Captive Portal Auto Mac Entry on per user group basis and few other questions

  • Hi All,

    I am new to pfsense and have few questions please:

    1. If I have a single interface for the LAN side, can I use VLANs and then have a portal on per VLAN basis? My requirement is to have two types of users, one where students have their user account to first time login, accept terms and then their mac address is saved for next time onward to not see splash oage. This works. Then we have Guests that need to use same portal, using a generic password of the day and they will have session timeout and their mac address will not be saved. They will also have slower speeds than students.

    2. Ideally I will like to use the same SSID and based on the username or user group, the mac address will be cached or not. While it is okay to have even two physical interfaces for running two separate captive portals, but I will like to avoid two SSIDs. 802.1x authentication is not in works as that does not let display the AUP page even if it is once per start of the session.

    3. If I use the built-in GUI for the management of Freeradius package, can I get the radius accounting to allow set speeds and daily bandwidth quotas?

    4. After every semester, is there an easy way to purge all saved mac addresses? If not available in GUI, is there a location for a file in the filesystem that I can use to delete this cache?


  • Hello All,

    1 & 2. I did more research and it seems I can use a single physical interface, add required VLANs / subinterfaces and then run multiple portals. With this I can then achieve my two SSIDs running on the same NIC, but with two SSIDs and with each portal having different settings to save the device mac address for subsequent logins, or not.

    I can also use a single SSID but use username / password for students to save their mac address and then use vouchers for guests (easier for Guests to only type in one thing and not two) and then if I set expiry for say 10 hours and the mac address of guest device saved (as is the case with regular CP students), is there a mechanism for mac address to get purged based on expiry time of the voucher?

    1. I tested the radius defined speeds and bandwidth caps to be working.

    2. I have not yet found a file that will contain the cached mac addresses.

    One other thing that I found is that there is no mechanism to see who all are logged in. Captive Portal will only show first time when a student used the device to login using their account and after that their mac address is saved and next time, it uses that mac address, but then does not show their login status.

    Only way is to check dhcp lease status, which does show Online or offline status, but then it only shows the hostname / computer name, not the actual username that enrolled that device in. Am I missing something here? Is there an add-on package available that will show the Online users and then also be able to see their utilization etc.?

    Any help will be highly appreciated.


Log in to reply