Hello Cory,
what you describe is WLC web authentication.
It mean that the device stay on the same layer 2 network and is
redirected to the captive portal if the device is unreg.
For the flow policy you can use the wlc qos for that.
http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Devices_Configuration_Guide-5.4.0.pdf
page 86.
Regards
Fabrice
Le 2015-11-18 12:49, Cory White a écrit :
Hello (new to the forum) -
I've been tasked with a captive portal replacement for our companies
currently paid solution - sure we all know the 'green monster' with an
'X'.
I've read through deployment and admin guides but our needs require a
very vanilla offering to our customers - hospitality industry.
Although a base solution of deploying PF as in-line will work we are
looking for a more complete solution (not a fan of the bridged network
similarity of our current solution). It seems we need a hybrid of the
2 options from web configurator. 99% of traffic will be wireless
based, one offs for wired based on network printers and the like. We
are a 100% Cisco house aside from our linux monitoring servers - i.e.
Routers, WLC, switches, APs, etc....
Our overview of needs:
1. Captive Portal - user created login portal & portal with auto
redirect (no login needed but url redirect required for 'sponsored wifi')
2. Assign portals based on access port (vlan) or Vlan assigned SSID
(WLC) - DHCP assigned by our server, user is 'caught' by PF to
authenticate and once registered is allowed to pass to the internet.
Is PF capable:
1. Most clients will not have 802.1x logins but PF created logins - we
do not need PF to manage switches or APs - unless its required to
accomplish our goals. This is not preferred due to the size of our
network hardware infrastructure and client footprint.
2. Assigning captive portals based on vlan of client (or even SSID) -
so we can trunk to PF (allow portal vlans) and it tags traffic to
correct captive portal. Is this the filter feature on portal
configuration, if not how/possible?
3. Can it create micro-flow policy on user traffic, I see iptables/tc
being used for user traffic shapping (in-line) but it is applied as a
whole (on user group) not per user IP:MAC based on my testing. Not a
huge obstacle as if we can use our VLANs structure micro-flow is
applied through our layer 3 catalyst.
*one note is we use converged access WLC - not as mature as WLC guide
to Airespace. Though its radius/AAA configuration is similar not
entirely sure it deploys the same.
Thanks in advance and apologies if this is redundant thread anywhere -
just trying to see if PF is worth the investment or is another
solution needed.
-
Cory
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
