Captive Portal + Vlan on single LAN interface with Linksys Wireless Router
Good day to all,
Well, I have just being playing around with pfsense trying to learn about networking and network security and all that. Captive portal has been something that took my eye and I really wanted to learn more about it and what I can do with it. As a result, a thought came to mind which I was wondering, if it is possible and how do I go about setting it up.
I have already setup that Captive portal and all is working good (however more some reason, my mac won't go to the login screen like the other devices would, namely android). The following is what I had in mind:
I have a DHCP pool setup along with some static leases outside that pool. Just for first time experiments, all addresses in the pool are blocked, only static leases are allowed to access the internet. As I have need, I make the necessary adjustments. What I would like to do is, setup a VLAN with DHCP, and have certain clients fall into that VLAN instead of the main LAN. From there, I would like to setup captive portal on the VLAN while everyone else is alright and good.
So, well….is that possible? :D
*If so, how do I have certain devices go to the VLAN instead of the main LAN? (the vlan is subbed through the LAN) That VLAN, I would to be isolated from my LAN thereby 0 communication between them (don't want anyone to try and access my router or firewall now would I?)
*Is there a way to say have devices or IPs, bypass the portal as well? Think that can greatly sum up everything or at least make it easier
*Now, as I mentioned the above, I am also interested in placing my firewall and router in separate vlans as well. Again, this is just a networking novice just experimenting and testing out ideas, so forgive me ( just having some fun :) and I'm learning) so help with that, will be nice.
Thanks and I do eagerly await your responses. :)
For devices that don't need to see the captive portal, I'd put them on their own SSID and VLAN. Captive portal's are only really used in public spaces or for guests. If you know the user or the device, there's better ways to authenticate them.
However, pfsense does have an option to whitelist MAC's which authenticates a device (not a user).
You should control access to your firewall/router through firewall rules and router ACL's. The clients have to see the firewall so it can load the captive portal page.