Captive Portal on Bridge: Any alternatives?
-
Hello Guys,
I am hoping to receive some good feedbacks and suggestions about this issue.
I am planning to integrate pfsense captive portal with Cisco networks. We have several Cisco routers and planning to retain them as much as possible.
ISP –> Cisco ---> Pfsense --> Switch/AP --> Clients
I only need the captive portal service from the pfsense router and want the Cisco to be the DHCP server and provides the IP addresses to the clients on LAN network.
We bought Pfsense SG-4860 device, and to get IP address from the Cisco router, I tried to Bridge the WAN and LAN interface of the pfSense device, BUT I've found that Captive Portal DOES NOT work in Bridge mode.
I did manage to get it working by setting up PfSense as a router, but it's not a good idea because it adds another point of failure to our system.
Any suggestions and feedback will very much be appreciated.
Thank you, everyone.
-
Please provide some feedbacks. :)
-
It is another point of failure whether it is a bridge or a layer 3 device.
You are better off just routing the traffic and using captive portal in the manner it was intended. Captive Portal needs an IP address to listen on. It does not work on a bridge.
-
It is another point of failure whether it is a bridge or a layer 3 device.
You are better off just routing the traffic and using captive portal in the manner it was intended. Captive Portal needs an IP address to listen on. It does not work on a bridge.
Thanks for the feedback, Derelict.
Do you suggest of removing the Cisco on the network and replace it with pfSense?
Do you think it is impossible to integrate pfSense CP on Cisco devices, without having another point of failure? Please confirm. Thanks.
-
If you insert another device you are going to have another point of failure.
I have no idea what to recommend since you haven't really given many details.
I see no reason not to have pfSense behind the cisco if you need its portal capabilities. Use the DHCP server on pfSense or the DHCP relay to forward DHCP to the Cisco.
I also see no reason not to replace the Cisco with pfSense unless it's terminating T1s or something.
Only you know the requirements of your network unless you provide the details of what you are trying to do.