Hotspot in many locations



  • Hi!
    I'm so new in pfsense, so sorry for stupid questions.

    I need to build Hotspot sollution in many locations. I'll have AccessPoints and switches installed (I can't do anything on APs, just L2 network), but I need to design Internet access and captive portal.

    Expecations are:

    • dot1.x port based authentication
    • captive portal
    • bandwith limutation - 2Mb per client
    • managing logs for police (mac address, IP, time… i think)
    • managing statistics for client
    • content filtering
    • starting project requirements are 16Mb Internet access for location
    • expected 100-200 locations

    I imagined two sollutins:

    1. Every location will have samall pfsense (https://netgate.com/products/sg-1000.html) and there I'll create captive portal, trafic shaping and content filtering. But can pfsense sg-1000 support dot1.x port based authentication (as a network client, not server) and how can I collect logs and statistics for client every month? I know that pfsense can show statistics, but it woud be nice to have them all/from all locations in one place and then prepare in some excel file.

    2. In second sollutin I imagined that every sg1000 will create VPN tunel to some central locathion where central, stronger maching pfsense will support captive portal etc. But this way it will be difficult to separate this statistic in central pfsense for every location?

    Did anybody do that with pfsense?
    I know that it is not strictly hardware question, but one of the most (dot1.x) is I think.



  • @rysic:

    • dot1.x port based authentication  <===802.1 X is done on switches & AP's / not on a router |  generally some sort of radius server handles the database
    • captive portal <=== yes
    • bandwith limutation - 2Mb per client <=== yes: captive portal has this builtin
    • managing logs for police (mac address, IP, time… i think) <=== no clue
    • managing statistics for client <=== ???
    • content filtering <=== yes/no/maybe/pain in the ass, not worth the hassle

    i'm not aware of anyone publishing test results for the sg1000's vpn performance. no clue if it can do what you want


Log in to reply