Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal MAC Authentication

    Scheduled Pinned Locked Moved Captive Portal
    7 Posts 4 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      Iahmad
      last edited by

      Dear all,

      i am using pfsense 2.2.3 with captive portal. i have added all legitimate MACs statically. it was aim to allowed only the MAC listed to allowed services and block all others.
      last night i saw in status->captive portal show some un-authentic mac entiries

      please see the attachment.

      screeshot showing a mac that is not in my list..
      Screenshot_2015-07-09-02-03-41-995.gif
      Screenshot_2015-07-09-02-03-41-995.gif_thumb

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        Where did you add the MAC addresses? Might be worth showing another screenshot with the MACs listed - include information of the menu/submenu where the config is made.

        I'm guessing, but I have an idea you may have entered your MAC addresses in the 'pass-through MAC' tab in the captive portal config. If so, this doesn't prevent any other MACs from accessing the portal - all this does is allow them through without having to authenticate.

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan
          last edited by

          Also:
          Please show the Captive Portal log at the moment this MAC visited your portal.

          Please detail your Captive portal setup (main settings page).

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • I
            Iahmad
            last edited by

            i am attaching more screen shot for better understanding

            i dont want users to redirect to any page, i just want to enter mac and statict entry for dhcp server and they are good to go.

            ![cap 1.gif](/public/imported_attachments/1/cap 1.gif)
            ![cap 1.gif_thumb](/public/imported_attachments/1/cap 1.gif_thumb)
            ![cap 2.gif](/public/imported_attachments/1/cap 2.gif)
            ![cap 2.gif_thumb](/public/imported_attachments/1/cap 2.gif_thumb)
            ![cap 3.gif](/public/imported_attachments/1/cap 3.gif)
            ![cap 3.gif_thumb](/public/imported_attachments/1/cap 3.gif_thumb)
            ![cap 4.gif](/public/imported_attachments/1/cap 4.gif)
            ![cap 4.gif_thumb](/public/imported_attachments/1/cap 4.gif_thumb)
            ![cap 5.gif](/public/imported_attachments/1/cap 5.gif)
            ![cap 5.gif_thumb](/public/imported_attachments/1/cap 5.gif_thumb)

            1 Reply Last reply Reply Quote 0
            • M
              muswellhillbilly
              last edited by

              I'm using an older version of pfSense but I believe the process is the same. When you enable captive portal but disable authentication, this means your users will normally be taken to a page - usually a 'fair usage' document - which they just have to click through to gain access. The MAC tab simply is a pass-through option, allowing anyone in that list to gain access without going through the CP page. Others not on the list can still gain access - they just have to click-through the CP page.

              If you want to block users on MAC address, the only way I can see you accomplishing this is by creating an alias in your firewall rules, populate it with the IP addresses you're assigning statically via DHCP and use this to create an allow rule for those IPs only, blocking everything else. If you tick 'deny unknown clients' in your DHCP server settings, you can allow only the listed MACs to get an address.

              1 Reply Last reply Reply Quote 0
              • N
                n3by
                last edited by

                You forgot to add user/pass restriction to access Captive Portal and allow automatic MAC access without user/pass as you want.

                Users without MAC in list will be ask for user / pass.

                01.jpg
                01.jpg_thumb
                02.jpg
                02.jpg_thumb

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan
                  last edited by

                  n3by is right.

                  Just activate 'Local user' login - don't add any users.
                  This way, users with a MAC on the list have access - others will just hit the portal ….

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.