[SOLVED]Multi zones not working on opt interfaces
-
Hi, This is pfsense 2.2.6 box, here are the interfaces info.
WAN (wan) -> bge0
LAN (lan) -> bge1
TEST01 (opt1) -> bge1_vlan108
TEST02 (opt2) -> bge1_vlan109I created 2 portals, one operates on LAN interface, the other operates on TEST01 and TEST02:
zone1: LAN
zone2: TEST01,TEST02When I enable one of them only, it works well, but if I enable both of them, client will not be authorized, clients are required to login again and again, and not able to access internet.
I checked the CP status page, found client sessions exist in both zones, or maybe they were flapping in both zones.
I also tried to set up 2 zones as below, it also didn't work when both zones are enabled:
Zone1: TEST01
Zone2: TEST02May I know if we can set up multi zones between these virtual interfaces?
or do we have to create zones operating on different physical interfaces? -
Please provide your record fails the testing and certification
System logs–> System and Portal Auth
-
Not aware of any issues there, but my guess is maybe the use of tagged and untagged VLANs on the same interface. I know there are people doing multiple different zones on tagged VLANs not using the parent interface. I'd try tagging everything and running CP only on the tagged VLANs and see if that works as expected.
-
test ok. 3 vlan bind one CP
but my LAN(name:VlanLAN) no IP.Just transfer vlan traffic.
As cmb said,Your problem maybe is use of tagged and untagged VLANs on the same interface.
-
TEST1:
LAN+3vlan bind one CP, can work.TEST2:
Zone lan_cp:LAN(igb2)
Zone CP: 3VLAN(igb2)client will twice login, Refer login recorded
VLAN PC –->CP portal---->lan_cp---->internet =_=
first login URL: xxxx.xxx.xxx.xx:8003
second time login URL: xxxx.xxx.xxx.xx:8005don't use TEST2 approach and untag-tag port
-
Hi,cmb,
Yes, you are right, I should avoid using both tagged and untagged on the same interface.Hi,magura,
Now this issue has been solved, thanks for your great support! -
I suggest to set the redirection url before and after authentication
it is good also to isolate these different subnets of captive portal interfaces from eachother by using Aliase and apply this aliases in the firewall rules of each captive portal interface.
i read once but i am not sure if this is correct , Apply Captive portal always on Opt interface not LAN interfcaeBet Wishes