Fabrice,
I have changed the UniFi open network to match your setup on the Github issue
#2735 (see screenshot links below). Now, however, I get the following error for
any of my VLANs:
"RADIUS: Invalid VLAN ID 2 received from RADIUS server"
"RADIUS: Invalid VLAN ID 4 received from RADIUS server" (either one depending
on if the device is already registered in PacketFence)
It is interesting because the 802.1x secure network is able to route and access
all VLANs correctly without issue. VLANs 2 & 4 are present on the Cisco switch
and work with the 802.1x network. It is just the open network giving me the
invalid VLAN issue. I have re-provisioned the access point and it is still not
able to find the VLANs. Please advise if you have any suggestions.
Photo Links:
https://i.imgsafe.org/0a/0ac3ba3dae.png
https://i.imgsafe.org/0b/0b5285d0db.png
https://i.imgsafe.org/0a/0ace4cd6a1.png
https://i.imgsafe.org/0a/0ace7ddd1e.png
Thanks!
On Tuesday, December 12, 2017, 5:48:27 PM CST, Timothy Mullican via
PacketFence-users <[email protected]> wrote:
Fabrice,I am running UniFi controller version 5.6.22 and UniFi AP-AC-Pro
firmware 3.9.3.7537, both of which should be the latest. It appears that the
Radius assigned VLAN option only shows up as an option in the UniFi controller
when you choose WPA Enterprise. You can see screenshots of my setup below:
https://i.imgsafe.org/05/05bb81f5b4.pnghttps://i.imgsafe.org/05/05bbd86ab4.pnghttps://i.imgsafe.org/05/05bbb5eafe.pnghttps://i.imgsafe.org/05/05bbc22129.png
The running config from the UniFi AP is also available at:
https://pastebin.com/Zz0cRLSM
Thanks!
On Tuesday, December 12, 2017 10:13:36 AM CST, Fabrice
Durand via PacketFence-users <[email protected]> wrote:
You probably have to update the controller version.
Le 2017-12-12 à 10:30, Timothy Mullican via PacketFence-users a écrit :
Fabrice, On the UniFi controller the “Use dynamic VLAN assignment” option only
shows up on SSIDs using 802.1x. Is there any way to also use dynamic vlan
assignment on open SSIDs? For open networks it only lets me specify a static
VLAN to use.
Thanks!
Sent from mobile phone
On Dec 12, 2017, at 07:41, Fabrice Durand via PacketFence-users
<[email protected]> wrote:
Hello Timothy,
you must enable that:
https://raw.githubusercontent.com/inverse-inc/packetfence/ae18f50b4879cc2d4132490fcee33f2fbe53b36f/docs/images/unifi-radius.png
Regards
Fabrice
Le 2017-12-12 à 01:37, Timothy Mullican via PacketFence-users a écrit :
Hello all, I am trying to setup a proof of concept using an Ubiquiti UniFi
UAP-PRO with the following setup:
Cisco 3560-E L3 Switch UniFi UAP-PRO UniFi Controller running on CentOS 7.3
(docker) on ESXi PacketFence running on CentOS 7.3 on ESXi
The Cisco switch has the following VLANs: VLAN 2 - registration VLAN 3 -
isolation VLAN 4 - guest VLAN 10 - enterprise VLAN 20 - wireless VLAN 100 -
out of band management
I have created two SSIDs on the UniFi AP, a secure 802.1x SSID and an open
SSID. I was able to apply the patch available at
https://github.com/inverse-inc/packetfence/pull/2735 to enable 802.1x for the
secure network and this is working correctly. However, for the open guest SSID,
I am trying to do a captive portal with dynamic vlan assignment. The user would
initially be placed in the registration vlan (2) and then moved to another vlan
based on their user role (vlan 4 or 10). Both the UniFi controller VM and the
UniFi AP are in VLAN 20. On the UniFi controller, dynamic VLAN assignment
appears to only be an option under 802.1x networks, otherwise you must choose a
static VLAN. I saw the external captive portal setup for the UniFi under the
PacketFence Network Devices documentation, but I don’t believe this supports
dynamic VLAN assignment. Does anyone know of any way to do dynamic VLAN
assignment on an open wireless network with the UniFi AP, or have any
suggestions?
Thanks!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
