
    were setting up but we all must imagine it, or digging it out the nose step by step.

    I have 3Access Points (AP) which is plugged into our switch, which is plugged to our pfsense and internet cable is plugged into pfsense.

    Are they configured with one SSID only or are there more od them (SSIDs)?

    The previous guy before me have AP IP under pfsense -> firewall and under destination section he have selected 'LAN net' under type.

    Again are there also other SSIDs perhaps on top of this each in hois own VLAN with his own IP address range?

    Is this required? our AP is plugged into switch which is a LAN network so I have have to specify it again on pfsense?

    If he was setting up aliases for LAN, Guest and other SSIDs, it might be making sense but if not and
    only one SSID is in usage it can be also a "placebo" rule with no effect, or in plain a false rule.

    Am I missing something?

    VLANs in usage?
    How many SSIDs?
    Captive Portal in usage too?
    radius Server in usage too, but not in all VLANs or for all SSIDs?