System Design Recommendations

  • Hi all,

    We are using pfsense for awhile and we decided to extend our capabilities with the help of pfsense.
    Our intention is to seperate guests (wireless user) with our own known wireless users and also our wired clients.

    We have 2 tp-link TL-WR842ND access point to serve wireless connection in our office.
    Wireless AP's connected to our 24-Port Gigabit Switch TL-SG1024 as well as our pfsense connected to that switch too …
    ı am not sure if it can handle vlan configuration ...

    Right now our authentication mechanism is based on our Wirelss AP's configurations. There are mac filtering, wireless securtiy, and so on defined in these configurations. We solved the guest account with simple password but is not feasible for our design requirements.

    What we want to do is move entire auth mechanism to pfsense.
    We want to provide different accounts to our visitors, so we can control/restrict their access.
    Also, there would be a single location to deal with in terms of wireless security/connection in our network.

    Can anyone recommend me a solution ?

    • Is it feasible or meaningful to install openwrt to our wireless ap's ?
    • Is it required to implement a vlan solution ? In this case i need to add vlan capable switch and connect wireless ap + pfsense to that and all other cabled users to our old switch ?
    • Can i implement account based access with new solution ? ex. printer user will be able to access printers and so on.

    Thank you very much.