Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hotspot in many locations

    Hardware
    2
    2
    759
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rysic
      last edited by

      Hi!
      I'm so new in pfsense, so sorry for stupid questions.

      I need to build Hotspot sollution in many locations. I'll have AccessPoints and switches installed (I can't do anything on APs, just L2 network), but I need to design Internet access and captive portal.

      Expecations are:

      • dot1.x port based authentication
      • captive portal
      • bandwith limutation - 2Mb per client
      • managing logs for police (mac address, IP, time… i think)
      • managing statistics for client
      • content filtering
      • starting project requirements are 16Mb Internet access for location
      • expected 100-200 locations

      I imagined two sollutins:

      1. Every location will have samall pfsense (https://netgate.com/products/sg-1000.html) and there I'll create captive portal, trafic shaping and content filtering. But can pfsense sg-1000 support dot1.x port based authentication (as a network client, not server) and how can I collect logs and statistics for client every month? I know that pfsense can show statistics, but it woud be nice to have them all/from all locations in one place and then prepare in some excel file.

      2. In second sollutin I imagined that every sg1000 will create VPN tunel to some central locathion where central, stronger maching pfsense will support captive portal etc. But this way it will be difficult to separate this statistic in central pfsense for every location?

      Did anybody do that with pfsense?
      I know that it is not strictly hardware question, but one of the most (dot1.x) is I think.

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        @rysic:

        • dot1.x port based authentication  <===802.1 X is done on switches & AP's / not on a router |  generally some sort of radius server handles the database
        • captive portal <=== yes
        • bandwith limutation - 2Mb per client <=== yes: captive portal has this builtin
        • managing logs for police (mac address, IP, time… i think) <=== no clue
        • managing statistics for client <=== ???
        • content filtering <=== yes/no/maybe/pain in the ass, not worth the hassle

        i'm not aware of anyone publishing test results for the sg1000's vpn performance. no clue if it can do what you want

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.