Hi,
I'm running a few (6 at the moment) pfsense 1.2.3-RELEASE boxes on a
rather large scale wireless network, as border routers and firewalls
between the internet uplinks and the rest of the network. (network
background info: +600 subnets, +150 router nodes, 6 internet uplinks,
about 1000 unique mac-address clients per 24h, www.wirelessbelgie.be ,
non-profit organisation running on volunteers )
The traffic shaper is active on the pfsense boxes to allow different
internet speeds to different subnets on the network.
I'm currently using very large alias lists to manage the +600 private
subnets in the traffic shaper.
We are currently looking at switching to a captive portal + traffic
shaper + freeradius, so we can set speeds based on user/pass combination
in stead of IP subnet.
Tests are successful up till now, and we are going to switch this into
production pretty soon.
However, I have one problem:
The network contains a lot of 'dumb' devices (ipcams, sound encoders,
serial2ip, ...) which also need internet access, but have no clue on how
to log in to the captive portal.
I cannot use mac-authentication with the captive portal and the radius
server because there are routers in between the pfsense boxes and the
devices.
From what I see now the only way to allow these devices access to the
internet is to add them to the "Allowed IP" list in the captive portal.
But managing this list seperately on every box would be a lot of work. I
would prefer to use an alias containing all my allowed ip's which I can
then update through the "fetch alias list from url" package.
First Question: Is there any way to use aliases in the captive "Allowed
IP" list, or to automate managing this list in any way ? (maybe some
radius attribute I don't know about?)
Second question: Are the devices in the "allowed list" allowed to pass
through the captive portal right away, or do they need to open an HTTP
connection first to 'trigger' the captive portal logic ?
Third Question: I'm currently running 1.2.3 but switching to 2.0 would
be possible, if this would help me in this situation. What would you
guys recommend for this situation, 1.2.3 or 2.0 ?
Thanks!
Regards,
Hans
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org