Captive Portal and AP with multiple SSID
-
Hello everyone,
I need to create a captive portal on my pfsense with a RADIUS server on it and this is my situation:AP –> PFSENSE --> ISP
I have not wired clients or other switchs (my ap does this function directly with is 4 ports)
My goal is to have two ssid on my ap, one named "guests" with internet connection (via captive portal and radius server on pfsense) and the second named "users" with direct internet connection (without captive portal)
My pfsense box has 3 nic --> 1 WAN, 2 LAN, 3 not usedI have in mind to configure the two ssid with two different vlan, PVID 1 for users and PVID 2 for guests
On my pfsense, I connected the ap on LAN nic and configurated the same two vlan of ap on LAN interfaceMy captive portal and radius listen on pfsense LAN interface
My question is: how can I configure pfsense box to activate the captive portal only on "guest" ssid/vlan and do direct internet access, without it, to my "users" ssid/vlan?
thanks in advance
-
In your Services->Captive Portal config,all of your interfaces, including the tagged VLAN interfaces will be available for selection. Select the proper interface and save and only that VLAN will be behind the captive portal.
Rereading, I can't tell if you created the VLAN interfaces in pfSense or not.
First, forget VLAN 1 exists. You are going to tag your traffic. Avoid VLAN 1.
Example (Assuming your LAN interface is em0):
Users: VLAN 10
Guests: VLAN 20
Interfaces->Assign->VLANs
Create VLANs 10 and 20 on your LAN physical interface
Interfaces->Assign
If OPT1 doesn't exist, click the '+' to add it.
Assign LAN to interface VLAN 10 on em0
Assign OPT1 to interface VLAN 20 on em0Edit LAN and OPT1 setting IP addresses, enable DHCP, etc.
Tell your AP that the Users SSID is VLAN 10 and Guest SSID is VLAN 20
You probably also want to tell the AP to put the wired ports on VLAN 10.
Enable the Captive Portal on OPT1.
There are several ways to lock yourself out of the web interface while you're doing work like this. You might want to enable that third interface, enable DHCP, etc on a third network, and plug your laptop into it while you're doing all this.
-
Thank you very much Derelict, I'll try and let you know if it works
Best,
Cristianps…yes, I have configured my pfsense two vlan yet
-
Thank you very much Derelict, I'll try and let you know if it works
Best,
Cristianps…yes, I have configured my pfsense two vlan yet
such could you solve your problem.? If you've been able to solve what was the solution if you would be so kind. Regards.