Re: [PacketFence-users] isolated vlan?

Wed, 18 May 2016 05:10:30 -0700 

Would it be better to ask if there is a way to just apply a  different ACL
and redirection instead of switching VLANs since that doesn't seem to work
for isolation?

On Mon, May 16, 2016 at 10:52 AM, Mr C <[email protected]> wrote:

> I have everything working as it should.
>
> When a user hits a violation and it triggers everything does what it
> should. The WLC changes the VLAN and ACL. However the client disassociates
> and IP address shows on the WLC as 0.0.0.0 however the client itself does
> not know this and keeps its old IP without getting a new one.
>
> The transition from registration VLAN => Guest VLAN works. However
> transition from Guest VLAN => isolation does not. What is the difference?
> After registration it switches VLANs and ACLs just fine, but when a
> violation is triggered and VLANs/ACLs change it does not.
>
> here is violations.conf
> [30000025]
> actions=email_admin,reevaluate_access,log,role,enforce_provisioning
> auto_enable=N
> template=p2p
> priority=1
>
> trigger=detect::2000334,detect::2000369,detect::2011699,detect::2010144,detect::2006375,detect::2008582
> enabled=Y
> desc=P2P BitTorrent
> grace=30s
> target_category=isolated
> vlan=isolated
> max_enable=1
>
> I did a debug on the WLC and it does everything as it should but here is
> what it does:
> 1. Deauth Client / Disassociate Client
> 2. Change VLAN & ACL
> 3. Request DHCP (no replies)
>
> IF I disconnect on my client and reconnect, everything works! I can in the
> isolated VLAN and I get redirected to the violation webpage.
>
>

------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to