MAC Filtered Guest WiFi: Linksys E1000 DDWRTv24 + pfSense possible?


  • Here's a diagram showing what I'm trying to accomplish. Everything is working except the MAC filtered guest WiFi access. I'm wondering if this is possible.

    What I'd like to do is set up some rules within pfSense that checks the MAC against a table of "known" or "trusted" MACs. If it's in the list, then you get placed on the same subnet as my server and everything else. If you're not known or trusted, you get placed on a separate subnet. This way, anyone that connects that I don't trust, they have zero access to any networked devices.

    To take it a step further, once I get this working I'm going to try to find a way to set up some DNS web filtering, bandwidth monitoring, etc.

    Does anyone know if this is possible within pfSense with what I have on hand right now?

    if not, could I get this to work if I:

    A) Set up another NIC and another wireless AP, then configured it as stated above

    or

    B) Set up a WiFi NIC and used it as a wireless AP, then configured it as stated above

    Any input is appreciated :)

  • LAYER 8 Netgate

    Just tell ddwrt to put a Wi-Fi network on the same VLAN as your main subnet.  Tell it to put your guest BSSID on another VLAN.  Create VLAN interfaces on pfSense and set whatever behavior you want.

    MACs are easily spoofable.  You don't want to use them as a security device.