Hi all,
I'm looking to slightly redesign the way we have PacketFence controlling
sections of our network here and I'd like to make use of the new features
built-in to version 5, but I'm not sure my needs match exactly what's available.
Here's my desired workflow, this isn't set in stone...yet:
Our university user connects an unregistered device to open setup SSID
(packetfence registration network)
- User is taken to our setup website, containing provisioning for
different devices, along with connection guides etc
- User sets up device entering valid eduroam credentials (including
realm) and connects to the eduroam SSID - this will likely be done using the
eduroam CAT provisioning tool as it's more suitable to our environment
- Packetfence takes those credentials, preferably from the radius
INNER IDENTITY, and auto-registers the device with the correct role and home
user vlan
Our university user connects a registered device to open setup SSID
(packetfence registration network)
- User is taken to our setup website, containing provisioning for
different devices, along with connection guides etc
- User sets up device entering valid eduroam credentials (including
realm)
- Packetfence takes those credentials, preferably from the radius
INNER IDENTITY, and re-registers the device with the correct role and home user
vlan
Visiting user connects their device to our eduroam network
- Device is transparently registered within PacketFence using the
radius OUTER IDENTITY and given the visiting user vlan
Currently I have this setup in my live environment, using the vlan/custom.pm to
autoregister devices with dot1x credentials, and also to determine whether the
user is a home user or visiting user, using a regex check, which in turn puts
them into the correct vlan.
The main difference in my desired network is that previously registered devices
aren't stopped from getting to the setup website and re-provisioning in the
event of a format of the device, or similar.
The capture of the inner and outer identities of the two different user types
isn't vital, it would just be nice to get the user details for home users, but
anonymous outer identities of the visiting users if that's how they've set up
their devices.
What would be the best way to achieve this using Sources, Roles, vlan filters
and portal profiles?
Cheers,
Andi
-------------------------------------
Andi Morris
IT Security Officer
Cardiff Metropolitan University
T: 02920 205720
E: [email protected]<mailto:[email protected]>
--------------------------------------
________________________________
[Cardiff Metropolitan University - 150 years of nurturing
talent]<http://www.cardiffmet.ac.uk/cardiffmet150>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
