That's why I use different roles for 1x and portal login. I don't assign the role to the device for portal login, just register and dynamically assign. Then I have a rule to deny association for registered devices with no role to the insecure ssids. Once someone connects with 1x, that device isn't allowed on Mac auth until the next day (expire the registration). My goal is to always keep people on 1x and only use portal for devices that can't use 1x for some reason.
But we don't have dorms so the situation is a little different. Sent from my iPhone On Aug 6, 2015, at 11:11 AM, Pete Hoffswell <[email protected]> wrote: Our regular SSID is 802.1x. There is no portal profile, if I'm not mistaken. I have a portal profile for resnet, and that works fine for unregistered devices. I just want registered device (such as ones that connected to the 802.1x regular ssid first) to connect to a different vlan (resnet) when they connect to the resnet ssid. I don't actually want to modify the node. Just switch it to a different vlan. - Pete Hoffswell - Network Manager [email protected] http://www.davenport.edu On Thu, Aug 6, 2015 at 10:55 AM, Chris Abel <[email protected]> wrote: > Yes, this is for auto registration. > > If you still want unregistered users to hit the registration page, why > don't you add the resnet SSID to the portal profile you have for your > regular SSID? > > On Thu, Aug 6, 2015 at 10:35 AM, Pete Hoffswell < > [email protected]> wrote: > >> Thanks, Chris! >> >> Does the AutoRegister automatically register the user, then? I don't >> necessarily want that. I still want them to get stuck on a registration >> page if they are not registered... >> >> - >> Pete Hoffswell - Network Manager >> [email protected] >> http://www.davenport.edu >> >> >> On Thu, Aug 6, 2015 at 10:30 AM, Chris Abel <[email protected]> >> wrote: >> >>> Pete, I think you'll want something like this: >>> >>> [resnet-ssid] >>> filter = ssid >>> operator = is >>> value = resnet >>> >>> [1:resnet-ssid] >>> scope = AutoRegister >>> role = resnet >>> >>> [2:resnet-ssid] >>> scope = NormalVlan >>> role = resnet >>> action = modify_node >>> action_param = mac = $mac, category = resnet >>> >>> On Thu, Aug 6, 2015 at 9:27 AM, Pete Hoffswell < >>> [email protected]> wrote: >>> >>>> Hi Tim. >>>> >>>> Yes, users could register on this SSID as well. But, a device may >>>> have been registered on a separate SSID, and then try to connect to this >>>> network. >>>> >>>> Student connects to our regular SSID, and registers. Gets a role of >>>> "student" >>>> Student goes to residence hall >>>> Student connects to SSID resnet. >>>> >>>> This is where I want them to vlan switch to the resnet vlan. Normally >>>> identified by role "resnet" >>>> >>>> >>>> >>>> >>>> >>>> - >>>> Pete Hoffswell - Network Manager >>>> [email protected] >>>> http://www.davenport.edu >>>> >>>> >>>> On Thu, Aug 6, 2015 at 9:14 AM, Tim DeNike <[email protected]> wrote: >>>> >>>>> Or setup a portal profile. Do you want people to register devices on >>>>> this ssid? >>>>> >>>>> Sent from my iPhone >>>>> >>>>> On Aug 6, 2015, at 9:12 AM, Pete Hoffswell < >>>>> [email protected]> wrote: >>>>> >>>>> Good morning - >>>>> >>>>> I have a SSID "resnet", and would like all users to be forced to vlan >>>>> 10, no matter their role. >>>>> >>>>> I do have a role "resnet" that is defined in my device configurations >>>>> to vlan 10. >>>>> >>>>> Would this be the correct rule for a vlan_filters.conf? >>>>> >>>>> >>>>> [resnet-ssid] >>>>> filter = ssid >>>>> operator = is >>>>> value = resnet >>>>> >>>>> [1:resnet-ssid] >>>>> scope = NormalVlan >>>>> role = resnet >>>>> >>>>> >>>>> - >>>>> Pete Hoffswell - Network Manager >>>>> [email protected] >>>>> http://www.davenport.edu >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>> >>> >>> -- >>> Chris Abel >>> Systems and Network Administrator >>> Wildwood Programs >>> 2995 Curry Road Extension >>> Schenectady, NY 12303 >>> 518-836-2341 >>> >>> IMPORTANT NOTICE: This message and any attachments are solely for the >>> intended recipient and may contain confidential information, which is, or >>> may be, legally privileged or otherwise protected by law from further >>> disclosure. If you are not the intended recipient, any disclosure, copying, >>> use, or distribution of the information included in this email and any >>> attachments is prohibited. If you have received this communication in >>> error, please notify the sender by reply email and immediately and >>> permanently delete this email and any attachments. >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> > > > -- > Chris Abel > Systems and Network Administrator > Wildwood Programs > 2995 Curry Road Extension > Schenectady, NY 12303 > 518-836-2341 > > IMPORTANT NOTICE: This message and any attachments are solely for the > intended recipient and may contain confidential information, which is, or > may be, legally privileged or otherwise protected by law from further > disclosure. If you are not the intended recipient, any disclosure, copying, > use, or distribution of the information included in this email and any > attachments is prohibited. If you have received this communication in > error, please notify the sender by reply email and immediately and > permanently delete this email and any attachments. > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
