That works brilliantly, however it’s only stopping devices connecting to the main network. The registration network is still accessible by devices.
From: Tim DeNike [mailto:[email protected]] Sent: 22 October 2015 16:25 To: [email protected] Subject: Re: [PacketFence-users] Recommended setup for HA and efficiency Set the role vlan to -1. That should return reject. Sent from my iPhone On Oct 22, 2015, at 11:17 AM, Morris, Andi <[email protected]<mailto:[email protected]>> wrote: I’ve been working on this today, and have successfully created a manually triggered violation that sends the device to the macdetection vlan (id 4), which doesn’t exist on our network. However, I can see the violation triggering, and access briefly drops on my test device, but it always connects back up to the network without issue and continues as normal. Would creating a real vlan, which has no route to the internet be a better way to go about this? Or am I doing something wrong by sending them to the mac detection vlan? Cheers, Andi From: Morris, Andi [mailto:[email protected]] Sent: 22 October 2015 09:45 To: [email protected]<mailto:[email protected]> Subject: Re: [PacketFence-users] Recommended setup for HA and efficiency Thanks Arthur, That’s a really interesting idea. I’ll see if I can find a way to spot devices that are hanging around for a while and set something like this up. From: Arthur Emerson [mailto:[email protected]] Sent: 21 October 2015 18:38 To: [email protected]<mailto:[email protected]> Subject: Re: [PacketFence-users] Recommended setup for HA and efficiency On 10/21/15, 12:35 PM, "Morris, Andi" <[email protected]<mailto:[email protected]>> wrote: Has anyone else run into this sort of issue with devices sitting in the captive portal, and if so how do you combat it? I made a local portal user ID for unregistered devices that are hanging around for too long without registering. Once the device is manually registered to that user, I set a violation on the device, which sends it to an unused VLAN (mac-detect?). You can do the same thing with RADIUS VLAN settings for the special user, as long as the device gets sent to the naughty room (isolated on a dead VLAN). I never automated this process, but it shouldn't be too difficult... -Arthur ------------------------------------------------------------------------- Arthur Emerson III Email: [email protected]<mailto:[email protected]> Network Administrator InterNIC: AE81 Mount Saint Mary College MaBell: (845) 561-0800 Ext. 3109 330 Powell Ave. Fax: (845) 562-6762 Newburgh, NY 12550 SneakerNet: Aquinas Hall Room 8A ________________________________ <image001.jpg><http://www.cardiffmet.ac.uk/cardiffmet150> ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
