Managing pfSense find out I do not have solution for block a device on one of my networks by its mac address. Only solution i found is to set static ip on the dhcp and later block it by firewall rules, but that way I dont think that is the best solution for me .
Because on my scenario on that network i have couple APs with differents SSID NETWORKS but on same dhcp but this is another issue and trying to figure out.
Wifi is over omada controller but i want pfsense to handle the ip asignation and rules I personally trust it more than omada .
So if I block that device to acces that network then iit doesn’t acces at all and I don’t want that acces a specific SSID on that network
You cannot apply rules in pfSense based on MAC address. You can configure the device in question to use a static IP address or set up a static DHCP binding and then block based on IP address. Or you can prevent the device from connecting to the wireless network altogether by setting up MAC filtering on the WiFi. Either way, you’re merely adding convenience, not security. MAC addresses are easily spoofed.
If you look at the problem the other way and only allow authorised devices onto the network then you can use RADIUS on pfSense to access the network, then it’s easy to revoke access if you need to. RADIUS works well with the omada controller.
The paid version of pfSense has “Ethernet Rules” I have been testing these rules for blocking the kids cell phones at night with their MAC addresses being blocked.
Another way of controlling one set of users while letting other users to access the internet is to use a schedule.
If you were to dump your children on their own vlan, then you can control access to the WAN with a rule including a schedule but also allow access to the LAN if they needed to for example at the same time. Users on other vlans obviously would be unaffected.
Another benefit would be for that vlan to use a more restrictive DNS provider blocking porn etc.
Thank to all you guys. That take the time to respond and give some choices bit still on the same page probable did not explained my self well. I will ut it together in the different way for you guys to understand and give me better solutions
I am late to the party, but I would handle this through VLANs. I have different SSIDs tied to different VLANs, and then specific firewall rules for each VLAN. I actually have 7 different SSIDs in my home, each with a unique password. For the phone in question only provide the SSID for the VLAN it is allowed to access, and lock down that VLAN as appropriate in your pfsense firewall rules. With this approach, pfsense can provide separate DHCP servers for each VLAN.
I have that too, but just 4, I have a little headache to pass the VLANs to the TPLink Omada Controller that also i was able to block the device here already by MAC on the controller interface, I am on the process of assign each VLAN to the SSIDs and have more control .
Thanks for this solution I’m trying to implement it longtime ago i will study how to control the VLAN in question for the SSID and block it at certain times .
Maybe Omada makes it harder than it needs to be? I have an inexpensive TPLink WAP ( TL-WA3001) and it supports 4 SSIDs per band (8 total). My set up is pretty simple: WAN–>pfSense–>managed switch–>WAP. I put all my non critical stuff (ring cameras, Ring alarm, wifi connected appliances, printer, TVs, etc. on the 2.4ghz network. PCs go on the 5ghz network. Yes, I have to plug in my laptop to the network to manage the switch and the WAP, but once done, those don’t require a lot of my attention
