Hello PF users, We are running v5.0.2 and are seeing that some of our printers, intended for the default_vlan are being flagged for "violation" when their DHCP packets are fingerprinted. This results in the printer being dropped into our NonComplient vlan, for obsolete OS.
Our noncompliant vlan is older operating systems that we wanted to segregate and protect but were we can not be upgraded the computer's OS for one reason or another. The problem at its root is probably a DHCP fingerprinting issue, and I'm not sure how to fix that correctly. What I did find was that the NODE "info" page provides a "bypass vlan" and "bypass role" option. While I have had no success at all with "bypass role", I have found that if I specify the "bypass vlan" as the id of our default_vlan, and clear the violation and reevaluate the node, then the node will return to the default_vlan. I'd hoped that would solve the issue of white listing the few particular printers we have issues with, but I have noted that overnight, I don't know quite when or why, the nodes "Role" will be (spontaneously) change and will show a selection for "Noncompliant", and with that selected, I can not "bypass" the selection and put it back into the default_vlan. I must manually change the Role, clear the violation, and then "reevaluate". I am not certain how to permanently fix it so the printer is in the default vlan. I have the option of stripping the settings from the switch port the printer in collected to, but would rather not, it seems poor form and likely to trip us up later on. Help and guidance appreciated, Brian Computer/Network Admin Wadsworth Center/NYS Dept of Health Albany, NY . ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
