Guest Wireless Advice
I’m after a bit of advice. Our school let’s pupils bring in their own laptops to work on if required, likewise staff like connecting there iPhones etc, to the wireless. For this reason we use Cisco access points. The 4410N which supports up to 4 SSIDS.
We have 2 SSIDS being broadcast – 1 called school which is secured using WPA2 and is on the default VLAN which we use for trusted school devices. The other SSID is called open- and is open and is tagged on a VLAN and at present goes nowhere…..
What we want to do it take the VLAN so that when users connect to it they are presented with a webpage to login with their school credentials. Ideally the product needs to be free and not require them to set a proxy on their computers.
I've attached an image of what I'm trying to achieve - hopefully it will clear it up a bit!
You need to setup WPA2-Enterprise with and make one of your DCs a RADIUS server - theres a few guides here on here if you run a quick search.
we have done something similar, i used a linux box two lan cards one on our lan one on the open vlan with Apache to host the wpad.dat DHCP to give out addresses and Squid to act as a proxy all requests were forwaded to proxy.swgfl.org.uk. you could get the squid box to act as a transparent proxy though i never got this to work. by having the wpad file if detect settings automatically is ticked it works. in Squid you can set up the ACLs to require authentication against an AD group.
I provide guest access using a box running pfSense (really a VM), it has an external connection and one to the guest/visitor VLAN.
I'm using pfsense 2.0, it's setup to authenticate against AD and has squid running in transparent mode with an upstream proxy configured. The Captive Portal service prompts users for their AD login, all seems to work well :)
Hi Natm could you give me some instructions on how you set this up as we are struggling to get Pfsence to work without the cd thanks in advance