Hello
Le 2014-01-29 04:04, Frederic Hermann a écrit :
Hey Guys,
Did anyone here managed to configure packetfence 4.1 in routed VLAN
mode to work with Openwrt wireless access points ?
I did follow the guidelines provided here:
http://www.packetfence.org/news/2013/article/packetfence-now-supports-hostapd.html
with a few changes , as the uci parameters shown in this page seems
wrong (using uci add_list instead of uci add)
It should be different for your access point, uci add
wireless.@wifi-iface[0].macfilter=2 is not working in my access point.
root@OpenWrt:~# uci add_list wireless.@wifi-iface[0].macfilter=2
root@OpenWrt:~# uci add wireless.@wifi-iface[0].macfilter=2
Usage: uci [<options>] <command> [<arguments>]
Commands:
batch
export [<config>]
import [<config>]
changes [<config>]
commit [<config>]
add <config> <section-type>
add_list <config>.<section>.<option>=<string>
del_list <config>.<section>.<option>=<string>
show [<config>[.<section>[.<option>]]]
get <config>.<section>[.<option>]
set <config>.<section>[.<option>]=<value>
delete <config>[.<section>[[.<option>][=<id>]]]
rename <config>.<section>[.<option>]=<name>
revert <config>[.<section>[.<option>]]
reorder <config>.<section>=<position>
Options:
-c <path> set the search path for config files (default: /etc/config)
-d <str> set the delimiter for list values in uci show
-f <file> use <file> as input instead of stdin
-m when importing, merge data into an existing package
-n name unnamed sections on export (default)
-N don't name unnamed sections
-p <path> add a search path for config change files
-P <path> add a search path for config change files and use as default
-q quiet mode (don't print error messages)
-s force strict mode (stop on parser errors, default)
-S disable strict mode
-X do not use extended syntax on 'show'
(I can send you the changes if anyone interested, or if someone at
inverse want to update the procedure).
However, once done, and radius secret configured, we have some issue
with the vlan configuration on the AP and the dhcp configuration.
We intend to use the AP as routers, not just switches, to be able to
use separate ipv4 networks, however it seems that the dynamic vlan
configuration is not working well with a local dhcp server.
Isolation and registration vlan are 2 separate ipv4 network, so why
don´t you use this network as layer 2 network (packetfence is the dhcp,
dns, default gateway of these 2 networks) and when the device is
successfully register then you send another vlan id where you have your
own dhcp, gateway .... ? or maybe i don´t understand your setup.
So my question is : should I manually (and statically) configure the
registration and isolation vlans on openWRT ? How would pf interact
then with openwrt when a connecion request arrive?
Yes you should but packetfence must receive the dhcp traffic and each
time a device try to connect to your ssid then you receive a radius request.
Fabrice
Cheers,
Fred
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
