On Sat, Jun 15, 2013 at 6:54 PM, Chris L <[email protected]> wrote: > > On Jun 15, 2013, at 2:56 AM, [email protected] wrote: > > > I am establishing my wireless connection on its own subnet for security > purposes. What I would like to do though is allow wireless devices the > ability to access the internet and the ability to authenticate to my > internal AD server. Then if a user on the wireless subnet authenticates > successfully to my AD server, allow their connection access over into my > wired subnet. Is this possible? How would I go about this? > _______________________________________________ > > List mailing list > > [email protected] > > http://lists.pfsense.org/mailman/listinfo/list > > A wireless SSID with routing/rules to your wired LAN in WPA2 Enterprise > mode authenticating against AD's RADIUS. > > A separate SSID for "guests" or those who aren't supposed to have access > to your wired LAN. You would put a specific block/reject rule in pfSense > for traffic into this VLAN interface addressed to your wired LAN. > > You might need to spend a little more for an Access Point that can present > different SSIDs and VLAN tag them out the wired interface. Something like > a Ruckus 7372 will do this handily in simultaneous 2.4 and 5Ghz for under > $500. > > As was mentioned, captive portal might also work. Does CP's RADIUS honor > firewall rules/ACLs in reply attributes? >
For openvpn and i think ipsec yes. For CP nobody requested anytime the feature from customers. > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
