MAC Filtering and MAC Authentication



  • Hello,

    I have an environment where wireless clients authenticate through a PfSense Captive Portal. On my first implementation I extended VLAN from PfSense to the switch where the client Access Point connects. It's a bad scenario because I extended my broadcast domain through my L3 Switches.
    On my second scenario I disabled MAC Filtering feature in the PfSense Captive Portal Zone. It is much better because is more escalable and I isolate my broadcast domain. The problem with this implementation is that in my entreprise some users authenticates automatically with MAC and others with username/password.
    My question is: does someone implemented a scenario where both MAC authentication and username/password coexists?

    Thanks.

    Wallace Knopp de Menezes Gerheim



  • I drawn my scenario to make an easy explaning.




  • I figured a solution to take the MAC address from the DHCP lease and somehow give to the Captive Portal to authenticate through Freeradius. I still don't know how to do it but I'm walking on this way.


Log in to reply