Freeradius - VLAN fallback assignement
-
Hi,
Hope someone can help, had a play with both opnsense, and pfsense - and settled on the latter, however one aspect of Freeradius is missing that I cannot find.
In Opnsense, there was the option
"Enable VLAN fallback assignment"
Effectively I could use one SSID for both home users and guests etc, authenticated users would be put on the correct VLANs with the VLAN assignment, and unauthenticated users would be placed on the fallback vlan assignment.
I can't see anywhere in the PFSense GUI to do this.
Is it possible?
Thank you!
Craig
-
@cscoot Isn’t one SSID two different subnets a function of the access-point not the router?
IIRC it bases the user or guest decision on the password provided.
Is anything stopping you creating two different SSIDs and two subnets?
-
This post is deleted! -
@nogbadthebad - Thanks for your reply.
If using 802.1x authentication you can have the radius server pass back the VLAN for the authenticated user (either using username/password or MAC authentication).
This is all working as expected for authenticated users - I have one SSID thats broadcast, depending on the user or device (in the case of my IoT) it gets dropped onto the correct VLAN as it reads the radius response.
The issue I have at the moment with PFSense is I cannot seem to set a fallback VLAN for failed authentication (ie guests) - Previously in OPNSense (using freeradius) I dropped all unauthenticated users back onto a guest VLAN for segregation. However I dont seem to have the GUI option and when trying to put in the right Syntax for the advanced options, cannot seem to get it to work.
-
This post is deleted!
