Wireless AP with Repeaters and More Wireless APs

naeemirza

Hello All,
I have my setup as following:

1. 4G Router inputs pfSense (Dell PC) as WAN in Ethernet1
2. Second ethernet is being used as output.
3. 2nd Ethernet is plugged into a switch which connects to multiple PCs.
4. 1 Ethernet port out of switch connects with TPLink CPE210 which I am using as AP to throw signals towards more Access Points.
5. TP Link CPE210 configuration is setup as AP, DHCP disabled for clients, DHCP enabled for itself - with bounce back IP same as to be assigned by pfSense.
6. TP Link CPE210 is AP for 3 more APs in range - which actually are open hotspots to be used to access Internet through Captive Portal.
7. The APs which are connected to CPE210 were being assigned by pfSense at first, but later I added their Macs and assigned them static IP.

Now here is the problem I am facing.

Any device which connects to 2nd layer APs gets authenticated by pfSense. But the newly added device's IP does not show their MAC address in the DHCP Leases. Rather it shows the MAC of AP and same MAC gets multiple IPs (all connected to that specific AP)

Although it has not been problem in authentication bypass for me so far. But the problem I am facing is the IP of AP goes in-accessable since its MAC has multiple IPs assigned in pfSense. To reach the web interface of IP I need to disconnect all the devices with that specific IP and then refresh it so that only one IP against that MAC is assigned.

Can anybody advise how can I fix the issue so that the APs at 2nd layer should get the MACs of their connected devices and pfSense should show them against the IP it has assigned?

JKnott

@naeemirza

Is the 2nd AP configured as an AP or router? It sound like it's a router. That's the only way it's MAC will appear in the leases. Also, you would never see the MAC of any device connected to it, as the MAC gets discarded on the WiFi side and a new one, with the AP MAC created.

kiokoman

i have a dlink access point that do the same (dap1620 rewrite the mac of connected devices) and there is no way to remove that behavior. i have to live with that until i change it for something better. total BS

johnpoz

@naeemirza said in Wireless AP with Repeaters and More Wireless APs:

TP Link CPE210 is AP for 3 more APs in range

You mean you have 3 others repeating to this 1? Or its routing and then you have 3 others as wireless clients to it in a wireless client bridge setup?

If your in a setup where you have to use wireless uplink to have these AP get connected... Then do that - setup a fullmesh network or get AP that actually support wireless uplink and not some client/bridge/repeater nonsense..

Best option is run a wire to where you have need of AP for coverage.

naeemirza

@JKnott
Second AP is currently configured as Repeater. I tried both AP and Repeater modes and faced same problem in both.

naeemirza

@johnpoz
I chose pfSense to use my current hardware. Since for Mesh I need to upgrade firmware which is not possible with available hardware.
Can't run wire for almost 2 km to cross the motorway unless digged deep with right of way to cross that.
But your answer is logical that repeating and APs in client/bridge/repeater nonsense are nonsense - lol.
Anyway - Thanks for suggestion

johnpoz

So your "repeating/client/bridge" for 2 KM?

Get the correct hardware for what your doing - if you can not run a wire.. You could use something like
https://www.ui.com/airmax/nanobeamm/

As the link to your remote location, then connect your AP to that..

JKnott

@kiokoman

i have a dlink access point that do the same (dap1620 rewrite the mac of connected devices) and there is no way to remove that behavior. i have to live with that until i change it for something better. total BS

That doesn't sound right. If the d-link MAC address is used instead of the device MAC, then it becomes impossible to have more than one device connected. DHCP relies on the MAC address to assign an IP address. Does a device connected to it get an address from the LAN? Or a separate network?

I have just browsed through the manual for that device and didn't see anything to indicate it operates in anything but bridge mode. I have a couple of devices, one Asus and one D-Link that can be configured in a variety of modes and they both work properly.

JKnott

@naeemirza said in Wireless AP with Repeaters and More Wireless APs:

Can't run wire for almost 2 km to cross the motorway

Consumer grade WiFi gear isn't the best way to do that. There's a variety of short haul microwave gear that's designed for that sort of situation. I have worked with equipment from DragonWave and Ceregon.

johnpoz

@naeemirza said in Wireless AP with Repeaters and More Wireless APs:

TP Link CPE210

Looking into these - they do support a ptp mode, as just a wireless bridge.. That is how you should set it up, and then connect a different AP to that.. So now you just use that link as backhaul..

You would then see the mac of the end point devices.. Your ptp devices become a wire so to speak..

kiokoman

@JKnott this is the mac of one of my AP repeater 10:62:eb:f2:1f:44
every device connected to it become 10:62:eb:* or 10:62:* i don't remember exactly now as i'm not at home right now

JKnott

@kiokoman said in Wireless AP with Repeaters and More Wireless APs:

@JKnott this is the mac of one of my AP repeater 10:62:eb:f2:1f:44
every device connected to it become 10:62:eb:* or 10:62:* i don't remember exactly now as i'm not at home right now

Well, better check when you get home. The situation you describe doesn't make sense.

kiokoman

@JKnott

stephenw10

Yup, wifi repeaters re-write the MAC address. First time I saw that it freaked me out too.

JKnott

@stephenw10 said in Wireless AP with Repeaters and More Wireless APs:

Yup, wifi repeaters re-write the MAC address. First time I saw that it freaked me out too.

So, how many devices can you connect via the repeater? If only one MAC is sent to the DHCP server, it will provide only 1 IP address.

stephenw10

I've never dug into it because it seems like black magic and best avoided but....

I assume it re-writes the first 3 bytes of the MAC with it's own OUI as shown by @kiokoman above.

Ugh...

Steve

JKnott

@stephenw10 said in Wireless AP with Repeaters and More Wireless APs:

I've never dug into it because it seems like black magic and best avoided but....

I assume it re-writes the first 3 bytes of the MAC with it's own OUI as shown by @kiokoman above.

Ugh...

Steve

Then you'd still have different MACs and IPs. However, according to the OP, several IPs have been assigned to the same MAC, which might not be true. However, he's only had 1 post since then and he doesn't clarify anything.

naeemirza

@JKnott Actually I removed the simple wifi repeater and using AP now. It solved the problem. I have been experimenting with Repeater to record multiple IPs against same MAC. I will post some screenshots here later.

stephenw10

@JKnott said in Wireless AP with Repeaters and More Wireless APs:

However, according to the OP, several IPs have been assigned to the same MAC, which might not be true

Yeah my mistake. In fact that is what I've seen before, the same MAC used for all IPs coming via the repeater.
Which is what the wikipedia page shows as expected: https://en.wikipedia.org/wiki/Wireless_repeater

As I said it's all voodoo! Avoid if possible.