Hi Christian,
my dream is to have a gui for the vlan filter but it´s not for now.
There is a few documentation about how to use action in the vlan_filter:
https://github.com/inverse-inc/packetfence/blob/stable/conf/vlan_filters.conf.example#L162
and here are the action function you can use:
https://github.com/inverse-inc/packetfence/blob/stable/lib/pf/api.pm
So per example change the node info:
[category]
filter = node_info
operator = is
attribute = category
value = Staff
[1:category]
scope = ViolationVlan
role = violationStaff
action = modify_node
action_param = mac = $mac,computername = robert,category = default
or trigger a violation:
[category]
filter = node_info
operator = is
attribute = category
value = Staff
[1:category]
scope = ViolationVlan
role = violationStaff
action = trigger_violation
action_param = mac = $mac, tid = 170000, type = INTERNAL
And in violation.conf:
[3000003]
priority=8
enabled=Y
desc=Block Stuff
template=banned_devices
actions=trap,email,log
trigger=internal::170000
grace=120s
Also i made a new branch on github that fix some little issue with vlan
filter:
https://github.com/inverse-inc/packetfence/pull/330.diff
Regards
Fabrice
Le 2015-02-10 15:19, Christian Hanster a écrit :
Thanks Fabrice! I think I now have understood the filters.
In the configuration document I have seen that there is something like „action“
attribute. Is there a documentation about the actions somewhere? Are they
similar to those when a violation is triggered?
Regards
Christian
Am 09.02.2015 um 16:09 schrieb Fabrice DURAND <[email protected]>:
Something like that should work:
[category]
filter = node_info
operator = is
attribute = category
value = Staff
[1:category]
scope = ViolationVlan
role = violationStaff
If the device´s role is Staff then if there is a violation then
packetfence will return the violationStaff role.
Regards
Fabrice
Le 2015-02-09 09:57, Christian Hanster a écrit :
Hey Fabrice,
Yes, the VLAN-Filters are the key! Does „category“ attribute in „node_info“
filter is equivalent to the role the node got?
Thanks a lot!
Christian
Am 09.02.2015 um 14:38 schrieb Fabrice DURAND <[email protected]>:
Hi Christian,
i am not sure to understand what you want, when a 802.1x user trigger a
violation then the violation vlan should be based on the user role ?
If it´s that yes of course but you will have to play with the vlan filters.
Regards
Fabrice
Le 2015-02-08 04:42, Christian Hanster a écrit :
Hello everybody,
after reinstalling our PF-Server I was wondering if it is possible to put
802.1X Users in the violation VLAN (or generally in a distinct VLAN) based on
the User Role they received from our LDAP Server. I have not found a violation
trigger so far which gives me this possibility. At the moment we are using PF
in the inline enforcement mode. The functionality I’m thinking about is that
users with certain roles only should access certain websites. Is there a
possibility to do that?
Perhaps you can help me. Thanks a lot.
Christian
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
<0xF78F957E.asc>------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now.
http://goparallel.sourceforge.net/_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
<0xF78F957E.asc>------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now.
http://goparallel.sourceforge.net/_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
