Hello Cristian, you can do that:
[smartphones_by_devclass] filter = node_info.device_class operator = is value = Smartphones/PDAs/Tablets [employees_ssid] filter = ssid operator = is value = aprapfdot1x [set_smartphone_role:smartphones_by_devclass&employees_ssid] scope = RegisteredRole role = smartphones action = modify_node action_param = mac = $mac, category = smartphones Regards Fabrice Le 2017-08-04 à 07:52, Cristian Mammoli via PacketFence-users a écrit : > I saw one can set a role using a "violation" but this is not a real > violation. The role is set but the device is put into the isolation > vlan if I set "Re-evealuate". The violation should set the role, > "self-close" and reevaluate. > Anyway I cannot restrict the violation to only one SSID like I would like > > Another way is via vlan_filters like this: > > [smartphones_by_devclass] > filter = node_info.device_class > operator = is > value = Smartphones/PDAs/Tablets > > [employees_ssid] > filter = ssid > operator = is > value = aprapfdot1x > > [set_smartphone_role:smartphones_by_devclass&employees_ssid] > scope = RegisteredRole > role = smartphones > > It works but the role is not reflected in the gui, furthemore there is > no way to "override" this behaviour for some device. > > What I would like to achieve is: > Corporate smartphones are assigned the smartphone role and put in the > appropriate vlan BY DEFAULT, but I should be able to override this if > needed > > Ty > Il 03/08/2017 14:20, Cristian Mammoli via PacketFence-users ha scritto: >> Hi, is it possible to assign a role based on the device class as >> shown in the nodes page? >> >> I would like to put all corporate smartphones in a dedicated vlan but >> I didn't find a way to do it. >> Smartphones are authenticated with 802.1x, I tried to assign a role >> in the authentication source based on the computer name "start with >> android-" but it is ignored. >> > -- Fabrice Durand fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
