Thanks Fabrice. "But i have a question, if the device is reg then it's suppose to go on a production vlan, not the registration vlan ?!"
Yes this is exactly my issue. Devices are being setup and registered (through autoreg the first time they connect), however my onboarding software is having issues telling devices to forget the setup SSID, and so registered devices are frequently connecting to the setup SSID instead of the production SSID. I know vlan_filters are also quite intensive work for the PF server, but I'm hoping that it's less work than having 500 devices sitting in the captive portal. Can you see any reason why I shouldn't put this in place? Cheers, Andi From: Durand fabrice [mailto:[email protected]] Sent: 04 November 2015 12:05 To: [email protected] Subject: Re: [PacketFence-users] Registered devices sitting in captive portal Hello Andy, let's try this: [reg_devices] filter = node_info operator = is attribute = status value = reg [reg_network] filter = ssid operator = is value = setup_wifi [block_reg_devices:reg_devices®_network] scope = RegistrationVlan role = blocked But i have a question, if the device is reg then it's suppose to go on a production vlan, not the registration vlan ?! Regards Fabrice Le 2015-11-04 06:16, Morris, Andi a écrit : Now I have the vlan_filters in front of me, does this look doable? [reg_devices] filter = node_info operator = is attribute = status value = reg [reg_network] filter = ssid operator = is value = setup_wifi [block_reg_devices:reg_devices®_network] role = blocked Cheers, Andi From: Morris, Andi [mailto:[email protected]] Sent: 03 November 2015 20:08 To: [email protected]<mailto:[email protected]> Subject: [PacketFence-users] Registered devices sitting in captive portal Hi all, I'm still having a large problem with devices sitting in my captive portal, and as such using up a lot of PF resources. With others help on here I've setup a violation that I can trigger if I see a device sitting in there for too long, and I've managed to get any long term devices off the network in that way, but the main problem I'm getting is with devices that are setup and registered for my main SSID, however the setup SSID isn't forgotten on the device, which means that as users roam around the devices switch between networks frequently. There are simply too many of these devices for me to capture and notify the users manually (20,000 registered devices, 3000 main SSID and 500 in setup SSID during peak times). Is there a way, and is it advisable, to block a device from the registration network once it is registered? Perhaps using vlan filters? Something like (rough pseudo code sorry, I don't have the filters in front of me): If SSID = setup_network device = registered then role = blocked Then outside of vlan filters the blocked role assigns the vlan of -1 in switches.conf? I know that if a device then need to get setup again they will need to contact our helpdesk to get them unregistered (I can't get status page working here), but at the moment I think that's a better solution than having the PF box run out of CPU during peak hours. Cheers, Andi ________________________________ [Image removed by sender. Cardiff Metropolitan University - 150 years of nurturing talent]<http://www.cardiffmet.ac.uk/cardiffmet150> ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
