Well, I'm sticking to the original subject, here.... trying to get a vlan filter to work -
resnet-ssid] filter = ssid operator = is value = resnet [1:resnet-ssid] scope = NormalVlan role = resnet I do not see any sort of info in the packetfence.log... I wonder if there's a pf.conf command that directs PF to look for and run the vlan_filters.conf stuff... - Pete Hoffswell - Network Manager [email protected] http://www.davenport.edu On Thu, Aug 6, 2015 at 12:13 PM, Tim DeNike <[email protected]> wrote: > That's on the user. If they don't use the installer we provide that sets > up all the certificates and trusts. Otherwise it really doesn't matter. > If I went and setup a hotspot near your campus with a ssid of resnet and > made the portal look the same as yours I could probably have dozens or > hundreds of passwords by the end of the day. > > Perfect world would be doing certificate auth but it took me long enough > just to get them to think about dropping psk networks. ;) > > Sent from my iPhone > > On Aug 6, 2015, at 11:27 AM, Chris Abel <[email protected]> > wrote: > > We just use portal profiles because of all the security holes with 802.1x. > One such example that still works especially well for mobile devices: > https://www.defcon.org/images/defcon-21/dc-21-presentations/djwishbone-PuNk1nPo0p/DEFCON-21-djwishbone-PuNk1nPo0p-BYO-Disaster-Updated.pdf > > Hopefully your 802.1x credentials aren't the same credentials for other > online services. > > Not sure how to accomplish what you're trying to do. Sorry. > > On Thu, Aug 6, 2015 at 11:16 AM, Tim DeNike <[email protected]> wrote: > >> That's why I use different roles for 1x and portal login. I don't assign >> the role to the device for portal login, just register and dynamically >> assign. Then I have a rule to deny association for registered devices with >> no role to the insecure ssids. Once someone connects with 1x, that device >> isn't allowed on Mac auth until the next day (expire the registration). My >> goal is to always keep people on 1x and only use portal for devices that >> can't use 1x for some reason. >> >> But we don't have dorms so the situation is a little different. >> >> Sent from my iPhone >> >> On Aug 6, 2015, at 11:11 AM, Pete Hoffswell <[email protected]> >> wrote: >> >> Our regular SSID is 802.1x. There is no portal profile, if I'm not >> mistaken. >> >> I have a portal profile for resnet, and that works fine for unregistered >> devices. >> >> I just want registered device (such as ones that connected to the >> 802.1x regular ssid first) to connect to a different vlan (resnet) when >> they connect to the resnet ssid. >> >> I don't actually want to modify the node. Just switch it to a different >> vlan. >> >> >> >> >> >> - >> Pete Hoffswell - Network Manager >> [email protected] >> http://www.davenport.edu >> >> >> On Thu, Aug 6, 2015 at 10:55 AM, Chris Abel <[email protected]> >> wrote: >> >>> Yes, this is for auto registration. >>> >>> If you still want unregistered users to hit the registration page, why >>> don't you add the resnet SSID to the portal profile you have for your >>> regular SSID? >>> >>> On Thu, Aug 6, 2015 at 10:35 AM, Pete Hoffswell < >>> [email protected]> wrote: >>> >>>> Thanks, Chris! >>>> >>>> Does the AutoRegister automatically register the user, then? I don't >>>> necessarily want that. I still want them to get stuck on a registration >>>> page if they are not registered... >>>> >>>> - >>>> Pete Hoffswell - Network Manager >>>> [email protected] >>>> http://www.davenport.edu >>>> >>>> >>>> On Thu, Aug 6, 2015 at 10:30 AM, Chris Abel <[email protected] >>>> > wrote: >>>> >>>>> Pete, I think you'll want something like this: >>>>> >>>>> [resnet-ssid] >>>>> filter = ssid >>>>> operator = is >>>>> value = resnet >>>>> >>>>> [1:resnet-ssid] >>>>> scope = AutoRegister >>>>> role = resnet >>>>> >>>>> [2:resnet-ssid] >>>>> scope = NormalVlan >>>>> role = resnet >>>>> action = modify_node >>>>> action_param = mac = $mac, category = resnet >>>>> >>>>> On Thu, Aug 6, 2015 at 9:27 AM, Pete Hoffswell < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Tim. >>>>>> >>>>>> Yes, users could register on this SSID as well. But, a device may >>>>>> have been registered on a separate SSID, and then try to connect to this >>>>>> network. >>>>>> >>>>>> Student connects to our regular SSID, and registers. Gets a role of >>>>>> "student" >>>>>> Student goes to residence hall >>>>>> Student connects to SSID resnet. >>>>>> >>>>>> This is where I want them to vlan switch to the resnet vlan. >>>>>> Normally identified by role "resnet" >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> - >>>>>> Pete Hoffswell - Network Manager >>>>>> [email protected] >>>>>> http://www.davenport.edu >>>>>> >>>>>> >>>>>> On Thu, Aug 6, 2015 at 9:14 AM, Tim DeNike <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Or setup a portal profile. Do you want people to register devices >>>>>>> on this ssid? >>>>>>> >>>>>>> Sent from my iPhone >>>>>>> >>>>>>> On Aug 6, 2015, at 9:12 AM, Pete Hoffswell < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>> Good morning - >>>>>>> >>>>>>> I have a SSID "resnet", and would like all users to be forced to >>>>>>> vlan 10, no matter their role. >>>>>>> >>>>>>> I do have a role "resnet" that is defined in my device >>>>>>> configurations to vlan 10. >>>>>>> >>>>>>> Would this be the correct rule for a vlan_filters.conf? >>>>>>> >>>>>>> >>>>>>> [resnet-ssid] >>>>>>> filter = ssid >>>>>>> operator = is >>>>>>> value = resnet >>>>>>> >>>>>>> [1:resnet-ssid] >>>>>>> scope = NormalVlan >>>>>>> role = resnet >>>>>>> >>>>>>> >>>>>>> - >>>>>>> Pete Hoffswell - Network Manager >>>>>>> [email protected] >>>>>>> http://www.davenport.edu >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Chris Abel >>>>> Systems and Network Administrator >>>>> Wildwood Programs >>>>> 2995 Curry Road Extension >>>>> Schenectady, NY 12303 >>>>> 518-836-2341 >>>>> >>>>> IMPORTANT NOTICE: This message and any attachments are solely for the >>>>> intended recipient and may contain confidential information, which is, or >>>>> may be, legally privileged or otherwise protected by law from further >>>>> disclosure. If you are not the intended recipient, any disclosure, >>>>> copying, >>>>> use, or distribution of the information included in this email and any >>>>> attachments is prohibited. If you have received this communication in >>>>> error, please notify the sender by reply email and immediately and >>>>> permanently delete this email and any attachments. >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>> >>> >>> -- >>> Chris Abel >>> Systems and Network Administrator >>> Wildwood Programs >>> 2995 Curry Road Extension >>> Schenectady, NY 12303 >>> 518-836-2341 >>> >>> IMPORTANT NOTICE: This message and any attachments are solely for the >>> intended recipient and may contain confidential information, which is, or >>> may be, legally privileged or otherwise protected by law from further >>> disclosure. If you are not the intended recipient, any disclosure, copying, >>> use, or distribution of the information included in this email and any >>> attachments is prohibited. If you have received this communication in >>> error, please notify the sender by reply email and immediately and >>> permanently delete this email and any attachments. >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> > > > -- > Chris Abel > Systems and Network Administrator > Wildwood Programs > 2995 Curry Road Extension > Schenectady, NY 12303 > 518-836-2341 > > IMPORTANT NOTICE: This message and any attachments are solely for the > intended recipient and may contain confidential information, which is, or > may be, legally privileged or otherwise protected by law from further > disclosure. If you are not the intended recipient, any disclosure, copying, > use, or distribution of the information included in this email and any > attachments is prohibited. If you have received this communication in > error, please notify the sender by reply email and immediately and > permanently delete this email and any attachments. > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > >
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
