MAC Filtering and MAC Authentication
I have an environment where wireless clients authenticate through a PfSense Captive Portal. On my first implementation I extended VLAN from PfSense to the switch where the client Access Point connects. It's a bad scenario because I extended my broadcast domain through my L3 Switches.
On my second scenario I disabled MAC Filtering feature in the PfSense Captive Portal Zone. It is much better because is more escalable and I isolate my broadcast domain. The problem with this implementation is that in my entreprise some users authenticates automatically with MAC and others with username/password.
My question is: does someone implemented a scenario where both MAC authentication and username/password coexists?
Wallace Knopp de Menezes Gerheim
I drawn my scenario to make an easy explaning.
I figured a solution to take the MAC address from the DHCP lease and somehow give to the Captive Portal to authenticate through Freeradius. I still don't know how to do it but I'm walking on this way.