Many thanks for your help, but the problem is still persist. Now I think to refresh the installation with a new one, and retry the procedure step by step. Best regards

Disabling MAC filtering in Captive Portal settings worked for me.  The repeater was affecting the MAC-IP relationship for the client trying to log in. "If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in.This is required when the MAC address of the client cannot be determined (usually because there are routers between pfSense and the clients)."

Dear fluca1978 , Thanks for your reply. @fluca1978: @steelmax11136: 1.    LAN only Vlan10 2.    LAN output Vlan tagging and trucking enabled to distribute across the network My question here is: If WAN come from a Vlan given by CoreSwitch will I be able to make output from LAN to give Same VlanID & DHCP given by CoreSwitch + with Captive portal? @steelmax11136: 3.    Pfsense should be able to talk Windows AD & Radius Server Which are in Vlan5 Dear its possible since I succeeded in testing environment but was without vlans… My question here is that how I am gonna make Pf-sense talk windows AD which is in vlan5 to since Pf-sense is in vlan10. ***Note: I know how to setup captive portal to authenticate against win AD. I just don't know how to link the in a vlan trucked environment. @steelmax11136: 5.    Do I need Dual WAN eg: Vlan5 & Vlan10 I really have no Idea on how to make and use single interface for vlans can you plz give me a link to a guide for these steps. Is that I can use single WAN or Do I have to Use Dual WAN. To make pf communicate Vlan 5 & Vlan10? I thank you for your valuable time. Thank You a lot!  :)

Thank a lot….I succeeded as you said...God bless u..

Sounds like what usually happens when the users on that interface can't use DNS. If you are specifying external DNS servers in the DHCP config, make sure you have them set on the 'allowed ip addresses' tab of CP.

Easily possible, no. Anything is possible with custom development. That's not an easy or quick process though.

@Alan87i: Bummer Any word on when that might happen? Is your radius2 package running on 2.1? Do you know if I can accomplish what I want too do with M0nowall? They want to release pfsense 2.1 on world IPv6 day - someone in june as far as I know. For pfsense 2.1 all freeradius2 binaries needs to be recompiled and .pbi packages needs to be build. The compilation of the binaries did another forum user for me who has more knowledge about that. I didin't ask him about that till now because he seems to be very busy if I follow his other posts. Monowall: You can try the CP of monowall with freeradius2 package. perhaps it will do accurate accounting but I don't know.

I unchecked "Reauthenticate connected users every minute" option in Captive Portal and now the time counter is worked well as I desire. :) Thanks @Nachtfalke for your help.

@jameson: http://doc.pfsense.org/index.php/Captive_Portal_Vouchers http://forum.pfsense.org/index.php/topic,41658.0.html Sorry, can you explain better? because it still doesn't work. Thanks for help, Bruno

http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#FreeRADIUS_Plain-MAC-Auth_as_802.1X_request_with_Captive_Portal Using freeradius2 package and 802.1x mac auth. Create a user for each pc's mac address. I have just set this up on a test machine. And it works  as far as the bandwidth limits per mac address. But The usage limit is bugged for me anyways. A few mistakes I made along the way. in CP  the IP for the radius server= use the lan ip of the pfsense box. I tried 127.0.0.1 and it doesn't work. MAC address format leave on default then just copy and paste mac's for each new user from the dhcp status page. All users will have the same shared secret that you put on the CP page. On CP page top set an idle time out say 60 minutes or so then get rid of the hard time out. leave it blank. Accounting updates I've tried both but start stop should work fine for speed control.

well I'll try IT thanks  for your help :)

@anatolidt: hadi, alan, do you experience this always or only sometimes, maybe when your box was running for a long time? What packages installed? On my testbox only pfblocker and pfflowd installed, squid-reverse removed. nothing special… Can't be hibernation mode that irretates pfsense... I"m using mac auth and noticed this with a fresh reboot setting the DL limit too 1 gb per month then after it lost connection from downloading a 1.2 GB file , all I had to do was refresh a page and I was back on the net. No other packages except freeraduis2. I figured i was setting something wrong.

I think you can install a local syslog server, but I would not play with this on a security appliance unless the core devs plan to implement writing logs to disk. But maybe this wouldn't be such a bad idea since pfs 2.0 was aimed for hdd install and you get plenty of space today at minimum which is totally unused. On the other hand, when switching to ssd this changes again…

I've been messing with this with two laptops wired too the lan /switch in line. The only way things sort of work is with these settings FreeRADIUS Plain-MAC-Auth as 802.1X request with Captive Portal FreeRADIUS configuration         Disable Plain-MAC-Auth on FreeRADIUS => Settings         Enter the MAC address of the host in the following format (11-22-a3-bb-44-af) in FreeRADIUS => Users         Enter the password for this MAC address. We will choose blaaa in this how-to. Read the following steps fo fully understanding! Captive Portal configuration         Enable RADIUS MAC authentication         Enter the same shared secret here you choose above in FreeRADIUS => Users. This field must not be empty! This is not the shared secret which is used for communication between NAS(CP) and the FreeRADIUS server. I used blaaa as I wrote above.         MAC address format. In general you can leave this on default or any other option because FreeRADIUS is converting the MAC address (Calling-Station-ID) into the correct format. To be 100% correct choose here ietf The one problem I seem to have noticed Is the speed limits .  Have to set this in CP , And in radius I set a different speed for each laptop. Both run at the same speed The default CP setting.  If I set this to 0 I get nothing. If I uncheck the box in CP I get nothing. As in no connection through the WAN. Another question With this setup on the LAN say I have an OPT1 interface with a static route too another lan . Does CP limit the connection speed through this connection as well? Thanks Allan

Are you asking "Can a web page distinguish a "public VLAN" user from a "802.1x allowed user" so that registration or authentication can be invoked? If that is the question then I suspect the answer will generally be "no". But there might be some specifics of your particular configuration that would allow that distinction to be made.

I'm sure it would be of interest to people, maybe not at this instant, but I would recommend posting it regardless as I'm sure someone will find this at some point and want to see it.

There are some APs out there that work in a bridge mode where they don't forward on the client's MAC. I have a couple of them, EDIMAX somethingorother model. It's impossible to use more than one client from behind it in AP client mode from what I could tell.