Hello Charles, i will do something like that:
VLAN Filters: [Guest] filter = ssid operator = is value = Guest [IoT] filter = ssid operator = is value = IoT [IoT_Roles] filter = node_info.category operator = regex value = ^IoT.* [Guest_Roles] filter = node_info.category operator = regex value = ^Guest.* [not_guest:Guest&IoT_Roles] scope = RegisteredRole role = Guest-Reg #Tells the WLAN controller to do captive portaling action = modify_node action_param = mac = $mac, status = unreg [not_apnd:IoT&Guest_Roles] scope = RegisteredRole role = IoT-Reg #Tells the WLAN controller to do captive portaling action = modify_node action_param = mac = $mac, status = unregYou need to change the status of the device in the database because when the device will hit the portal PacketFence test the status of the device and if it's reg then it will revaluate the access.
Btw you will need to register the device again. Regards Fabrice Le 2017-03-21 à 18:29, Charles Rumford a écrit :
Hey - I'm currently in the process of setting up PacketFence to handle our Guest Networking. Down the line, we are going to be adding more services to this server. This server will eventually be handling two different SSIDs: Guest and IoT. I have a number of different roles associated with the two SSIDs: Guest-Reg, Guest-Auth, IoT-Reg, and IoT-Auth. What I want to do is if a node has a role of IoT and connects to Guest to present them with a captive portal telling they aren't allowed there, and vice versa. I have the following in place: VLAN Filters: [Guest] filter = ssid operator = is value = Guest [IoT] filter = ssid operator = is value = IoT [node_is_registered] filter = node_info.status operator = is value = reg [IoT_Roles] filter = node_info.category operator = regex value = ^IoT.* [Guest_Roles] filter = node_info.category operator = regex value = ^Guest.* [not_guest:Guest&IoT_Roles&node_is_registered] scope = RegisteredRole role = Guest-Reg #Tells the WLAN controller to do captive portaling [not_apnd:IoT&Guest_Roles&node_is_registered] scope = RegisteredRole role = IoT-Reg #Tells the WLAN controller to do captive portaling profiles.conf: [Guest-Violation] filter_match_style=all preregistration=disabled locale= root_module=Guest-Violation filter=ssid:Guest sources=null advanced_filter=category == "IoT-Auth" dot1x_recompute_role_from_portal=0 [Guest] dot1x_recompute_role_from_portal=0 preregistration=disabled locale= filter=ssid:Guest reuse_dot1x_credentials=enabled sources=email-only always_use_redirecturl=enabled redirecturl=http://www.upenn.edu root_module=Guest-Root I'm able to get a the captive portal generated by the profile Guest-Violation, the problem is the captive portal doesn't present the message I have configured in the module. It presents a error message saying the network will be available shortly, and then PacketFence does a re-eval of the node and sends role IoT-Auth to the controller. Is there any way to prevent the re-eval in the captive portal and to force it into the message? The major thing is if the device returns to the IoT SSID then I want it to connect successfully. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
