Hi All,
Just downloaded the VM for the PF-Zen and loaded it. I can successfully get
to the Web GUI page for managing the appliance. So far very good.
Any advice as to what is the minimum configuration required to only get the
functionality of captive portal to be served for self-registration of
personal devices by students and staff of a small Public school board with
low budget. We are not looking for any NAC implementation. Just to be able
to redirect the unauthenticated users off of the HP MSM 765zl wireless to
the registration portal so as to capture their mac address and for PF to
create the mac address account in the built in free radius for subsequent
placement into a vlan restricted to Internet only. The appliance can then
use its second interface to route out the traffic that can then connect to
the DMZ interface of the firewall which will then send it out to the
Internet.
The wireless APs (MSM3xx and MSM4xx) are connected to the POE switches via
802.1Q trunk (wireless management vlan untagged and private and personal
user vlan tagged, plus any needed registration vlans will be added and
tagged) for distributed forwarding of the anything other than registration,
management and control traffic so that it does not come all the way to the
controller. The private SSID / vlan is using 802.1x with Microsoft NPS and
personal / public SSID VLAN will be using HTML / web authentication with
portal page from Packetfence.
We need to use the registration vlan at each school to get an IP address
from central location itself (since schools are connected to central
location via routed links, we can tunnel / access control this SSID so
traffic gets sent to the wireless controller, which servers dhcp address to
these clients via dhcp relay to the centralized DHCP server, which could be
packetfence). It is my understanding that if the clients on such SSID get IP
address from the packet fence or is on same subnet as packetfence interface
with PF as gateway, then PF will intercept the initial browser session and
server the registration page and subsequently registered users can then use
created mac address account in free radius to be web authenticated.
Thanks everyone and especially the fine developers at the Inverse for
contributing this excellent product to the public domain. I am sure school
can use little bit of commercial support, but may not be able to spend much.
God bless you all.
David Paul
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
