Captive Portal and AP with multiple SSID

ThePirat · Oct 31, 2014, 4:31 PM

Hello everyone,
I need to create a captive portal on my pfsense with a RADIUS server on it and this is my situation:

AP –> PFSENSE --> ISP

I have not wired clients or other switchs (my ap does this function directly with is 4 ports)

My goal is to have two ssid on my ap, one named "guests" with internet connection (via captive portal and radius server on pfsense) and the second named "users" with direct internet connection (without captive portal)
My pfsense box has 3 nic --> 1 WAN, 2 LAN, 3 not used

I have in mind to configure the two ssid with two different vlan, PVID 1 for users and PVID 2 for guests
On my pfsense, I connected the ap on LAN nic and configurated the same two vlan of ap on LAN interface

My captive portal and radius listen on pfsense LAN interface

My question is: how can I configure pfsense box to activate the captive portal only on "guest" ssid/vlan and do direct internet access, without it, to my "users" ssid/vlan?

thanks in advance

Derelict · Oct 31, 2014, 6:42 PM

In your Services->Captive Portal config,all of your interfaces, including the tagged VLAN interfaces will be available for selection. Select the proper interface and save and only that VLAN will be behind the captive portal.

Rereading, I can't tell if you created the VLAN interfaces in pfSense or not.

First, forget VLAN 1 exists. You are going to tag your traffic. Avoid VLAN 1.

Example (Assuming your LAN interface is em0):

Users: VLAN 10

Guests: VLAN 20

Interfaces->Assign->VLANs

Create VLANs 10 and 20 on your LAN physical interface

Interfaces->Assign

If OPT1 doesn't exist, click the '+' to add it.

Assign LAN to interface VLAN 10 on em0
Assign OPT1 to interface VLAN 20 on em0

Edit LAN and OPT1 setting IP addresses, enable DHCP, etc.

Tell your AP that the Users SSID is VLAN 10 and Guest SSID is VLAN 20

You probably also want to tell the AP to put the wired ports on VLAN 10.

Enable the Captive Portal on OPT1.

There are several ways to lock yourself out of the web interface while you're doing work like this. You might want to enable that third interface, enable DHCP, etc on a third network, and plug your laptop into it while you're doing all this.

ThePirat · Nov 3, 2014, 3:45 PM

Thank you very much Derelict, I'll try and let you know if it works

Best,
Cristian

ps…yes, I have configured my pfsense two vlan yet

julio_cdn · Feb 10, 2016, 4:38 AM

@ThePirat:

Thank you very much Derelict, I'll try and let you know if it works

Best,
Cristian

ps…yes, I have configured my pfsense two vlan yet

such could you solve your problem.? If you've been able to solve what was the solution if you would be so kind. Regards.