Hi Mark,
I've played some with Custom VLAN's too.
Did you associate 'Printers' with CustomVlan5 using the GUI NODE/categories or
command line 'pfcmd pf nodecategory'?
Steve
On Jul 17, 2012, at 9:52 AM, Mark Holmes wrote:
> Hi all,
>
> I am trying to have PF assign a customVLAN based on the node category.
>
> I have edited vlan/custom.pm, uncommenting the lines in the example that
> should enable this functionality and restarted packetfence but nothing
> happens - ie the correct VLAN is not applied to the node, it just stays in
> the normal VLAN and nothing in the packetfence.log to say that it's
> attempting to put the node into the correct VLAN for the category.
>
> The code to apply a bypass VLAN is working correctly. Is there something
> else I need to do to enable the VLAN to be set according to category. Note I
> have defined customvlan5 in the switch config in packetfence and restarted
> services. Is there another step I am missing?
>
> The relevant part of my custom.pm is below.
>
> Grateful for any ideas...
>
> Thanks,
>
> Mark
>
>
>
> sub getNormalVlan {
> # #$switch is the switch object (pf::SNMP)
> # #$ifIndex is the ifIndex of the computer connected to
> # #$mac is the mac connected
> # #$node_info is the node info hashref (result of pf::node's
> node_attributes on $mac)
> # #$conn_type is set to the connnection type expressed as the constant in
> pf::config
> # #$user_name is set to the RADIUS User-Name attribute (802.1X Username or
> MAC address under MAC Authentication)
> # #$ssid is the name of the SSID (Be careful: will be empty string if
> radius non-wireless and undef if not radius)
> my ($this, $switch, $ifIndex, $mac, $node_info, $connection_type,
> $user_name, $ssid) = @_;
> my $logger = Log::Log4perl->get_logger();
> #
> # # custom example: admin category
> # # return customVlan5 to nodes in the admin category
> if (defined($node_info->{'category'}) && lc($node_info->{'category'}) eq
> "Printers") {
> return $switch->getVlanByName('customVlan5');
> }
> #
> # # custom example: simple guest user
> # # return guestVlan for pid=guest
> # if (defined($node_info->{pid}) && $node_info->{pid} =~ /^guest$/i) {
> # return $switch->getVlanByName('guestVlan');
> # }
> #
> # # custom example: enforce a node's bypass VLAN
> # # If node record has a bypass_vlan prefer it over normalVlan
> # # Note: It might be made the default behavior one day
> if (defined($node_info->{'bypass_vlan'}) && $node_info->{'bypass_vlan'} ne
> '') {
> return $node_info->{'bypass_vlan'};
> }
> #
> # # custom example: VLAN by SSID
> # # return customVlan1 if SSID is 'PacketFenceRocks'
> # if (defined($ssid) && $ssid eq 'PacketFenceRocks') {
> # return $switch->getVlanByName('customVlan1');
> # }
> #
> return $switch->getVlanByName('normalVlan');
> }
>
>
>
>
>
>
>
>
>
> Nuffield College is a Registered Charity No. 1137506. Registered Office:
> Nuffield College, New Road, Oxford, OX1 1NF
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
