Thanks! I really appreciate the assistance.
Jake Sallee Godfather of Bandwidth Network Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________________ From: Olivier Bilodeau [[email protected]] Sent: Monday, February 13, 2012 8:59 AM To: [email protected] Subject: Re: [Packetfence-users] Cisco causing me headaches ... again ... On 07/02/12 10:45 AM, Sallee, Stephen (Jake) wrote: > OK! So! Due to our Cisco hardware not being capable of dynamic vlan > assignment while in HREAP mode we will most likely not be able to use the > vlan assignment feature in PF. Cisco has stated that the ability may be > available in the future but not now. > FYI I just documented the limitation in our pf::SNMP::Cisco::Aironet and pf::SNMP::Cisco::WiSM (same as WLC) modules. Thanks for letting us know. > To that end we have devised a workaround that involves statically assigning > the vlan based on the SSID. We need to disable the vlan assignment feature > in PF and we would also like to change the violation feature's behavior from > placing the user into a isolation vlan (which is now impossible ... thanks to > Cisco) to simply denying them access completely. > > If any one has done something like this please share your experiences. As Francois said off-list (pasting it here for future reference): > > I might have an idea. We did that at another client facilities. In fact, > two options: > - Modify vlan/custom.pm to return nothing if the request comes from a > particular AP ($node_info->{'last_switch'} eq 'someip') > - Modify radius/custom.pm to bump the tunnel attributes if we receive say > VLAN id 9999. In switches.conf, we would set vlan 9999 for the AP. > > It might do what you want if I assume that you won't do registration or > isolation on that particular AP. Regards, -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
