Captive Portal - multiple VLANs



  • I am trying to find out if this is possible. 
    I have a multi-port LAN setup with multiple VLANs.  From what I have read so far with Captive Port it can only be assigned to one port and that you need a VLAN just for authentication.  So if I take the a free port on my firewall and setup with a new VLAN and use it for authentication.  The user will get authenticated against a standalone freeradius server.  At that time the radius server sends the VLAN that the user will be on.  The infrastructure is already there for all the VLANs. 
    What I want to do is we have two company VLANs, a number of client vlans and 1 guest vlans?  We have two board rooms with a single network connection.  So what I would like to be able to do is authenticate the user and put them on the proper vlan.

    Gordon



  • as far as i know vlan authentication is done at switching level.
    so i would think you'd need to setup a radius server. (that might run on pfsense ?) Then you'd configure your switches to communicate by 802.1x protocol with the radius to assign the users to the assigned vlan.

    http://en.wikipedia.org/wiki/IEEE_802.1X



  • Yea the more I think about it that is the only way I am going to get it to work.  I already have the radius server setup doing authentication for my wireless and it was my intent to use it for this as well.  Just thought captive portal may have been easier but I can't think of a way to do it since I can't have multiple trunks to the firewall with the same VLANs them.


Log in to reply