Hi folks, Just an update. I built a new machine from the ground up today. Took a backup from the old machine, and just copied and pasted the 300+ mac-bypass entries into the new config file. Everything is working well, and as expected.
I'm interested though Dimitri on the switch issue. I'm connected entirely to new managed HP 2848's and 2510G-48's and I have great LAN performance. Are you doing something directly with your switches as far as authentication goes, or did you just include the switches for completeness? Finally, I'd appreciate any feedback out there on installs with counts on mac bypass entries topping a 1000 count. I am considering tying together several of my networks and would like to know what the upper end on the captive portal looks like. Thanks! On Fri, May 8, 2009 at 1:33 AM, Dimitri Rodis <[email protected]> wrote: > We have a pfSense setup with the FreeRADIUS package that authenticates folks > that plug in to HP 3500yl and 2626 switches-- the set up is for a few > executive office suite buildings that are linked together by fiber and all > share a single 10Mb symmetric connection to the internet. 0 problems for about > 15 months now--still running on 1.2-release. If you have some good managed > switches, that's the way to do it IMHO. > > Dimitri Rodis > Integrita Systems LLC > http://www.integritasystems.com > > -----Original Message----- > From: RB [mailto:[email protected]] > Sent: Thursday, May 07, 2009 3:16 PM > To: [email protected] > Subject: Re: [pfSense Support] Captive Portal Question > > On Thu, May 7, 2009 at 15:55, Tim Dressel <[email protected]> wrote: >> 1. What is the limitation on the number of mac-bypass entries? And is >> what I am seeing expected with 300 entries? > > I'm sure someone will chime in with the precise ipfw limitation, but > this is mostly going to be dependent on your system's performance > specs - memory & CPU. > >> 2. If I should not be doing this with 300 clients, is anyone using >> another FOSS product to do MAC authenticated control outbound from >> their firewall? > > Possibly, but [as I hope you know] MAC filtering only keeps honest > people honest, it is in no way any form of authentication. At that > number of unique users, you may be better served by setting up an > actual RADIUS server to do proper authentication and AAA instead of > manually maintaining tables. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
