Ok, yes I do have the registration vlan declared. 1- When the registered node first connects it gets an ip address from the registration vlan, it only goes to the production vlan when I plug and unplug the network cable.
2- Sorry I may not have worded this very well. I do understand what the grace period is for. This is the situation I have on the test laptop. No antivirus, updates, antispyware on the laptop - violations triggered successfully Click enable network on each violation - laptop goes back to production vlan successfully and remediates all above problems Grace period expires on the violations and they are triggered again, even though the computer now passes the SoH checks. I can see that the computer passes all the checks if I look in the radius logs, but packetfence doesn't seem to recognise the fact that the computer now has antivirus, antispyware and all updates installed. Cheers, Andi -----Original Message----- From: Francois Gaudreault [mailto:[email protected]] Sent: 09 February 2012 16:40 To: [email protected] Subject: Re: [Packetfence-users] Violations retriggering & vlans still not quite behaving correctly Hi Andi, > This has confused me, I cannot see any reference to an unreg vlan in the > switches.conf, nor the admin guide. This is the registration vlan. > However this has made no difference. I still am put in the registration vlan > each time the PC is booted, until I unplug and replug the network cable which > then puts me in the production vlan. > Violations are still being triggered each time the laptop is outside of it's > enable network grace period, despite all violations being remediated. 1 - When you connect, what is the IP address you get from the DHCP server? What is the status of the node in PF? Don't open a browser on the connecting machine, check its IP. Is it a production IP? 2 - Grace period is the time where the violation is not triggered (ie. You have a virus, you had the remediation page, but you need to get some tools to fix it. We gave you back production network with a grace period of 10min. So in the next 10min, if you still have violations triggered for the same issue, we will discard them until the 10min is up) So it's normal when you pass that grace period, the violation is triggered. Maybe I don't understand exactly what you are trying to say here... Thanks! > > Cheers, > Andi > > -----Original Message----- > From: Francois Gaudreault [mailto:[email protected]] > Sent: 07 February 2012 17:09 > To: [email protected] > Subject: Re: [Packetfence-users] Violations retriggering& vlans still > not quite behaving correctly > > Hi Andi, > > Thanks for posting the configs. See below for the answers to your questions. > >> 721 is the production vlan (it will be many more, but that's the only one >> for now). When I look in the node information in the admin web GUI the >> unreg field is blank. > You need to specify an unreg VLAN either in the default switch > ([default]) or override the default settings in the switch section itself. > If you don't set anyting in the switch section, it will use the default value. > > Another observation, DO NOT set any vlans on the 127.0.0.1 switch. > Leave it default with : > [127.0.0.1] > type = PacketFence > mode = production > uplink = dynamic > >> >> Regarding the routed networks, I'm still not totally clear on how I should >> set the dhcp listeners. >> >> 10.1.3.10 is PF management interface >> 10.1.4.10 is PF registration interface >> 10.1.5.10 is PF isolation interface > Send a copy of the production DHCP traffic to the management interface. > IF you use routed REG or ISOL vlans, you can either direct the ip helpers > for those VLANs to the management interface OR direct the traffic to the > registration interface (for REG VLANs) or isolation interface (for ISOL > VLANs). > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ---------------------------------------------------------------------- > -------- Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers is > just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro > Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ________________________________ > >> From 1st November 2011 UWIC changed its title to Cardiff Metropolitan >> University. From the 6th December, as part of this change, all email >> addresses which included @uwic.ac.uk have changed to >> @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan >> University will now be sent from the new @cardiffmet.ac.uk address. >> Please could you ensure that all of your contact records and >> databases are updated to reflect this change. Further information can >> be found on the website >> here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx >> > > > ---------------------------------------------------------------------- > -------- Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft > developers is just $99.99! Visual Studio, SharePoint, SQL - plus > HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you > subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ________________________________ >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan >University. From the 6th December, as part of this change, all email addresses >which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent >from Cardiff Metropolitan University will now be sent from the new >@cardiffmet.ac.uk address. Please could you ensure that all of your contact >records and databases are updated to reflect this change. Further information >can be found on the website >here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
