Hi Derek,
thank you for the clarification. I fixed the DHCP problem after Fabrice's
answer, I put in the guest network a dedicated DHCP server. Now I'm sure, after
registration (VLAN 20 in the lab) clients are deauthenticated and reconnected
in the guest VLAN (VLAN 15 in my lab) and they can surf the Internet. All the
actions are correctly showed on PF's interface. I'm working with an old Win XP
client at the moment, as suggested by Thomas I will try some other types
(Apple, Linux and so on) to verify if I have the same problem. Anyway, to
obtain statistically significant results I need to put the system in
production. I will update you.
Thanks
Luca
From: [email protected]
Date: Wed, 16 Apr 2014 15:47:28 -0400
To: [email protected]
Subject: Re: [PacketFence-users] Virtual WLC integration
Guys,
Looks like we’re talking about two different issues now.
- DHCP on guest network (after PacketFence workflow for registration)- Issue
with de-auth on a Cisco WLC after successful registration.
As Fabrice said, DHCP on a guest network (which we usually call “a production
network”) is not something that comes by default with PacketFence. You will
need, again as Fabrice said, to create a new dhcpd instance on the PacketFence
server for that purpose.
Just to make sure that we are not running into the de-auth issue (as mentioned
by Thomas), can you please check on the WLC after a successful registration in
which VLAN the client is sitting ?
Cheers!dw.
--
Derek [email protected] :: www.inverse.ca+1.514.447.4918 (x110) ::
+1.866.353.6153 (x110)Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and
PacketFence (www.packetfence.org)
On Apr 15, 2014, at 9:16 PM, Thomas Tsai <[email protected]> wrote:Few
issues that surfaced. 1) I noticed that some clients would fall off the
network randomly depending on the client. I think, specifically Apple
devices2) I noticed that some clients wouldn’t deauth correctly (but not
all). Cisco intentionally opened the case due to my complaint. If you contact
cisco regarding this bug, they should be able to confirm whether this is
affecting you. My understanding is that it should, because the virtual wlc
trails behind in firmware. From: luca comes [mailto:[email protected]]
Sent: Tuesday, April 15, 2014 12:03 AM
To: [email protected]
Subject: Re: [PacketFence-users] Virtual WLC integration Hi Thomas,
I made some tests and it seems working fine. At the moment I created a simple
lab with only the guest vlan (plus registration and isolation) and one open
ssid. The WLC put clients in registration vlan, after authentication they are
disconnected and then they reconnect in the correct vlan. I have only one
problem, the browser doesn't understand the reconnect phase and I must restart
it after authentication. How did you discover the bug? I can try to replicate
in my lab.
LucaFrom: [email protected]
To: [email protected]
Date: Sat, 12 Apr 2014 00:50:19 +0000
Subject: Re: [PacketFence-users] Virtual WLC integrationHey Luca, You sure the
RFC3576 deauth happens correctly? I don’t think they fixed that until v7.5. I
had to have engineering give me special builds for 7.4.110.1 and 7.4.110.2 to
address this back in the day… this may be causing some of your issues.
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCud14147
I have an older PF thread about this somewhere…. <image001.png> From: luca
comes [mailto:[email protected]]
Sent: Friday, April 11, 2014 7:48 AM
To: [email protected]
Subject: Re: [PacketFence-users] Virtual WLC integration Ok I will try.
Thanks
LucaDate: Fri, 11 Apr 2014 10:19:41 -0400
From: [email protected]
To: [email protected]
Subject: Re: [PacketFence-users] Virtual WLC integrationYes, you can, just add
a packetfence network interface in this vlan and create your own instance of
dhcpd.
Regards
Fabrice
Le 2014-04-11 09:20, luca comes a écrit :Hi Fabrice,
thank you for your quick answer. So If I understand do I need an external DHCP
server on the guest vlan? Isn't possible to use PF as primary dhcp server in
the guest?
Thanks
LucaDate: Fri, 11 Apr 2014 09:09:02 -0400
From: [email protected]
To: [email protected]
Subject: Re: [PacketFence-users] Virtual WLC integrationHello,
once you are in the guest vlan, your dhcp server must provide an ip address to
your device. Pf did his job.
Fabrice
Le 2014-04-11 09:03, luca comes a écrit :Hi all,
I'm testing PF to provide wifi guest access on my network but I'm wondering
what is the right configuration. I have a Cisco virtual WLC version 7.4.110 and
last release of pf on CentOS 6.5 configured in VLAN enforcement mode.
At the moment clients can get IP address on registration VLAN and access to the
Captive Portal login page. After the user authentication radius de-auth is
correctly done and client reconect on the guest vlan but they cannot get an ip
address from PF. On the server I added the interface for the vlan and the
definition in networks.conf, all the network configurations (switch trunks, esx
virtual switch and so on) are correct. Can you help me to understand how make
PF take care of the vlan?
P.S. I've already read all the documentation (Administrator Guide, Network
Devices Configuration, etc.)
Thank you in advance
Luca
------------------------------------------------------------------------------Put
Bad Developers to ShameDominate Development with Jenkins Continuous
IntegrationContinuously Automate Build, Test & Deployment Start a new project
now. Try Jenkins in the cloud.http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________PacketFence-users mailing
[email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
-- Fabrice [email protected] :: +1.514.447.4918 (x135) ::
www.inverse.caInverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
------------------------------------------------------------------------------
Put Bad Developers to Shame Dominate Development with Jenkins Continuous
Integration Continuously Automate Build, Test & Deployment Start a new project
now. Try Jenkins in the cloud.http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ PacketFence-users mailing list
[email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------Put
Bad Developers to ShameDominate Development with Jenkins Continuous
IntegrationContinuously Automate Build, Test & Deployment Start a new project
now. Try Jenkins in the cloud.http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________PacketFence-users mailing
[email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
-- Fabrice [email protected] :: +1.514.447.4918 (x135) ::
www.inverse.caInverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
------------------------------------------------------------------------------
Put Bad Developers to Shame Dominate Development with Jenkins Continuous
Integration Continuously Automate Build, Test & Deployment Start a new project
now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ PacketFence-users mailing list
[email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
**********************************************Email Disclaimer: This email,
including attachments, may contain proprietary, confidential or privileged
information. If you are not the intended recipient, please (i) do not use,
disclose, save or retransmit this message or any attachments, (ii) alert the
sender by reply email and (iii) destroy or delete this message and any
attachments. Delivery of this email to a person other than the intended
recipient(s) shall not constitute a waiver of privilege or confidentiality. CP
Investments, member FINRA and SIPC, serves as placement agent for certain
investment products advised by Canyon Capital Advisors LLC. CP Investments does
not act asa placement agent in any jurisdiction other than the U.S. This email
is not intended to be an offer to sell or a solicitation of an offer to buy any
security in any jurisdiction. We review and retain electronic
communicationstraveling through our network.
**********************************************
------------------------------------------------------------------------------
Put Bad Developers to Shame Dominate Development with Jenkins Continuous
Integration Continuously Automate Build, Test & Deployment Start a new project
now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ PacketFence-users mailing list
[email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
