So I got farther into this... and I don't think this is what I want. Now,
when a user gets onto Internal, they are immediately asked for a
username/password while they are associating. Digging into it a little, it
looks like this new Radius I activated on PF is now being used for
authentication... I do not want this... I just want to use PF's Radius to
to VLAN switching. I want the authentication to be done via the captive
portal, and that will authenticate off of a different remote Radius server.
I could really use some hints on how to get PF's Radius to do the VLAN
switching. Hopefully this setup is not so outside the normal PF usage that
it is possible.
On Fri, Sep 14, 2012 at 2:15 PM, David Schiller <[email protected]> wrote:
> So now I'm stuck on the issue I think you were talking about with vlan
> encryption over an open wireless... what is the best solution for this?
> Are you saying we need a WPA password on Internal for this to work? I am
> trying to set that up but it's confusing with all of the options for
> authentication... which seem to conflict at times.
>
>
> On Fri, Sep 14, 2012 at 1:18 PM, Francois Gaudreault <
> [email protected]> wrote:
>
>> Hi,
>>
>> > SSID Open: people will just connect to this on vlan 96 and instantly
>> > have access (firewalled downstream to limited outgoing ports)
>> >
>> > SSID Internal: people will connect to this on vlan 95, they will see the
>> > registration portal, authenticate (via a different RADIUS server), and
>> > then they will be switched to vlan 94 and have full network access
>> >
>>
>> > Looking over your replies, I started to think that maybe the scheme you
>> > listed is more like for Guest access, they get the portal, and then
>> > users that want full network access will have to have some other type of
>> > credential and they never see a portal?
>> Correct. That's the usual flow people will do.
>>
>> In you case, if you want to have a fully open SSID, you put :
>> - OPEN
>> vlan 96
>>
>> - SECURE
>> vlan 94 backup 95
>>
>> The backup vlan is just a way to list more than one VLAN on the same SSID.
>>
>>
>> --
>> Francois Gaudreault, ing. jr
>> [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
>> (www.packetfence.org)
>>
>>
>> ------------------------------------------------------------------------------
>> Got visibility?
>> Most devs has no idea what their production app looks like.
>> Find out how fast your code is with AppDynamics Lite.
>> http://ad.doubleclick.net/clk;262219671;13503038;y?
>> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
