Hi Arthur, I just saw your Jan. 10 post (I optimistically keep unread digest posts in my inbox..) You've raised some very interesting points and I'm wondering if you received any replies or have any updates.
Thank you. Steve Wittstruck Colorado School of Mines On Jan 10, 2013, at 1:32 PM, Arthur Emerson III <[email protected]> wrote: > We recently rolled out PF 3.6.0 on our 500+ AP Meru > wireless network, and are now in the process of deploying > it on wired ports in a dozen dormitory buildings. VLAN > switching via CustomVLAN and user categories has been > working great, and users are able to register their devices > using AD credentials perfectly. PF is replacing an in-house > Linux-based device registration system that I cobbled > together about 10 years ago, and so far everyone is happy > with the way that it is working. > > My one disappointment so far is that the registration > skip_mode feature seems to have been lost since back at > V1.6 or so, despite the admin web interface still having > all of the settings and categories as if it was still > there and working. Searching through the list archives, > it does come up every once in a while but doesn't seem to > be a popular feature that jumps to the top of the project's > to-do list. > > On the developers list, Olivier Bilodeau suggested a hack > that was similar to what I was thinking that added a button > to the registration portal that registered the device with > a near-future unregister date/time. He noted that it > would require more code to prevent the user from using > the skip feature again once the time expired. Someone who > works here came from an organization where their NAC system > allowed guests to skip registration for a defined near-term > period, but nagged them to register every few hours. If they > didn't register by the end of their grace period, they were > sent to the registration page with no option to skip it. The > goal is to provide basic guest VLAN access to one-day visitors > (like a guest speaker), but not provide free ISP services to > the neighborhood with "permanent" guests that just keep skipping > every time their access expires. > > Stepping back a few feet, the above sounds more like it would > be better handled as a violation event rather than a registration > event. The logic behind the bandwidth overage violation seems > almost perfect, except that it doesn't present a registration > screen. Has anyone else successfully implemented a feature > like this? Is there another feature in PF that might provide > a cleaner solution? > > On a related note, our unregistered network has historically > had hundreds of unregistered devices camping on it. Many are > cell phones that people carry into our airspace configured to > automatically connect to any SSID they see, and the owners > never open a web browser or try to register them. Has anyone > come up with an automated way to send these nodes to a dead > VLAN after not registering for so long? I don't think that > it would be too complex to script a cron job to tag them with > a violation and registered to a bogus PF user account used for > these hosts, but wanted to know if there is a better way. > > Just looking for suggestions for how others are handling these > issues before I start attacking the code with custom hacks > for fixes that may have already have already been solved with > existing tools inside PF. Thanks for any pointers you can > provide... > > -Arthur > > ------------------------------------------------------------------------- > Arthur Emerson III Email: [email protected] > Network Administrator InterNIC: AE81 > Mount Saint Mary College MaBell: (845) 561-0800 Ext. 3109 > 330 Powell Ave. Fax: (845) 562-6762 > Newburgh, NY 12550 SneakerNet: Aquinas Hall Room 11 > > > ------------------------------------------------------------------------------ > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > MVPs and experts. ON SALE this month only -- learn more at: > http://p.sf.net/sfu/learnmore_122712 > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
