I've just noticed that for the EAP670 on the US site & German site there is a 1.0.6 firmware but on the Australian site there is only 1.0.2 even though the device shipped with 1.0.3.

For the EAP650 it is even more inconsistent. I have the H/W revision 1.0 which has no links to firmware at all and depending on my choice or H/W revision and region I get options ranging from nothing to 1.0.3 or 1.0.6.

There is a recommendation against upgrading a device to a firmware from a different region or hardware revision but is that actually a problem, especially if I still stick with a EU version?

Can I ask someone from TP-Link (I've seen @Fae respond to several similar posts) to either provide me with links to compatible firmware for the AU region (EU hardware) or update the websites with one if an official one is available.

  @bky This is a known issue with the newer EAP6XX APs, only the first versions of the 610/620/660 are PPSK compatible.  TPLink has promised a firmware update to fix it since July, 2022, but we still wait.  It is available with the beta firmware in the pinned post in this forum, and there was a momentary release of an official firmware that got pulled due to reboot cycle after flashing.

Thanks @JoeSea. That is what I figured for PPSK. Do you know about RADIUS VLAN assignments? Is that supported in current firmware versions?

  @bky 

Do you have the Omada Gateway? The FAQ 3152 steps is for a whole Omada network. If your switch/gateway are not tp-link, you may need to check the router VLAN settings and confirm you have VLAN tagged traffic to the EAP.

Thanks @Somnus. I use a pfSense gateway, not Omada. The interface it is on supports VLAN tagged traffic, however, the management and device itself use untagged traffic, including the RADIUS handshake.

I'll try setting up a management VLAN on the devices and see how that goes.

@bky One other point regarding "Attempt 2: PPSK + Wifi 6", as far as I know PPSK without radius is fundamentally incompatible with Wifi 6 due to the way the handshake works. Wifi 6 PPSK with radius may be possible in future. This is touched on in some other network providers forums, eg meraki, but it won't allow me to post the link here.

I tried RADIUS VLAN assignments after enabling the Management VLAN on the EAPs and it results in some rather odd behaviour but still doesn't work.

When I setup the EAP after a factory reset to have a management VLAN it works as expected - the EAP communicates entirely on that VLAN, I can manage it via the WebUI, adopt it by the controller and then manage it perfectly fine from the controller, however, as soon as any client attempts to connect over the AP and it performs the RADIUS handshake for that client the EAP partially forgets about the management VLAN and drops back to a quasi-untagged state where it responds to inbound packets on the management VLAN but sends all outbound packets as untagged packets. The only way I've been able to get it out of that state is a factory reset.

I guess I'll wait for the new firmware to drop and see how that goes.

  @bky The EAP650(US) firmware update came out today.  At this point I wait a week after firmware update releases before installing them, to see if it will get pulled for some reason.

Fantastic! I also see it for EU too, but I'm in AU and don't see that one yet so will have to wait for it to come out for it, but good to know there is a version coming, so long as it doesn't get pulled.