Hey - I'm currently in the process of setting up PacketFence to handle our Guest Networking. Down the line, we are going to be adding more services to this server.
This server will eventually be handling two different SSIDs: Guest and IoT. I have a number of different roles associated with the two SSIDs: Guest-Reg, Guest-Auth, IoT-Reg, and IoT-Auth. What I want to do is if a node has a role of IoT and connects to Guest to present them with a captive portal telling they aren't allowed there, and vice versa. I have the following in place: VLAN Filters: [Guest] filter = ssid operator = is value = Guest [IoT] filter = ssid operator = is value = IoT [node_is_registered] filter = node_info.status operator = is value = reg [IoT_Roles] filter = node_info.category operator = regex value = ^IoT.* [Guest_Roles] filter = node_info.category operator = regex value = ^Guest.* [not_guest:Guest&IoT_Roles&node_is_registered] scope = RegisteredRole role = Guest-Reg #Tells the WLAN controller to do captive portaling [not_apnd:IoT&Guest_Roles&node_is_registered] scope = RegisteredRole role = IoT-Reg #Tells the WLAN controller to do captive portaling profiles.conf: [Guest-Violation] filter_match_style=all preregistration=disabled locale= root_module=Guest-Violation filter=ssid:Guest sources=null advanced_filter=category == "IoT-Auth" dot1x_recompute_role_from_portal=0 [Guest] dot1x_recompute_role_from_portal=0 preregistration=disabled locale= filter=ssid:Guest reuse_dot1x_credentials=enabled sources=email-only always_use_redirecturl=enabled redirecturl=http://www.upenn.edu root_module=Guest-Root I'm able to get a the captive portal generated by the profile Guest-Violation, the problem is the captive portal doesn't present the message I have configured in the module. It presents a error message saying the network will be available shortly, and then PacketFence does a re-eval of the node and sends role IoT-Auth to the controller. Is there any way to prevent the re-eval in the captive portal and to force it into the message? The major thing is if the device returns to the IoT SSID then I want it to connect successfully. -- Charles Rumford Senior Network Engineer ISC Tech Services University of Pennsylvania OpenPGP Key ID: 0xF3D8215A
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
