• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Captive Portal and AP with multiple SSID

Scheduled Pinned Locked Moved Captive Portal
4 Posts 3 Posters 3.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    ThePirat
    last edited by Oct 31, 2014, 4:31 PM

    Hello everyone,
    I need to create a captive portal on my pfsense with a RADIUS server on it and this is my situation:

    AP –> PFSENSE --> ISP

    I have not wired clients or other switchs (my ap does this function directly with is 4 ports)

    My goal is to have two ssid on my ap, one named "guests" with internet connection (via captive portal and radius server on pfsense) and the second named "users" with direct internet connection (without captive portal)
    My pfsense box has 3 nic --> 1 WAN, 2 LAN, 3 not used

    I have in mind to configure the two ssid with two different vlan, PVID 1 for users and PVID 2 for guests
    On my pfsense, I connected the ap on LAN nic and configurated the same two vlan of ap on LAN interface

    My captive portal and radius listen on pfsense LAN interface

    My question is: how can I configure pfsense box to activate the captive portal only on "guest" ssid/vlan and do direct internet access, without it, to my "users" ssid/vlan?

    thanks in advance

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by Oct 31, 2014, 6:42 PM Oct 31, 2014, 6:26 PM

      In your Services->Captive Portal config,all of your interfaces, including the tagged VLAN interfaces will be available for selection.  Select the proper interface and save and only that VLAN will be behind the captive portal.

      Rereading, I can't tell if you created the VLAN interfaces in pfSense or not.

      First, forget VLAN 1 exists.  You are going to tag your traffic.  Avoid VLAN 1.

      Example (Assuming your LAN interface is em0):

      Users: VLAN 10

      Guests: VLAN 20

      Interfaces->Assign->VLANs

      Create VLANs 10 and 20 on your LAN physical interface

      Interfaces->Assign

      If OPT1 doesn't exist, click the '+' to add it.

      Assign LAN to interface VLAN 10 on em0
      Assign OPT1 to interface VLAN 20 on em0

      Edit LAN and OPT1 setting IP addresses, enable DHCP, etc.

      Tell your AP that the Users SSID is VLAN 10 and Guest SSID is VLAN 20

      You probably also want to tell the AP to put the wired ports on VLAN 10.

      Enable the Captive Portal on OPT1.

      There are several ways to lock yourself out of the web interface while you're doing work like this.  You might want to enable that third interface, enable DHCP, etc on a third network, and plug your laptop into it while you're doing all this.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • T
        ThePirat
        last edited by Nov 3, 2014, 3:45 PM

        Thank you very much Derelict, I'll try and let you know if it works

        Best,
        Cristian

        ps…yes, I have configured my pfsense two vlan yet

        1 Reply Last reply Reply Quote 0
        • J
          julio_cdn
          last edited by Feb 10, 2016, 4:38 AM

          @ThePirat:

          Thank you very much Derelict, I'll try and let you know if it works

          Best,
          Cristian

          ps…yes, I have configured my pfsense two vlan yet

          such could you solve your problem.? If you've been able to solve what was the solution if you would be so kind. Regards.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received