Radius check for unknown devices, but direct access for known devices



  • Hi all,

    I've been playing with pfsense for a couple of months now in a vm and I liked it quite a lot. So much in fact that I'm currently building a nice standalone firewall with a couple of nics to replace my usg300. Besides this firewall building project I'm also working on the wifi in my home and I'm wondering if pfsense has the capability to give me what I'm looking for. I've got a couple of different accesspoints laying around that support radius security and I got an idea I hope you guys/girls can help me with.

    Simply put : I don't want to login the captive portal using my laptop / smartphone / tablet when I want to access my network or the internet. But when someone else wants to use my wifi they should be redirected to the captive portal where they are presented with a login page. The username / password can be as easy as guest/guest for the normal guests and maybe a personalized account for family and friends.

    I was thinking of doing it like this :

    I enter my mac addresses in the firewall and as soon as one of my devices connects to the wifi the radius server will recognize my mac address and give me access to my network without bothering me with the captive portal.
    If I buy a new phone / laptop / whatever wifi thingie I first have to enter the mac address in the firewall so the firewall will recognize my new device.
    When a trusted person comes by they have a personalized login, so they get presented with the captive portal, enter their details and of they go.
    When someone comes by that should be able to access internet, but not my internal network they can be given the guest credentials so they can login the captive portal and surf the internet.
    Lastly, the dude roaming the streets in search of free wifi access doesn't have any credentials and cannot use my wifi because it won't get past the captive portal.

    I know the captive portal can address all my needs except for the first one. Does anybody know of any way to bypass the captive portal for known devices? Currently I have to login to my own network everytime I want to use the internet on one of my wireless devices…


  • Banned

    Uhm… you missed the Pass-though MAC tab, or dunno...

    Adding MAC addresses as pass-through MACs allows them access through the captive portal automatically without being taken to the portal page.



  • Right…

    I've got no clue what so ever why I missed that... guess I could blame the language barrier ;) Tested the pass through and works like a charm, thanks !


Log in to reply