Quick way to enable/disable WiFi AP?



  • I'm currently waiting for the hardware to arrive to finally get setup with pfSense! Looking forward to it. :)

    I don't have many devices that use WiFi, just an iPad, and when guests come over.
    Is there a fast way to enable/disable the WiFi AP, using a script, etc?

    I'm going to initially use my old WiFi router as an AP, so I was thinking of using a smart plug. Or even a regular plug with a power button on it. I fear, however, that disconnecting power to it may reset the settings, etc. And I will be moving to a PoE AP, so I won't be able to access the power in the same way.

    Is there a quick way, double click on a script file, etc to enable/disable just the WiFi AP? Or is the only way to login to pfSense and enable/disable it that way?
    Thanks!

    David


  • Rebel Alliance Developer Netgate

    There wouldn't be a way to disable the AP from pfSense unless you have the AP on its own isolated interface, in which case you could disable the interface or toggle a rule so it blocks instead of passes.

    APs typically do not perform NAT so there is no way for the firewall to tell traffic coming from the AP apart from traffic on the wired LAN. If the AP is really a wireless router (which is not recommended), you could block traffic from the IP address of the wireless router… but having it on its own separate interface is better, assuming the wireless devices don't need anything that requires being a part of the LAN subnet.



  • @jimp:

    There wouldn't be a way to disable the AP from pfSense unless you have the AP on its own isolated interface, in which case you could disable the interface or toggle a rule so it blocks instead of passes.

    APs typically do not perform NAT so there is no way for the firewall to tell traffic coming from the AP apart from traffic on the wired LAN. If the AP is really a wireless router (which is not recommended), you could block traffic from the IP address of the wireless router… but having it on its own separate interface is better, assuming the wireless devices don't need anything that requires being a part of the LAN subnet.

    Thank you for the reply.

    Yes, it is an older wireless N router. This is a setup in my house, where WiFi isn't that important since I'm wired almost everywhere.
    Why is using an actual router not recommended? I've disabled DHCP, etc, and gave it a static IP.

    My pfSense box only has 2 interfaces (WAN/LAN), and I'm not using VLAN.

    The central location I plugged it into, the plug is within arm's reach (easily disconnect the power if I don't want WiFi)
    I applied a very long random passphrase to help with it's security (WPA2 being the strongest it offers unfortunately, does not accept 3rd party firmware).
    I still need to configure pfSense to not allow people connected via WiFi to access pfSense gui.

    I have been debating getting a Unifi AP, and mounting that in a central location. I imagine you would prefer that as my AP instead of an old router. But I won't be able to easily disconnect it.



  • Disconnecting from AC/DC power will not lose any setting because these are stored in EEPROM.

    I am also using few routers ( Linksys, TPLINK ) as switches and WIFI AP and I have even separate LANs - WIFI on the same router each connected with separate Ethernet cable to pfsense but in my case are with DD-WRT,Tomato firmware and I can also turn WIFI ON/OFF remote, I have them on schedule OFF at night.

    If you don't have free PCI slots for an Ethernet card but you have USB you can use an USB-Ethernet adapter and have your AP-router connected to a different NIC, from pfsense 2.2.4 I found that cheap USB-Ethernet adapter with chipset AX-88772b works OK at 100Mbs in pfsense 2.1.5 that adapter did not worked.