Hello Olivier, Thanks for the reply and the (essential) overview ; will take a look at the mailing list archives for this. I went to mtn.inverse.ca, didn't find the docs/ dir but grabbed what seemed to be an updated copy of the admin guide.
Our WAP is set up two 'regular' 802.1x vlans (28 & 32) which I'd like to keep entirely separate from PF ; they should authenticate against radius and either accept or kick out the user depending on the validation. I also have a separate, unsecured vlan (5) which I'd like PF to monitor (as it likes to) ; it's an unsecured vlan which PF should deal with as usual - validating and registering users via captive portal, etc. However, running radius in debug mode shows the PF rlm_perl_packetfence module being called for *all* vlans and legitimate normal users of those vlans (28 & 32) being kicked out as invalid. That is, radius first accepts them then the rlm_perl_packetfence module rejects them. I don't understand this as I have checked the PF config (many times) and the non-PF vlans are nowhere entered into the PF config. Likewise for the PF setup for radius ; I've followed the recipes (both new and old) but rlm_perl_packetfence seems to be being called for everything. By-the-way, PF should be *only* monitoring vlan 5, so I've entered '5' into both the VLAN_GUEST and VLAN_NORMAL config vars in the module. It won't allow me to leave VLAN_GUEST blank ... Thanks again for the feedback. I realise that the above is a vague description - hoping that you might be able to cast an educated eye towards it and spot something obvious ... Best wishes, Chris On Wed 20.Oct'10 at 11:41:41 -0400, Olivier Bilodeau wrote: > Hi Chris, > > On 14/10/10 8:45 AM, cg wrote: > > Hello List, > > > > Posting this in hopes that someone can clarify a configuration issue > > I've been struggling with for the past two weeks. > > > > I have PacketFence working well with our wired switches - the captive > > portal is presented, authentication is performed, vlans are changed > > correctly, etc. I'm now working on the wireless side of things, with a > > Cisco Air-AP1252AG (Cisco::Aironet_1250), set up according to the PF > > docs (checked multiple times) but, seemingly, not sending the proper > > traps to PF. We want a captive portal here, as well, for our 'open' > > SSID. > > Wireless doesn't rely on traps, it relies on performing the > authentication with FreeRADIUS (hosted on PacketFence) and having it > return a VLAN value to the client. Then the WAP makes this client be in > that VLAN. > > I think some aspects of the admin guide were updated lately, grab a copy > of the latest guide (ODT open document format) from our code repository: > mtn.inverse.ca look inside docs/ > > Remember: no traps and it is a completely different way of thinking than > wired with port-security. Searching the mailing list archives will help > you as well. > > Cheers! ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
