One Captive Portal on the same network across multiple routers Speed Fusion Hub?

Hello everyone,

We have multiple pre-built kits with a BR2 Pro and BR1 Pros synergized to to it inside a case. Also in the case is a Mobility 82G and a Mobility 40G. All running cellular DWB up to a speed fusion hub in AWS. We use this to provide temporary on site WIFI access at our events.

Since the 82Gs have access points in them, we take 2x Kits and put one on each side of a room with about 200 people in it. The 2x kits get load balanced as we apply the same SSID/password and each ends up having about 75-100 people on it within an hour of the room filling up. We also put one or two in other rooms with the same SSID/password so the guests can roam freely and remain connected.

This all works great except when it comes to a captive portal. Because I can’t apply the captive portal on the Fusion Hub, every time the guest moves to another side of the room or another room entirely, they are prompted to sign into the captive portal again, we are trying to make it easier so they only have to do it once.

I know that I can bond them all to our SDX at one of our properties and apply it to that VLAN which should work, but this isn’t an option as we have events at that property constantly and don’t have the bandwidth to support 2 or 3 events at once.

I am wondering if there is another way to do this that is scalable? It would be preferred to do it in the Fusionhub or another way in AWS.

Let me know if you have any ideas!

Thanks for the help

Sounds like you need to host the captive portal alongside your fusionhub and route all traffic from fusionhub via pfsense. I haven’t played with captive portal for a while. But something like running pfsense should work.

Thank you - I will give this a try. Appreciate the input.

Last time I used it the pfSense captive portal needed to see the clients MAC address, so in other words the clients needed to be directly layer 2 connected to the pfSense appliance, routing the traffic through a L3 VPN will break that.

You could possibly build a L2 SF VPN for this to work but that might not be ideal.

For your existing setup are all the devices in the same group in InControl2 with the same portal applied, I’d think that authentication state for the clients would likely be shared across the devices in that instance, perhaps that is something Peplink could look at adding if not.