Captive Portal enable MAC pass-through for only user login?
-
Is there a way to config the portal to be like the (title) ? The only option I see is to enable/disable this feature without specifying the target between user account login and voucher login. I got portal running just fine with authentication and all, but now I need to add voucher for guests and I don't want the portal to remember MAC of guests's used voucher.
-
Do not check :
and done ?!
Captive Portal enable MAC pass-through for only user login?
Not a user, more a device, and to be exact : the MAC of that device can be added manually to the MAC list : this device will now pass through the portal as if it isn't there.
@noctowld said in Captive Portal enable MAC pass-through for only user login?:
I don't want the portal to remember MAC of guests's used voucher.
To function, the portal uses MAC's and IP addresses of every connected device.
That how the portal firewall works.
As soon as the voucher expires, the IP (an RFC1918 anyway) and the device MAC are discarded (not stored). -
@Gertjan "As soon as the voucher expires, the IP (an RFC1918 anyway) and the device MAC are discarded (not stored)."
That isn't the case when I'm testing it on my VM (1 pfsense and 1 window), as soon as I input the voucher code, the portal saves the MAC address and still keep it after the voucher long expired. Even after a reboot of the window VM, it can still access the internet without being required to use voucher/ account.
Edit: added screenshot - voucher expired, the MAC address doesn't get auto discarded
-
-
I know, the real system has been running with it on all the time. What I want to do now is adding vouchers as a login option, but don't let the portal add voucher's MAC to auto pass, as voucher is going to be used for guests; while also let the portal add auto pass for device logging in by using accounts. In short I want: login with account (staff) -> save MAC for autopass; if using voucher instead (guest) -> don't save MAC. Currently I don't see any option for this.
If I disable Pass-through MAC Auto Entry, the portal doesn't save any MAC address at all (both voucher and account login). If I enable it (which is currently enabled), the portal save both vouchers login and account login's MAC address.
-
@noctowld said in Captive Portal enable MAC pass-through for only user login?:
If I disable Pass-through MAC Auto Entry, the portal doesn't save any MAC address at all (both voucher and account login). If I enable it (which is currently enabled), the portal save both vouchers login and account login's MAC address.
Exact, its an all or nothing option.
Like "on" or "off" for every voucher login, but also "user + password" login.Btw : a captive portal is intended to be used by 'non trusted' user that you want to offer a Internet connection.
I'm not sure what 'staffers' do in this portal network ....
Normally
staffers belong on a trusted network.
Others, like guest, kids and so on use the portal network.You probably don't have a boatload of staff, so why not enter their MAC (devices) into the portal, and be done with it. Ones in a while, you'll remove a MAC, and add another one, if needed.
What you could do :
Activate a portal network for staffers.
Activate another portal network for the other users. -
Thanks for replying.
We have about 100 users/ staffs usually on my location, most use multiple devices, with other staffs that may come and go from another branch (about 500 total if counting all branchs). The portal was intended to use for WIFI and staff only, so we hooked our pfsense with a VPN connection to our AD (which is on another location) and use it as an authentication backend. But now higher-ups want to add voucher option for guests, previously we just made an account to use exclusively for guests instead.
We do have VLANS for each departments, separately from the portal WIFI networks. Before using portal, the WIFI was more of a convenient thing (which it still kinda is), with no authentication required.
