Implementing Pf-sense Captive portal in Our Corporate Network

steelmax11136

Dear All, (Network diagrams attached)

I am trying to implement a wireless network on my corporate environment using, Authentication by Domain Controller windows AD & Radius on same Server as well with Pfsense Captive Portal! I have done that successfully in my testing zone!

ABOUT My Corporate Network:
Our Corporate network is pretty much complicate to me. Its back-end is powered by a Linux DHCP, Squid Proxy, Cisco Firewall & Layer 3 Switch (Core Switch) which has 19 Vlans and all Vlans are trucked and distributed over the network using manageable Dlink switches. Vlans are 5 to 95 and the Vlan I'm intended to use is Vlan10 which is configured in the Layer 3 Switch as a 'Guest Vlan'.
Vlan5 is for Data Center, which gives IP range: 192.168.1.xxx & Vlan10 (GuestVlan) IP is 192.168.2.xxx! And goes so on according to VlanID!
Our Network is more like a Campus Area Network. We have 5 separate building in the city connected by Fiber Optic Cable Provided by 3rd Party. So Vlan10 will be distributed across the network as like other Vlans through trunk ports!

So bellow noted points are what I intended to achieve! So Please could you please tell me whether this is possible & if so please give me some info or link me where I can get it!

I want the Output from pfsense should give:

1.    LAN only Vlan10
2.    LAN output Vlan tagging and trucking enabled to distribute across the network
3.    Pfsense should be able to talk Windows AD & Radius Server Which are in Vlan5
4.    Any user connected to Vlan10 should pass through captive portal & radius Server
5.    Do I need Dual WAN eg: Vlan5 & Vlan10

Thanks for your time & Help! Plz Expain step by step  :) note: All win servers are 2003 SP2. I've attached Core-network diagrams for more clearing!
.jpg)
.jpg_thumb)
.jpg)
.jpg_thumb)

fluca1978

@steelmax11136:

1.    LAN only Vlan10
2.    LAN output Vlan tagging and trucking enabled to distribute across the network

PfSense can do VLAN on a single interface, and I did a configuration with two vlans over the same network card since 1.2.3.

@steelmax11136:

3.    Pfsense should be able to talk Windows AD & Radius Server Which are in Vlan5

I know there is a radius authentication, but I never used it and I don't think there is anything that can login against a windows domain, while there is ldap authentication.

@steelmax11136:

4.    Any user connected to Vlan10 should pass through captive portal & radius Server

Captive can be associated to any interface you want, I haven't tried with a vlan interface but it should work.

@steelmax11136:

5.    Do I need Dual WAN eg: Vlan5 & Vlan10

You can use a single interface for vlans.

steelmax11136

Dear fluca1978 ,

Thanks for your reply.

@fluca1978:

@steelmax11136:

1.    LAN only Vlan10
2.    LAN output Vlan tagging and trucking enabled to distribute across the network

My question here is: If WAN come from a Vlan given by CoreSwitch will I be able to make output from LAN to give Same VlanID & DHCP given by CoreSwitch + with Captive portal?

@steelmax11136:

3.    Pfsense should be able to talk Windows AD & Radius Server Which are in Vlan5

Dear its possible since I succeeded in testing environment but was without vlans…
My question here is that how I am gonna make Pf-sense talk windows AD which is in vlan5 to since Pf-sense is in vlan10.
***Note: I know how to setup captive portal to authenticate against win AD. I just don't know how to link the in a vlan trucked environment.

@steelmax11136:

5.    Do I need Dual WAN eg: Vlan5 & Vlan10

I really have no Idea on how to make and use single interface for vlans can you plz give me a link to a guide for these steps.
Is that I can use single WAN or Do I have to Use Dual WAN. To make pf communicate Vlan 5 & Vlan10?

I thank you for your valuable time. Thank You a lot!  :)