> De: "Michael Westergaard via PacketFence-users" > <[email protected]> Hi Michael,
> I am trying to see if Packetfence is a proper way to do NAC with Unifi UAP-AC > with dynamic VLAN. According to the new Unifi Controller 5.5.19 release, > Dynamic Wireless VLAN with RADIUS is now out of beta which Packetfence is > using > for authenticating users over wireless and then changing the VLAN. > However I cannot find any documentation anywhere if this is possible in > Packetfence Documentation? > Especially Packetfence Out of Band (Dynamic VLAN) with Unifi. Have anybody > been > able to make it work? We made some test a few weeks ago, and we've been able to manage an Unifi controler using Radius mode ( rather than the Portal mode described in PacketFence documentation). This allow you to use dynamic VLAN with WPA2-Enterprise, as it seems that dynamic VLAN are only available in secure mode on unifi. The only change we had to do (on the packetfence side) was That means you have to configure your AP type as "Unifi Controller" in packetfence, and set the Deauth method to "HTTPS", instead of Radius. Of course you will also define the unifi controller IP in the same location. Then you will have to edit (or override) the Unifi.pm module to change the webservice command used to auth/deauth users : this is in the "_deauthenticateMacWithHTTP" method, and you should use the "kick-sta" unifi command through the webservice, instead of the "authorize-guest/unauthorise-guest". Hope this help, Regards ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
