Ok so on the setup_wifi SSID it always return the reg vlan, right ? So you have to deny reg device in the NormalVlan scope.
[reg_devices] filter = node_info operator = is attribute = status value = reg [reg_network] filter = ssid operator = is value = setup_wifi [block_reg_devices:reg_devices®_network] scope = NormalVlan role = blocked Le Mercredi, Novembre 04, 2015 07:34 EST, "Morris, Andi" <amor...@cardiffmet.ac.uk> a écrit: > Thanks Fabrice. > > "But i have a question, if the device is reg then it's suppose to go on a > production vlan, not the registration vlan ?!" > > Yes this is exactly my issue. Devices are being setup and registered (through > autoreg the first time they connect), however my onboarding software is > having issues telling devices to forget the setup SSID, and so registered > devices are frequently connecting to the setup SSID instead of the production > SSID. > > I know vlan_filters are also quite intensive work for the PF server, but I'm > hoping that it's less work than having 500 devices sitting in the captive > portal. > > Can you see any reason why I shouldn't put this in place? > > Cheers, > Andi > > From: Durand fabrice [mailto:fdur...@inverse.ca] > Sent: 04 November 2015 12:05 > To: packetfence-users@lists.sourceforge.net > Subject: Re: [PacketFence-users] Registered devices sitting in captive portal > > Hello Andy, > > let's try this: > [reg_devices] > filter = node_info > operator = is > attribute = status > value = reg > > [reg_network] > filter = ssid > operator = is > value = setup_wifi > > [block_reg_devices:reg_devices®_network] > scope = RegistrationVlan > role = blocked > > But i have a question, if the device is reg then it's suppose to go on a > production vlan, not the registration vlan ?! > > Regards > Fabrice > > Le 2015-11-04 06:16, Morris, Andi a écrit : > Now I have the vlan_filters in front of me, does this look doable? > > [reg_devices] > filter = node_info > operator = is > attribute = status > value = reg > > [reg_network] > filter = ssid > operator = is > value = setup_wifi > > [block_reg_devices:reg_devices®_network] > role = blocked > > Cheers, > Andi > > From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk] > Sent: 03 November 2015 20:08 > To: > packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> > Subject: [PacketFence-users] Registered devices sitting in captive portal > > Hi all, > I'm still having a large problem with devices sitting in my captive portal, > and as such using up a lot of PF resources. With others help on here I've > setup a violation that I can trigger if I see a device sitting in there for > too long, and I've managed to get any long term devices off the network in > that way, but the main problem I'm getting is with devices that are setup and > registered for my main SSID, however the setup SSID isn't forgotten on the > device, which means that as users roam around the devices switch between > networks frequently. > > There are simply too many of these devices for me to capture and notify the > users manually (20,000 registered devices, 3000 main SSID and 500 in setup > SSID during peak times). > > Is there a way, and is it advisable, to block a device from the registration > network once it is registered? Perhaps using vlan filters? Something like > (rough pseudo code sorry, I don't have the filters in front of me): > > If > SSID = setup_network > device = registered > > then > role = blocked > > Then outside of vlan filters the blocked role assigns the vlan of -1 in > switches.conf? > > I know that if a device then need to get setup again they will need to > contact our helpdesk to get them unregistered (I can't get status page > working here), but at the moment I think that's a better solution than having > the PF box run out of CPU during peak hours. > > Cheers, > Andi > > > ________________________________ > > [Image removed by sender. Cardiff Metropolitan University - > 150 years of nurturing > talent]<http://www.cardiffmet.ac.uk/cardiffmet150> > > > > > ------------------------------------------------------------------------------ > > > > > _______________________________________________ > > PacketFence-users mailing list > > PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
