Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal on Bridge: Any alternatives?

    Scheduled Pinned Locked Moved Captive Portal
    5 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Helmikuu
      last edited by

      Hello Guys,

      I am hoping to receive some good feedbacks and suggestions about this issue.

      I am planning to integrate pfsense captive portal with Cisco networks. We have several Cisco routers and planning to retain them as much as possible.

      ISP –> Cisco ---> Pfsense --> Switch/AP --> Clients

      I only need the captive portal service from the pfsense router and want the Cisco to be the DHCP server and provides the IP addresses to the clients on LAN network.

      We bought Pfsense SG-4860 device, and to get IP address from the Cisco router, I tried to Bridge the WAN and LAN interface of the pfSense device, BUT I've found that Captive Portal DOES NOT work in Bridge mode.

      I did manage to get it working by setting up PfSense as a router, but it's not a good idea because it adds another point of failure to our system.

      Any suggestions and feedback will very much be appreciated.

      Thank you, everyone.

      1 Reply Last reply Reply Quote 0
      • H
        Helmikuu
        last edited by

        Please provide some feedbacks. :)

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          It is another point of failure whether it is a bridge or a layer 3 device.

          You are better off just routing the traffic and using captive portal in the manner it was intended. Captive Portal needs an IP address to listen on. It does not work on a bridge.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • H
            Helmikuu
            last edited by

            @Derelict:

            It is another point of failure whether it is a bridge or a layer 3 device.

            You are better off just routing the traffic and using captive portal in the manner it was intended. Captive Portal needs an IP address to listen on. It does not work on a bridge.

            Thanks for the feedback, Derelict.

            Do you suggest of removing the Cisco on the network and replace it with pfSense?

            Do you think it is impossible to integrate pfSense CP on Cisco devices, without having another point of failure? Please confirm. Thanks.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              If you insert another device you are going to have another point of failure.

              I have no idea what to recommend since you haven't really given many details.

              I see no reason not to have pfSense behind the cisco if you need its portal capabilities. Use the DHCP server on pfSense or the DHCP relay to forward DHCP to the Cisco.

              I also see no reason not to replace the Cisco with pfSense unless it's terminating T1s or something.

              Only you know the requirements of your network unless you provide the details of what you are trying to do.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.