Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I need some help.

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 725 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      ufaforwork2 Banned
      last edited by stephenw10

      Hi everyone, My name's Thierry.
      I have currently configured 2 interfaces LAN 192.168.1.0/24 and STUDENT with 10.0.0.0/24.I have also created two captive portal instances, one for each interface.Now the plan is we have ordered a cisco SF300 24 port managed switch.We are now planing to use vlan for each interface.From the physical interfaces vlan will be untagged and backbone to different departments will go from there.While 3 ports will have tagged traffic passthrough to the Accesspoint.The Vlan will be untagged at the Unify AccessPoint with 2 SSID.One for department and one for students.
      Will this be possible?
      VLAN 100 on LAN interface.
      VLAN 110 on Students interface.
      What I want the outcome to be that each unify AP will have 2 SSID staff and student.When stafffs connect to staff ssid they will be redirected to LAN captive portal and for student SSID all traffic will go to the Student Captive portal/interface.

      1 Reply Last reply Reply Quote 0
      • S
        Syndrose
        last edited by

        We have a similar setup with a Cisco AP at our work. It has an employee SSID and a Guest SSID. When you connect to the employee SSID you are on the default VLAN which in our case is VLAN 1, and when you connect to the guest SSID your VLAN is 100. 95% of the config is going to be on the switch and the access point, Setting up VLANs on your switch and the correct ports, and setting up the VLANs on the AP. If PFSense is not handling your DHCP you will have to setup DHCP relay on whichever VLAN doesn't have a DHCP Server. Then you will have to setup firewall rules to allow/block traffic between the vlans and any other networks accessible from the PFSense router.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          "Will this be possible?
          VLAN 100 on LAN interface.
          VLAN 110 on Students interface. ทางเข้าufabet
          What I want the outcome to be that each unify AP will have 2 SSID staff and student.When stafffs connect to staff ssid they will be redirected to LAN captive portal and for student SSID all traffic will go to the Student Captive portal/interface. สมัครufabet"

          Yes this is possible without much config.  Just set your vlan IDs on your SSIDs in your unifi AP.  Your connection from your AP will be set to tag those vlans (trunked in cisco world).

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by

            The Vlan will be untagged at the Unify AccessPoint with 2 SSID.

            WiFi AP with one SSID is untagged and a WiFi AP with multi-SSID support must be tagged running.

            I would try out to secure the Guest WiFi named "Student" with the Captive Portal and vouchers divided in several different groups
            and the other WiFi network named "Staff" I would try out to secure with a Radius Server working with certificates.

            So the staff has its own WiFi (VLAN10) and security and the Guest WiFi (VLAN20) will be separated from that one.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.