Double SSID install
-
Hi all,
I've successfully set up pfsense as a captive portal, with an AP on the LAN interface (say 192.168.2.x) that, upon successful login, allows the user to go on WAN interface (say 192.168.1.x), that's my ethernet LAN and has internet access, so wifi users can have internet.
Now I have a double SSID AP (Cisco Aironet), so I'd like to change this setup a little bit: I'd like to have two SSID, INTERNAL and GUEST. People connecting to internal have to be authenticated against a LDAP server (Windows AD), and they are allowed to reach all ethernet LAN as if they were connected to the ethernet cable. Conversely, Guests will use vouchers and will be allowed to reach only a few hosts on the ethernet LAN, say default gateway and a printer.
My question is: how can I do that????
Particularly:
-
May I use either LDAP or vouchers?
-
How can I set up a different behaviour for different users
-
How can I tell pfsense that some addresses are resolved by an internal DNS on the ethernet LAN?
Thanks in advance.
-
-
Configure your access point to assign the two ssids to two VLANs. Then setup VLAN interfaces on pfSense to connect to it. That way the 'internal' and 'guest' traffic will arrive on separate interfaces so you can have different rules and CP etc.
Steve
