Hello Mister C,
yes you can use a different ACL and redirection when the device is
unreg, you just have to define the isolation role to your ACL defined on
your WLC and set a webauth url for your isolation role.
Regards
Fabrice
Le 2016-05-18 08:07, Mr C a écrit :
Would it be better to ask if there is a way to just apply a different
ACL and redirection instead of switching VLANs since that doesn't seem
to work for isolation?
On Mon, May 16, 2016 at 10:52 AM, Mr C <[email protected]
<mailto:[email protected]>> wrote:
I have everything working as it should.
When a user hits a violation and it triggers everything does what
it should. The WLC changes the VLAN and ACL. However the client
disassociates and IP address shows on the WLC as 0.0.0.0 however
the client itself does not know this and keeps its old IP without
getting a new one.
The transition from registration VLAN => Guest VLAN works. However
transition from Guest VLAN => isolation does not. What is the
difference? After registration it switches VLANs and ACLs just
fine, but when a violation is triggered and VLANs/ACLs change it
does not.
here is violations.conf
[30000025]
actions=email_admin,reevaluate_access,log,role,enforce_provisioning
auto_enable=N
template=p2p
priority=1
trigger=detect::2000334,detect::2000369,detect::2011699,detect::2010144,detect::2006375,detect::2008582
enabled=Y
desc=P2P BitTorrent
grace=30s
target_category=isolated
vlan=isolated
max_enable=1
I did a debug on the WLC and it does everything as it should but
here is what it does:
1. Deauth Client / Disassociate Client
2. Change VLAN & ACL
3. Request DHCP (no replies)
IF I disconnect on my client and reconnect, everything works! I
can in the isolated VLAN and I get redirected to the violation
webpage.
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
