What is the best way to pass-through xbox and PlayStation through captive portal

  • Greetings,

    I set up a mid-sized Wi-Fi network on a school campus.  I have a very basic captive portal that just displays the "Terms of Service" and the users simply click "Agree" and they are let through.  Is there an easy way to pass-through certain devices like Xbox or PlayStation without verification?  The xbox has a browser, but it only works if the device is connected to xbox Gold.  The only workaround I have found for them is to spoof the MAC address from a cell phone that has authenticated on the console.

    Any suggestions?

    Thank you!


  • Hi,

    What about adding the IP or MAC of the Playstation to the list ? see the two tabs present on the captive portal settings page.

  • LAYER 8 Netgate

    Help Desk adding a MAC address passthrough.

  • Add the MAC is the right answer; BUT keep in mind I do think you can just add the first six characters of the MAC, which is the the manufacturer.  This should pass all of them through from that vendor.

  • Thanks for the replies! The problem with doing MAC filtering is that new students are constantly coming and going and it would be very laborious to put each individual MAC address in all the time… I will try the first six characters of the MAC and see if that works.


    I just tried putting in the first six characters and got an error.  That would have been a great solution if it worked!

  • Any other suggestions?

  • Of course.

    If it's true that all Plays Stations have a partially identical MAC, then use that knowledge !!!

    I would :
    In a loop (cron) that executes every 5 minutes :
    tail the DHCP log.
    Search for identical MAC fragment.
    If found one, take the entire MAC (this would be a Play Station).
    Check if it's already in the Captive's portal MAC list and if NOT, add it.
    If something was added, reload (restart) the portal.

    This can all be done with some PHP lines.

    As always : If you can atomize it, you script it.
    Otherwise : you do it yourself by hand.

  • Rebel Alliance Developer Netgate

    A couple extra steps and you can use the mac prefix:

    1. Define a separate DHCP pool for the xbox MAC prefix(es), putting their MAC prefix in the Allow box there, and in the Deny box of the main pool. For bonus points, align this pool to a neat subnet boundary inside the local network.
    2. Add IP bypass entries for the pool, either individually or if you managed to figure out the subnet bit above, use that subnet.

    It's not perfect, but it beats adding them by hand.

    Note that by defining another pool I don't mean make a whole new interface or subnet, but using additional IP addresses in the existing network or splitting up the existing pool.

  • ;D

    Nice !!!

Log in to reply