Assuming the device is already registered, I don't see why it wouldn't work.
On Thu, Aug 6, 2015 at 1:45 PM, Pete Hoffswell <[email protected] > wrote: > Well, I'm sticking to the original subject, here.... trying to get a vlan > filter to work - > > resnet-ssid] > filter = ssid > operator = is > value = resnet > > [1:resnet-ssid] > scope = NormalVlan > role = resnet > > > I do not see any sort of info in the packetfence.log... I wonder if > there's a pf.conf command that directs PF to look for and run the > vlan_filters.conf stuff... > > > > - > Pete Hoffswell - Network Manager > [email protected] > http://www.davenport.edu > > > On Thu, Aug 6, 2015 at 12:13 PM, Tim DeNike <[email protected]> wrote: > >> That's on the user. If they don't use the installer we provide that sets >> up all the certificates and trusts. Otherwise it really doesn't matter. >> If I went and setup a hotspot near your campus with a ssid of resnet and >> made the portal look the same as yours I could probably have dozens or >> hundreds of passwords by the end of the day. >> >> Perfect world would be doing certificate auth but it took me long enough >> just to get them to think about dropping psk networks. ;) >> >> Sent from my iPhone >> >> On Aug 6, 2015, at 11:27 AM, Chris Abel <[email protected]> >> wrote: >> >> We just use portal profiles because of all the security holes with >> 802.1x. One such example that still works especially well for mobile >> devices: >> https://www.defcon.org/images/defcon-21/dc-21-presentations/djwishbone-PuNk1nPo0p/DEFCON-21-djwishbone-PuNk1nPo0p-BYO-Disaster-Updated.pdf >> >> Hopefully your 802.1x credentials aren't the same credentials for other >> online services. >> >> Not sure how to accomplish what you're trying to do. Sorry. >> >> On Thu, Aug 6, 2015 at 11:16 AM, Tim DeNike <[email protected]> wrote: >> >>> That's why I use different roles for 1x and portal login. I don't >>> assign the role to the device for portal login, just register and >>> dynamically assign. Then I have a rule to deny association for registered >>> devices with no role to the insecure ssids. Once someone connects with 1x, >>> that device isn't allowed on Mac auth until the next day (expire the >>> registration). My goal is to always keep people on 1x and only use portal >>> for devices that can't use 1x for some reason. >>> >>> But we don't have dorms so the situation is a little different. >>> >>> Sent from my iPhone >>> >>> On Aug 6, 2015, at 11:11 AM, Pete Hoffswell < >>> [email protected]> wrote: >>> >>> Our regular SSID is 802.1x. There is no portal profile, if I'm not >>> mistaken. >>> >>> I have a portal profile for resnet, and that works fine for unregistered >>> devices. >>> >>> I just want registered device (such as ones that connected to the >>> 802.1x regular ssid first) to connect to a different vlan (resnet) when >>> they connect to the resnet ssid. >>> >>> I don't actually want to modify the node. Just switch it to a different >>> vlan. >>> >>> >>> >>> >>> >>> - >>> Pete Hoffswell - Network Manager >>> [email protected] >>> http://www.davenport.edu >>> >>> >>> On Thu, Aug 6, 2015 at 10:55 AM, Chris Abel <[email protected]> >>> wrote: >>> >>>> Yes, this is for auto registration. >>>> >>>> If you still want unregistered users to hit the registration page, why >>>> don't you add the resnet SSID to the portal profile you have for your >>>> regular SSID? >>>> >>>> On Thu, Aug 6, 2015 at 10:35 AM, Pete Hoffswell < >>>> [email protected]> wrote: >>>> >>>>> Thanks, Chris! >>>>> >>>>> Does the AutoRegister automatically register the user, then? I don't >>>>> necessarily want that. I still want them to get stuck on a registration >>>>> page if they are not registered... >>>>> >>>>> - >>>>> Pete Hoffswell - Network Manager >>>>> [email protected] >>>>> http://www.davenport.edu >>>>> >>>>> >>>>> On Thu, Aug 6, 2015 at 10:30 AM, Chris Abel < >>>>> [email protected]> wrote: >>>>> >>>>>> Pete, I think you'll want something like this: >>>>>> >>>>>> [resnet-ssid] >>>>>> filter = ssid >>>>>> operator = is >>>>>> value = resnet >>>>>> >>>>>> [1:resnet-ssid] >>>>>> scope = AutoRegister >>>>>> role = resnet >>>>>> >>>>>> [2:resnet-ssid] >>>>>> scope = NormalVlan >>>>>> role = resnet >>>>>> action = modify_node >>>>>> action_param = mac = $mac, category = resnet >>>>>> >>>>>> On Thu, Aug 6, 2015 at 9:27 AM, Pete Hoffswell < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Tim. >>>>>>> >>>>>>> Yes, users could register on this SSID as well. But, a device may >>>>>>> have been registered on a separate SSID, and then try to connect to this >>>>>>> network. >>>>>>> >>>>>>> Student connects to our regular SSID, and registers. Gets a role of >>>>>>> "student" >>>>>>> Student goes to residence hall >>>>>>> Student connects to SSID resnet. >>>>>>> >>>>>>> This is where I want them to vlan switch to the resnet vlan. >>>>>>> Normally identified by role "resnet" >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> - >>>>>>> Pete Hoffswell - Network Manager >>>>>>> [email protected] >>>>>>> http://www.davenport.edu >>>>>>> >>>>>>> >>>>>>> On Thu, Aug 6, 2015 at 9:14 AM, Tim DeNike <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Or setup a portal profile. Do you want people to register devices >>>>>>>> on this ssid? >>>>>>>> >>>>>>>> Sent from my iPhone >>>>>>>> >>>>>>>> On Aug 6, 2015, at 9:12 AM, Pete Hoffswell < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>> Good morning - >>>>>>>> >>>>>>>> I have a SSID "resnet", and would like all users to be forced to >>>>>>>> vlan 10, no matter their role. >>>>>>>> >>>>>>>> I do have a role "resnet" that is defined in my device >>>>>>>> configurations to vlan 10. >>>>>>>> >>>>>>>> Would this be the correct rule for a vlan_filters.conf? >>>>>>>> >>>>>>>> >>>>>>>> [resnet-ssid] >>>>>>>> filter = ssid >>>>>>>> operator = is >>>>>>>> value = resnet >>>>>>>> >>>>>>>> [1:resnet-ssid] >>>>>>>> scope = NormalVlan >>>>>>>> role = resnet >>>>>>>> >>>>>>>> >>>>>>>> - >>>>>>>> Pete Hoffswell - Network Manager >>>>>>>> [email protected] >>>>>>>> http://www.davenport.edu >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------------ >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------------ >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Chris Abel >>>>>> Systems and Network Administrator >>>>>> Wildwood Programs >>>>>> 2995 Curry Road Extension >>>>>> Schenectady, NY 12303 >>>>>> 518-836-2341 >>>>>> >>>>>> IMPORTANT NOTICE: This message and any attachments are solely for the >>>>>> intended recipient and may contain confidential information, which is, or >>>>>> may be, legally privileged or otherwise protected by law from further >>>>>> disclosure. If you are not the intended recipient, any disclosure, >>>>>> copying, >>>>>> use, or distribution of the information included in this email and any >>>>>> attachments is prohibited. If you have received this communication in >>>>>> error, please notify the sender by reply email and immediately and >>>>>> permanently delete this email and any attachments. >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>> >>>> >>>> -- >>>> Chris Abel >>>> Systems and Network Administrator >>>> Wildwood Programs >>>> 2995 Curry Road Extension >>>> Schenectady, NY 12303 >>>> 518-836-2341 >>>> >>>> IMPORTANT NOTICE: This message and any attachments are solely for the >>>> intended recipient and may contain confidential information, which is, or >>>> may be, legally privileged or otherwise protected by law from further >>>> disclosure. If you are not the intended recipient, any disclosure, copying, >>>> use, or distribution of the information included in this email and any >>>> attachments is prohibited. If you have received this communication in >>>> error, please notify the sender by reply email and immediately and >>>> permanently delete this email and any attachments. >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >> >> >> -- >> Chris Abel >> Systems and Network Administrator >> Wildwood Programs >> 2995 Curry Road Extension >> Schenectady, NY 12303 >> 518-836-2341 >> >> IMPORTANT NOTICE: This message and any attachments are solely for the >> intended recipient and may contain confidential information, which is, or >> may be, legally privileged or otherwise protected by law from further >> disclosure. If you are not the intended recipient, any disclosure, copying, >> use, or distribution of the information included in this email and any >> attachments is prohibited. If you have received this communication in >> error, please notify the sender by reply email and immediately and >> permanently delete this email and any attachments. >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > >
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
