WiFi
Infrastructure
Managed by TP-Link Omada controller (CT127 on pve0-core, 10.37.8.2, VLAN 8).
Access Points
| Name | Location | Model | IP | VLAN |
|---|---|---|---|---|
| AP Penderie | Upstairs wardrobe | EAP650 (US) v1.0 | 10.37.8.11 |
8 |
| AP Sous-Sol | Basement | EAP620 HD (US) v2.0 | 10.37.8.10 |
8 |
Both are WiFi 6 (802.11ax). AP Sous-Sol runs custom firmware.
SSID
Single SSID: Cosmos
PPSK (Private Pre-Shared Key)
Each client connects to Cosmos but is placed on a different VLAN depending on which password they use. VLAN assignment is fully transparent to the client.
| Network | VLAN | Subnet |
|---|---|---|
| Home | 192 | 10.37.192.0/24 |
| Visiteurs | 200 | 10.37.200.0/24 |
| IoT | 232 | 10.37.232.0/24 |
| Enfants | 208 | 10.37.208.0/24 |
| Console de jeux | 234 | 10.37.234.0/24 |
| Travail | 210 | 10.37.210.0/24 |
Planned: WPA3-Enterprise 192-bit (EAP-TLS) — SSID Horizon
Migration to WPA3-Enterprise in 192-bit mode with EAP-TLS is planned but blocked by an Omada firmware bug. Once resolved:
- RADIUS server:
radius-tls(CT121,10.37.16.129, VLAN 16) - CA:
step-ca(CT117,10.37.16.128, VLAN 16) — issues client and server certificates - Auth: Certificate-based (EAP-TLS), no passwords