Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What is the best option??

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 4 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rohbawa
      last edited by

      Hi, I am running a small ISP like network in my building. I was using simple router as DHCP server and several Access points in this network. Now I replaced router with pfsense.
      Earlier users were less so I was able to manage every user just putting mac filtering … but now users have increased and the network is getting messed up and pfsense has no simple mac filtering options like other routers but I really like the other features of pfsense its comprehensive...
      My setup:
      pfsense (as DHCP server)--->>>> switch --->>> accesspoints (20+)--->>>> users (Wifi + Wired)

      5*WAN -->>>1 LAN (gigabit)

      I am using DHCP server with static ARP to manage this network.
      Now I just read about the freeradius and other services which pfsense can manage so can you please suggest about freeradius etc...
      I just want it to be simple, easy to setup because I don't have 24 hr access to all the room where access points are located and really hard to change settings for every user...
      This network is only used for Internet!!

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        You can MAC filter with captive portal. Then unauthorized devices can get a page showing why they can't get to the Internet, and you can more easily have specific bandwidth limits for each device. Static ARP is an ok way too.

        1 Reply Last reply Reply Quote 0
        • R
          rohbawa
          last edited by

          thanks for the feedback … I checked out captive portal ...
          so I just need to specify the per user bandwidth and pass through MACs ?
          But I have a doubt if I set Pass through MACs will the those MACs skip the captive portal or there bandwidth will also be restricted too??
          and if the above is all working ... can I just disable the static ARP ??

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            @rohbawa:

            thanks for the feedback … I checked out captive portal ...
            so I just need to specify the per user bandwidth and pass through MACs ?

            Yes

            @rohbawa:

            But I have a doubt if I set Pass through MACs will the those MACs skip the captive portal or there bandwidth will also be restricted too??

            They skip the CaptivePortal Page so they do not have to enter any username/password but as far as I know they do not bypass the bandwidth limits.

            @rohbawa:

            and if the above is all working … can I just disable the static ARP ??

            Yes

            freeradius package and manage user account there. It is not too hard to configure but from what you told Mac-Passthrough solution is the easiest and fastest one.

            PS: Are your APs running ind bridge mode or do they routing/NAT ? If they do routing/NAT there will be probably a problem with CP and MAC Passthropugh but in bridge mode - no problem :-)

            1 Reply Last reply Reply Quote 0
            • S
              sash99
              last edited by

              a bit of more expansion on Nachfalke statement

              "PS: Are your APs running ind bridge mode or do they routing/NAT ? If they do routing/NAT there will be probably a problem with CP and MAC Passthropugh but in bridge mode - no problem :-) "

              depends on APs if single point then fine mac will pass through but if you have  a bridge in between such a wireless backhaul  depending on the radio it may or may not pass the mac through example: engenius will by default  but ubnt radios you have to set them to WDS mode

              1 Reply Last reply Reply Quote 0
              • R
                rohbawa
                last edited by

                All my Access points are not routing/NAT … actually the network comprise of some router which are converted to Access points eg. Dlink DIR 300 or Tplink routers ...
                and some normal access points ... in all of them DHCP server is disabled and ips of all these APs are in same subnet ... I guess in this mode I need to define only the MACs of users???

                1 Reply Last reply Reply Quote 0
                • S
                  sash99
                  last edited by

                  depends  log on with different wireless devices into your system onto the same access point at the same time and see if they come up with the same mac on both of thier ip is so then most like they will not work that way. you could  could make sure they it is set in bridge mode. otherwise you can simply only use  port 1234 and not use  wan/internet port and turn off dhcp as you already did .  that an easy  work around. if you having your mac stripped by the router.

                  does not really matter if the AP are on the same subnet I usually put mine on a different one so that user can not accidentally locate them and fudge around with them

                  1 Reply Last reply Reply Quote 0
                  • R
                    rohbawa
                    last edited by

                    thanks guys … Everything up and running ... finally i can breath easy))

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.