OPNsense Forum
English Forums => Hardware and Performance => Topic started by: neggard on July 18, 2016, 12:01:40 pm
-
I have decided to start using OPNsense and need some advice on wifi.
Wifi network card is not powerful enough as an access point, or is there a Network Card That is?
Anyway I have an Asus n66u router that i configured as an access point.
How should I configurate the AP in OPNsense?
Should I add it to my switch on a local network or in a network port in my OPNsense?
What is the pro / cons about the switch or network port and how about security?
-
Having your AP on it's own port/network can make your LAN more secure if you add the correct block/pass rules to limit Wi-Fi traffic. It also makes it easier to traffic shape Wi-Fi traffic. One possible downside is your firewall will block broadcasts between your LAN and your Wi-Fi network.
RPSmith...
-
If possible, I always recommend using dedicated access points (AP) for several reasons:
- AP's can be put where they are needed. The gateway/router is often located inside a server room or the basement.
- WiFi standards are still in a flow, changing often and can't be upgraded in an easy way (MuMiMO need a bunch of antennas etc.). It's often not easy or possible to change the WiFi-hardware in the gateways itself. Dedicated AP's don't cost that much and can be replaced easily.
- Authentication is either against a remote database like Active Directory or has a one-time-setup SSID/password controlled by the AP. So there is not much work to do. Companies like Sophos, Cisco or Watchguard have a kind of server software running on their firewalls to admin all AP's, nice, but only useful if you really have a lot of them.
Problem: A guest WiFi needs either a dedicated AP or VLANs. I normally use a dedicated AP at a DMZ-like interface. So you at least need a VLAN-capable AP or a free NIC in your router for this.
To sum up: it's a good idea to use an old router as AP. Put it on the LAN side and use the built in authentication with WPA2/AES. Beware: You cannot provide a guest WiFi this way unless you use VLANs for this. The AP inside the OPNsense software is only needed if you use a built-in piece of hardware (WiFi PCIe/USB card). But you can use a captive portal on a dedicated NIC for AP's connected to that NIC. I eg. have several AP's connected to LAN without captive portal and an AP for guest WiFi connected to a DMZ-like-configured NIC with a captive portal.
-
Dedicated AP's such as Ubiquiti and Xclaim can broadcast multiple SSID's (e.g. separate guest) over different VLAN's.
Bart...
-
get a dedicated AP like a ubiquiti. you wont regret it. i tried doing the same as well, and i know it can be done to use a wifi card, its just not worth it.
-
so it is UniFi Enterprise is really recommended here.
-
I don't really like them, but they are not bad. Tbh, it's often a simple question of money what kind of WiFi equipment you buy. In small companies or SOHO you don't need that professional stuff, any older or cheap AP will do - somehow. Old routers with WiFi get a second life there too. In bigger companies and wide areas you want quality stuff, IP65/IP69K or whatever you need at your site.
Cheap stuff like TP-Link, Sitecom, Edimax, Zyxel or simular will often do the job. One AP from Cisco costs as much as 10 cheap ones, but the bigger your network is, the more you want centralized management.
-
..it's often a simple question of money what kind of WiFi equipment you buy.
full ack :)
-
I need to get something here, I planning to use Captive portal & GuestNET, what hardware required to accomplish that? ???