12.6. Additional Information

12.6.1. Is there any extra Captive Portal RADIUS functionality available?

Jonathan De Graeve has implemented a number of new RADIUS features for Captive Portal that will be implemented in a future beta version. For now, these features are available on test images available for download from http://inf.imelda.be/downloads/m0n0wall/.

Features currently implemented in the test images include:

  • RADIUS-defined URL redirection taking precedence over URL redirection parameter in captive portal setup page.

  • Multiple RADIUS server support

  • Failure message on captive portal login error page, plus logging to the captive portal log on why authentication failed (user account exceeded bandwidth limit, bad password, etc.).

  • Cisco-compatible feature (sending calling-station-id with clientip and called-station-id with clientmac instead of standard behavior calling-station-id and clientmac).

  • Timeout parameter and max authentication retries parameter

  • retrieval of user bandwidth settings

  • retrieval of user group

  • retrieval of session-timeout

Note

Retrieval means the variable is present and CAN be used, but there is no action bound to it yet.

12.6.2. Using Captive Portal and MAC pass-through

You can utilize Captive Portal and its MAC pass-through functionality for rudimentary MAC address restrictions.

  1. Enable Captive Portal on the desired interface (e.g. LAN) at the Services -> Captive Portal screen. Create a HTML page of your liking that does not include the submit button so the user cannot authenticate with the captive portal. Other settings can all be left at their defaults.

  2. Click the "Pass-through MAC" tab on the Captive Portal screen. Click the + to start adding permitted MAC addresses. In the MAC address box, type in the six hex octets separated by colons (e.g. ab:cd:ef:12:34:56), optionally (but recommended) enter a description, and click Save. Repeat for every authorized host on your network.