Captive Portal and AP with multiple SSID



  • Hello everyone,
    I need to create a captive portal on my pfsense with a RADIUS server on it and this is my situation:

    AP –> PFSENSE --> ISP

    I have not wired clients or other switchs (my ap does this function directly with is 4 ports)

    My goal is to have two ssid on my ap, one named "guests" with internet connection (via captive portal and radius server on pfsense) and the second named "users" with direct internet connection (without captive portal)
    My pfsense box has 3 nic --> 1 WAN, 2 LAN, 3 not used

    I have in mind to configure the two ssid with two different vlan, PVID 1 for users and PVID 2 for guests
    On my pfsense, I connected the ap on LAN nic and configurated the same two vlan of ap on LAN interface

    My captive portal and radius listen on pfsense LAN interface

    My question is: how can I configure pfsense box to activate the captive portal only on "guest" ssid/vlan and do direct internet access, without it, to my "users" ssid/vlan?

    thanks in advance


  • LAYER 8 Netgate

    In your Services->Captive Portal config,all of your interfaces, including the tagged VLAN interfaces will be available for selection.  Select the proper interface and save and only that VLAN will be behind the captive portal.

    Rereading, I can't tell if you created the VLAN interfaces in pfSense or not.

    First, forget VLAN 1 exists.  You are going to tag your traffic.  Avoid VLAN 1.

    Example (Assuming your LAN interface is em0):

    Users: VLAN 10

    Guests: VLAN 20

    Interfaces->Assign->VLANs

    Create VLANs 10 and 20 on your LAN physical interface

    Interfaces->Assign

    If OPT1 doesn't exist, click the '+' to add it.

    Assign LAN to interface VLAN 10 on em0
    Assign OPT1 to interface VLAN 20 on em0

    Edit LAN and OPT1 setting IP addresses, enable DHCP, etc.

    Tell your AP that the Users SSID is VLAN 10 and Guest SSID is VLAN 20

    You probably also want to tell the AP to put the wired ports on VLAN 10.

    Enable the Captive Portal on OPT1.

    There are several ways to lock yourself out of the web interface while you're doing work like this.  You might want to enable that third interface, enable DHCP, etc on a third network, and plug your laptop into it while you're doing all this.



  • Thank you very much Derelict, I'll try and let you know if it works

    Best,
    Cristian

    ps…yes, I have configured my pfsense two vlan yet



  • @ThePirat:

    Thank you very much Derelict, I'll try and let you know if it works

    Best,
    Cristian

    ps…yes, I have configured my pfsense two vlan yet

    such could you solve your problem.? If you've been able to solve what was the solution if you would be so kind. Regards.


Log in to reply