Help with WiFi Access Points

  • I'm trying to setup freeradius to work with 9 access points (EAP300 and 9550s) located around my building.  I can connect if I shut off the radius encryption at the access points and just use a simple WPA passphrase.  So I know that they will work.  I just need to know what I'm doing wrong in my freeradius config, my pfSense interface setup or my access point configuration.

    All of the APs are connected to TP-Link TL_SF1008 switches - 3 APS connected to 3 sf1008.  The 3 wires then come in and are connected to the pfSense box - opt1, opt2 and opt3.  The cable modem is connected to my WAN port and this computer is connected to the WAN port.

    So here's my many questions and possible screw-ups:

    I setup opt1 as the dhcp server.  I bridged opt2 and 3 to opt1 and set up a pass thru in the firewall settings.  Did I need to bridge those connections to connect them to the internet or not?

    I gave opt1 a static IP address of and setup the freeradius on that IP as well.  Is that correct?

    I then setup the access point's wireless security to use WPA RADIUS encryption and put as the radius server address.  It was when I did this I could no longer connect.  Do I need to put the radius server at a different IP address?

    I do have a test username and password in under users in the freeradius config

    What am I doing wrong?

    I really do appreciate any help and your patience in helping this old fool set up a small wifi.


  • LAYER 8 Global Moderator

    Why would you have to bridge??  Connect a switch to opt1 or setup vlan on your switch if you have a switch that does that.. Connect your AP to that switch!

    Not sure what wpa radius encryption is?  Do you mean you setup wpa2 enterprise?  Did you setup your AP ips in the nas/client tab - what did you use for the shared secret, what protocol, are you using udp/tcp - did you setup AP to point to the port you setup up freeradius to listen on? Defaults to 1812

  • I got it figured out.  The bridge was one of the issues - deleted it and used a switch (connected to opt1) for the APs.

    Switched to WPA-PSK AES.  Got FreeRadius and Captive Portal configured with usernames and passwords so now the users connect with a shared passkey and then they have to log in via a captive portal page.

Log in to reply