On Sat, Feb 7, 2009 at 2:31 PM, Pete Boyd petes-li...@thegoldenear.org wrote:
The captive portal has the following option:
MAC filtering - Disable MAC filtering
If this option is set, no attempts will be made to ensure that the MAC
address of clients stays the same while they're logged in. This is
required when the MAC address of the client cannot be determined (usually
because there are routers between pfSense and the clients). If this is
enabled, RADIUS MAC authentication cannot be used.
This sounds useful. It could fix the difficulty we have of requiring LAN
users, who want to add wifi in their home, that they need to use wireless
access points, not wireless routers (or wireless routers configured as
purely wireless access points, for those that support this), so that they
don't ruin our charging model. People find the technical differences hard
to understand.
It's simple to bridge wireless on almost every wireless router, just
plug in one of the LAN ports rather than the WAN/Internet port. Double
NAT is ugly and potentially problematic, so I would stay away from it
if at all possible. Disabling MAC filtering will work around it if you
really must do it that way.
So, how does pfSense track people with this option enabled? How does it work?
As it says in what you quoted above, just by IP rather than by IP and MAC.
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
