Specific Access based on MAC or other criteria?



  • I am not sure if this is possible, but here it goes.

    I am using 1.2.3RC1, with three interfaces:  WAN, LAN, and WLAN  - everything is going smoothly.

    I have on WLAN, a TrendNet TEW-637AP.  Strictly and access point, the pfsense box is handling DHCP, and I also have captive portal enabled.  WPA2/PSK  is enabled on the TrendNet device, so that they have to enter our encryption key, and then they open up a web browser, and enter in their user name and password.  All employees need access to both WAN and LAN.  I have entered a firewall rule allowing any from WLAN to and other interface.  Since I have both encryption and the captive portal, I feel pretty safe doing this, and wireless users can access our Windows 2003 server just fine.

    Here is my question.  Occasionally we have clients who come inf or sales meetings in our conference room.  We'd like to be able to give them WAN access, so they can check email, visit our website, what have you.  However, these clients should NOT have access to the LAN network at ALL.  What is the best was to lock this down, so employees have access to the LAN, but non-employees so not.  I was intending on setting up a guest account or two in the Captive Portal User Manager, for this situation, and rotate passwords frequently on those accounts.

    Thanks,

    John



  • Best approach is to add a separate network for these visitors and lock that down.


Log in to reply