[prev in list] [next in list] [prev in thread] [next in thread]
List: pfsense-discussion
Subject: Re: [pfSense] Wireless and Wired subnets
From: Ermal_Luçi <eri () pfsense ! org>
Date: 2013-06-17 9:32:14
Message-ID: CAPBZQG3FiD26Vnj5qM-it-m_nhD07rsY8B6gUwj_YBPv3TYgYA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Sat, Jun 15, 2013 at 6:54 PM, Chris L <cjl@viptalk.net> wrote:
>
> On Jun 15, 2013, at 2:56 AM, pfuser@hushmail.com wrote:
>
> > I am establishing my wireless connection on its own subnet for security
> purposes. What I would like to do though is allow wireless devices the
> ability to access the internet and the ability to authenticate to my
> internal AD server. Then if a user on the wireless subnet authenticates
> successfully to my AD server, allow their connection access over into my
> wired subnet. Is this possible? How would I go about this?
> _______________________________________________
> > List mailing list
> > List@lists.pfsense.org
> > http://lists.pfsense.org/mailman/listinfo/list
>
> A wireless SSID with routing/rules to your wired LAN in WPA2 Enterprise
> mode authenticating against AD's RADIUS.
>
> A separate SSID for "guests" or those who aren't supposed to have access
> to your wired LAN. You would put a specific block/reject rule in pfSense
> for traffic into this VLAN interface addressed to your wired LAN.
>
> You might need to spend a little more for an Access Point that can present
> different SSIDs and VLAN tag them out the wired interface. Something like
> a Ruckus 7372 will do this handily in simultaneous 2.4 and 5Ghz for under
> $500.
>
> As was mentioned, captive portal might also work. Does CP's RADIUS honor
> firewall rules/ACLs in reply attributes?
>
For openvpn and i think ipsec yes.
For CP nobody requested anytime the feature from customers.
>
> _______________________________________________
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
[Attachment #5 (text/html)]
<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, \
Jun 15, 2013 at 6:54 PM, Chris L <span dir="ltr"><<a href="mailto:cjl@viptalk.net" \
target="_blank">cjl@viptalk.net</a>></span> wrote:<br> <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><br> On Jun 15, 2013, at 2:56 AM, <a \
href="mailto:pfuser@hushmail.com">pfuser@hushmail.com</a> wrote:<br> <br>
> I am establishing my wireless connection on its own subnet for security \
purposes. What I would like to do though is allow wireless devices the ability to \
access the internet and the ability to authenticate to my internal AD server. Then if \
a user on the wireless subnet authenticates successfully to my AD server, allow their \
connection access over into my wired subnet. Is this possible? How would I go about \
this? _______________________________________________<br>
<div class="im">> List mailing list<br>
> <a href="mailto:List@lists.pfsense.org">List@lists.pfsense.org</a><br>
> <a href="http://lists.pfsense.org/mailman/listinfo/list" \
target="_blank">http://lists.pfsense.org/mailman/listinfo/list</a><br> <br>
</div>A wireless SSID with routing/rules to your wired LAN in WPA2 Enterprise mode \
authenticating against AD's RADIUS.<br> <br>
A separate SSID for "guests" or those who aren't supposed to have \
access to your wired LAN. You would put a specific block/reject rule in pfSense for \
traffic into this VLAN interface addressed to your wired LAN.<br>
<br>
You might need to spend a little more for an Access Point that can present different \
SSIDs and VLAN tag them out the wired interface. Something like a Ruckus 7372 will \
do this handily in simultaneous 2.4 and 5Ghz for under $500.<br>
<br>
As was mentioned, captive portal might also work. Does CP's RADIUS honor \
firewall rules/ACLs in reply attributes?<br></blockquote><div><br></div><div \
style>For openvpn and i think ipsec yes.</div><div style>For CP nobody requested \
anytime the feature from customers.</div> <div> </div><blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div \
class="HOEnZb"><div class="h5"><br> \
_______________________________________________<br> List mailing list<br>
<a href="mailto:List@lists.pfsense.org">List@lists.pfsense.org</a><br>
<a href="http://lists.pfsense.org/mailman/listinfo/list" \
target="_blank">http://lists.pfsense.org/mailman/listinfo/list</a><br> \
</div></div></blockquote></div><br></div></div>
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic