Hi Timothy,
I'm also running unifi at my school and I'm trying to implement PF. Could
you help me with the following questions:
1. In the switches menu I've added the unifi controller IP and assigned
the Unifi Profile that's available in PF. This seem correct.
1. I've also added the AP's IP-addresses to the switches. Do I need to
assign the Unifi profile here as well?
Radius assigned VLAN's are only possible on 802.1x configured WIFI-networks
I'm afraid.
If I'm correct I need to setup 2 WIFI-SSID's to get PF to work:
1. One open SSID where users can register their device on the captive
portal page
2. One 802.1X protected SSID with Radius assigned VLAN's and mac-address
authentication. When the user has registered his or her device they now can
connect to this protected SSID.
Best regards,
Geert
2017-12-12 23:53 GMT+01:00 Timothy Mullican via PacketFence-users <
[email protected]>:
> Fabrice,
> I am running UniFi controller version 5.6.22 and UniFi AP-AC-Pro firmware
> 3.9.3.7537, both of which should be the latest. It appears that the Radius
> assigned VLAN option only shows up as an option in the UniFi controller
> when you choose WPA Enterprise. You can see screenshots of my setup below:
>
> https://i.imgsafe.org/05/05bb81f5b4.png
> https://i.imgsafe.org/05/05bbd86ab4.png
> https://i.imgsafe.org/05/05bbb5eafe.png
> https://i.imgsafe.org/05/05bbc22129.png
>
> The running config from the UniFi AP is also available at:
>
> https://pastebin.com/Zz0cRLSM
>
> Thanks!
> On Tuesday, December 12, 2017 10:13:36 AM CST, Fabrice
> Durand via PacketFence-users <[email protected]>
> wrote:
>
>
> You probably have to update the controller version.
>
>
>
> Le 2017-12-12 à 10:30, Timothy Mullican via PacketFence-users a écrit :
>
> Fabrice,
> On the UniFi controller the “Use dynamic VLAN assignment” option only
> shows up on SSIDs using 802.1x. Is there any way to also use dynamic vlan
> assignment on open SSIDs? For open networks it only lets me specify a
> static VLAN to use.
>
> Thanks!
>
> Sent from mobile phone
>
> On Dec 12, 2017, at 07:41, Fabrice Durand via PacketFence-users <
> [email protected]> wrote:
>
> Hello Timothy,
>
> you must enable that:
>
> https://raw.githubusercontent.com/inverse-inc/packetfence/
> ae18f50b4879cc2d4132490fcee33f2fbe53b36f/docs/images/unifi-radius.png
>
> Regards
>
> Fabrice
>
> Le 2017-12-12 à 01:37, Timothy Mullican via PacketFence-users a écrit :
>
> Hello all,
> I am trying to setup a proof of concept using an Ubiquiti UniFi UAP-PRO
> with the following setup:
>
> Cisco 3560-E L3 Switch
> UniFi UAP-PRO
> UniFi Controller running on CentOS 7.3 (docker) on ESXi
> PacketFence running on CentOS 7.3 on ESXi
>
> The Cisco switch has the following VLANs:
> VLAN 2 - registration
> VLAN 3 - isolation
> VLAN 4 - guest
> VLAN 10 - enterprise
> VLAN 20 - wireless
> VLAN 100 - out of band management
>
> I have created two SSIDs on the UniFi AP, a secure 802.1x SSID and an open
> SSID. I was able to apply the patch available at
> https://github.com/inverse-inc/packetfence/pull/2735 to enable 802.1x for
> the secure network and this is working correctly. However, for the open
> guest SSID, I am trying to do a captive portal with dynamic vlan
> assignment. The user would initially be placed in the registration vlan (2)
> and then moved to another vlan based on their user role (vlan 4 or 10). Both
> the UniFi controller VM and the UniFi AP are in VLAN 20. On the UniFi
> controller, dynamic VLAN assignment appears to only be an option under
> 802.1x networks, otherwise you must choose a static VLAN. I saw the
> external captive portal setup for the UniFi under the PacketFence Network
> Devices documentation, but I don’t believe this supports dynamic VLAN
> assignment. Does anyone know of any way to do dynamic VLAN assignment on an
> open wireless network with the UniFi AP, or have any suggestions?
>
> Thanks!
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 <(514)%20447-4918>
> (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 <(514)%20447-4918>
> (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
