pfSense

Hi,
recently while trying to create a hotsopt i end up with the following problem. a related thread in forums is at:
https://forum.pfsense.org/index.php?topic=80237.msg437605

(*)Setup:
PfSense with captive portal and freeradius. a main access-point (tp-link TL-WA901ND) is connected to an interface (named PUBLIC) in access-point mode with no security(open access). another router (tp-link TL-WR740N) is connected to the main access-point as in wireless bridge with WDS enabled.

each devices that ends up at captive portal is authenticated by freeradius by its MAC address and given access. a limiter assigned to the PUBLIC interface distributes bandwidth equally to all devices.

(*)Issue:
Access-request packets recvd by freeradius from any device that connects from behind the WDS-bridged-router has the same MAC address, i.e. the MAC address of the WDS-bridged-router. so they are authenticated by freeradius, while each device is assigned a seperate session, IP & limiter queue in PfSense.

so instead of a single access given per MAC we give access to multiple devices, without any control over it.

(*) what it should be (in my opinion):
one of the following should be the behavior of pfsense:
(a) if pfsense is considering each device as seperate and assigning different session to each then it should forward the device's MAC to radius in access-request.
(b) if same MAC is provided for each device then pfsense should consider it a single session and thus assign a single IP, queue, bandwidth etc to ALL the devices behind the WDS-bridged-router.

captive portal snapshot file is attached.

Regards
Ashfaq