Hi Saqib,
You will have to define a second (custom) isolation vlan for the guests.
Make sure you add it in conf/switches.conf as a customVlan (i.e.
customVlan1 = <custom isolation vlan id> ).
Then you need to override the getViolationVlan method in
lib/pf/vlan/custom.pm.
See lib/pf/vlan.pm for the default implementation.
Basically you must assign the vlan based on connection_type.
For example if you guest ssid uses MAC authentication you could put
something like this in vlan::custom::getViolationVlan :
if (( $connection_type & $WIRELESS_MAC_AUTH ) == $WIRELESS_MAC_AUTH ) {
$vlan = "customVlan1";
}
Hope that helps,
Louis
On 2013-02-06 8:42 AM, Saqib Haleem wrote:
> Hi
>
> i am using standalone Cisco 1242 Access points without any controller.I
> have implemented Packetfence for wireless clients by creating two SSIDs. one
> SSID is named as "Private-WIFI" and another is "Guest-WIFI".
> Now as per provided network configuration guides, i have created 2 VLANs i.e
> registration and backup guest vlan for "Guest-WIFI". similarly i created
> isolation and baclup normal vlan for "private-WIFI" SSID. Now users
> connected with "Private-SSID" are automatically placed in isolation vlan if
> they perform any violation like P2P application use.
> But i can not do same for guests which are connected with "Guest-WIFI" .
> they can not be placed in isolation vlan, on violation. Reason is that i
> can not use same VLAN i.e (isolation vlan) on multiple SSIDs. vlan can be
> associated with only one SSID at the same time as per CISCO. Can any body
> provide me solution for placing wireless guests as well as private user in
> isolation vlan upon any violation.
>
> Best Regards
> Saqib
>
> Disclaimer: This email and any attachments may contain confidential material
> and is solely for the use of the intended recipient(s). If you have received
> this email in error, please notify the sender immediately and delete this
> email. If you are not the intended recipient(s), you must not use, retain or
> disclose any information contained in this email. Any views or opinions are
> solely those of the sender and do not necessarily represent those of National
> Centre for Physics (NCP). NCP does accept responsibility for any errors or
> omissions that are present in the message, or any attachment, that have
> arisen as a result of email transmission.
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Louis Munro
[email protected] :: +1.514.447.4918 *125 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu)
and PacketFence (www.packetfence.org)
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
