Dynamic VLAN captive portal
-
Hello everyone,
I'm looking for a solution to have dynamic vlan (radius assigned) from the captive portal.
Is there a way to do it?If not, maybe there a way to specify the vlan within the mac acl?
Regards,
iLevac -
If they are already hitting a captive portal they are already on a VLAN. You probably want dot1x in your wifi or switching gear.
-
My switchs are already 802.1x.
I am using dynamic vlan on my wpa2-ent wifi network.
The captive portal with dynamic vlan is for client that
doesn't support wpa2-ent such as appleTV, xbox, etc -
Like I said. If they are already hitting the CP they are already on a VLAN. Switching or wi-fi. It's a layer 2 thing.
-
Hello everyone,
i'm interressed on this project.I don't know if it's possible that the pfsense radius with pfsense captive portal could assign a vlan and an IP to the user.
I saw theses options on the radius but i don't know how to do…
Best regards.
Myke. -
Just because the options are available on RADIUS doesn't mean they work in Captive Portal. Captive Portal is Layer 3. VLANs are layer 2. So that has to be done in your layer 2 gear (wireless and switching.)
-
I am sure there is a way.
I we can set a mac whitelist with a VLAN, so when to client connect, pfsense look in the table, find the mac adress and his assigned VLAN.
Then dhcp is able to give the good IP in the good VLAN.
Make sense? -
Does not make sense, you're looking at the wrong end.
When a host hits pfSense's Captive Portal it is already sending traffic through a VLAN. Your router cannot change the host's VLAN anymore, your network in front of pfSense has to do that.
Derelict told you already.maybe there a way to specify the vlan within the mac acl?
That's a task for your switch.
-
I know it's almost impossible to change the vlan when
the user has an ip, but how can I do to specify which vlan to use on l2?
Is there a way to put the vlan id for a specific mac adresse in the switch? -
Or, just make some custom l3 rule to allow the user one specific vlan but not everyone.
-
Is there a way to put the vlan id for a specific mac adresse in the switch?
MAC based ACL and ACL Binding (VLAN) in Cisco terms.
Again: look into your switch config. -
I just purchase a Cisco SG-300-10PP.
There is a feature to do the radius authentification for a multi-host port like an AP.I will keep you posted.
Regards,
Jonathan
