We have a pfSense setup with the FreeRADIUS package that authenticates folks that plug in to HP 3500yl and 2626 switches-- the set up is for a few executive office suite buildings that are linked together by fiber and all share a single 10Mb symmetric connection to the internet. 0 problems for about 15 months now--still running on 1.2-release. If you have some good managed switches, that's the way to do it IMHO.
Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com -----Original Message----- From: RB [mailto:aoz....@gmail.com] Sent: Thursday, May 07, 2009 3:16 PM To: support@pfsense.com Subject: Re: [pfSense Support] Captive Portal Question On Thu, May 7, 2009 at 15:55, Tim Dressel <tjdres...@gmail.com> wrote: > 1. What is the limitation on the number of mac-bypass entries? And is > what I am seeing expected with 300 entries? I'm sure someone will chime in with the precise ipfw limitation, but this is mostly going to be dependent on your system's performance specs - memory & CPU. > 2. If I should not be doing this with 300 clients, is anyone using > another FOSS product to do MAC authenticated control outbound from > their firewall? Possibly, but [as I hope you know] MAC filtering only keeps honest people honest, it is in no way any form of authentication. At that number of unique users, you may be better served by setting up an actual RADIUS server to do proper authentication and AAA instead of manually maintaining tables. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
smime.p7s
Description: S/MIME cryptographic signature
