Thanks for the direction Fabrice - I'll setup my lab here for testing and get back if I have any questions to implement for our company.
Cory White Xponet P: 904.735.1600 E: [email protected] On Wed, Nov 18, 2015 at 6:44 PM, Durand fabrice <[email protected]> wrote: > Hello Cory, > > what you describe is WLC web authentication. > > It mean that the device stay on the same layer 2 network and is redirected > to the captive portal if the device is unreg. > > For the flow policy you can use the wlc qos for that. > > > http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Devices_Configuration_Guide-5.4.0.pdf > page 86. > > Regards > Fabrice > > > > Le 2015-11-18 12:49, Cory White a écrit : > > Hello (new to the forum) - > > I've been tasked with a captive portal replacement for our companies > currently paid solution - sure we all know the 'green monster' with an 'X'. > > I've read through deployment and admin guides but our needs require a very > vanilla offering to our customers - hospitality industry. Although a base > solution of deploying PF as in-line will work we are looking for a more > complete solution (not a fan of the bridged network similarity of our > current solution). It seems we need a hybrid of the 2 options from web > configurator. 99% of traffic will be wireless based, one offs for wired > based on network printers and the like. We are a 100% Cisco house aside > from our linux monitoring servers - i.e. Routers, WLC, switches, APs, > etc.... > > Our overview of needs: > 1. Captive Portal - user created login portal & portal with auto redirect > (no login needed but url redirect required for 'sponsored wifi') > 2. Assign portals based on access port (vlan) or Vlan assigned SSID (WLC) > - DHCP assigned by our server, user is 'caught' by PF to authenticate and > once registered is allowed to pass to the internet. > > Is PF capable: > 1. Most clients will not have 802.1x logins but PF created logins - we do > not need PF to manage switches or APs - unless its required to accomplish > our goals. This is not preferred due to the size of our network hardware > infrastructure and client footprint. > 2. Assigning captive portals based on vlan of client (or even SSID) - so > we can trunk to PF (allow portal vlans) and it tags traffic to correct > captive portal. Is this the filter feature on portal configuration, if not > how/possible? > 3. Can it create micro-flow policy on user traffic, I see iptables/tc > being used for user traffic shapping (in-line) but it is applied as a whole > (on user group) not per user IP:MAC based on my testing. Not a huge > obstacle as if we can use our VLANs structure micro-flow is applied through > our layer 3 catalyst. > > *one note is we use converged access WLC - not as mature as WLC guide to > Airespace. Though its radius/AAA configuration is similar not entirely sure > it deploys the same. > > Thanks in advance and apologies if this is redundant thread anywhere - > just trying to see if PF is worth the investment or is another solution > needed. > > - > Cory > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > >
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
