Captive Portal + FreeRadius + VLANs. Is it possible?

  • Hi guys

    This is my first post, and my very first time in a while that I write o forums, I am normally used to make a large research of my networking problems before ask fo help, because almost always someone has been with the same issues and someone else got the answer posted. But right now I'm starting to get a little bit crazy with this issue, so I need to (desperately) ask for help!!!

    I got a small company that rents offices to other companies. Every office has its own subnet (VLAN) and its own Wi-Fi hotspot (every office has a simple Wi-Fi TP_Link Router -in AP mode- and there's a couple of Ubiquiti's UniFi for Guests and Admin subnets on the halls). Because of the amount of the routers and the closeness in between, they are always interfering each other (16 offices, and also, these TP-Link routers really, really sucks!).So this is the thing, I want to get rid of the TP-Link and centralize the Wi-Fi hotspot to an unique SSID for everyone and that every Office has its own user group and grant connection just to its Office-VLAN.

    My question is: Is it possible to use the RADIUS server (in this case, FreeRADIUS) with the PfSense Captive Portal to redirect the users to its own Office-VLAN? or I'm just dreaming with flying pigs?

    I have made some tests and got the RADIUS working with the CP, but I can't make the users to switch to their Office-VLAN once they log in. They just stay in the main CP subnet (another VLAN made just to perform the initial connection to the CP).

    Any idea?

  • If I understand you correctly, you can set up separate VLANs for each of your client companies. These VLANs can be bound to individual SSIDs on your wifi service and each VLAN can have it's own captive portal. Each captive portal can use either separate radius servers for authentication or just one with all the accounts held centrally. The captive portal doesn't decide which network a session will use - it simply is a gateway for a user to authenticate their device.

    Does this answer your question?

  • Got it! So, I can stop knocking my head against the wall.

    I'll try the configuration you exposed

    Thanks very much for the clarification :)

Log in to reply