MAC Filtering and MAC Authentication

  • Hello,

    I have an environment where wireless clients authenticate through a PfSense Captive Portal. On my first implementation I extended VLAN from PfSense to the switch where the client Access Point connects. It's a bad scenario because I extended my broadcast domain through my L3 Switches.
    On my second scenario I disabled MAC Filtering feature in the PfSense Captive Portal Zone. It is much better because is more escalable and I isolate my broadcast domain. The problem with this implementation is that in my entreprise some users authenticates automatically with MAC and others with username/password.
    My question is: does someone implemented a scenario where both MAC authentication and username/password coexists?


    Wallace Knopp de Menezes Gerheim

  • I drawn my scenario to make an easy explaning.

  • I figured a solution to take the MAC address from the DHCP lease and somehow give to the Captive Portal to authenticate through Freeradius. I still don't know how to do it but I'm walking on this way.

Log in to reply