On Mar 12, 2014, at 3:37 PM, forbmsyn <[email protected]> wrote: > > I was expecting it will be switched back to Isolation vlan after 10 > minutes, so that the device can be scanned again, but it didn't happen. > > Is there anything else I need to check?
At least with PF 3.6, the maintenance task that performs expirations doesn't run every minute. If you're looking at a stopwatch waiting for exactly 10 minutes and zero seconds to pass, try being patient for a while and see if the node gets locked out again after half an hour or so. Can PF scan it on the production network without having to go through the captive portal again? If so, perhaps the best path is to run the scan on the production network and only re-quarrantine if it fails again. If you aren't letting new clients on until they are clean, you should probably also be checking "old" clients to ensure that they remain clean after registration... -Arthur ------------------------------------------------------------------------- Arthur Emerson III Email: [email protected] Network Administrator InterNIC: AE81 Mount Saint Mary College MaBell: (845) 561-0800 Ext. 3109 330 Powell Ave. Fax: (845) 562-6762 Newburgh, NY 12550 SneakerNet: Aquinas Hall Room 11 ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
