Hello Diogo,
my remark bellow.
Le 2018-06-26 à 12:17, Diogo Da Silva Rocha via PacketFence-users a écrit :
Hi all.
I´m evaluating packefence solution for guest portal and a little more
control.
After a long time testing the solution, I stoped in a "problem" or
unknown feature in Aruba Controller.
All processes for registration are OK. I´m using Sponsor for Authorize
guests and change role by Radius Reply.
I can see my client on Aruba Controller changing the role
(PF_Open_Guest for PF_Guest_Auth), and the role "PF_Guest_auth" has a
Role vlan ID marked to 194 (My Destination vlan for this role) but my
device dont change IP Address after change the role.
I can see the client with correct role but wrong IP Add.
How can i do for Aruba controller permit change of Device IP add after
Change a role?
*My choose for workflow:*
when device not authorized connects, controller send a DHCP from
reserved Vlan for registration. This vlan is contained between Aruba
Controller and Packetfence and the Gateway for this Vlan is
packetfence. Any access for this device is redirected for Packetfence
portal.
After registration process (whatever it is: Password, email,
Sponsor...), packetfence chooses, following some conditions, a role
for register and authorize the user/device and this ROLE is sent by
packetfence for controller in Radius message Reply as follow:
(Jun 26 08:40:51 PacketFence-ZEN pfqueue: pfqueue(4045) INFO:
[xxxxx] Returning ACCEPT with role: PF_Guest_Permit_auth
(pf::Switch::Aruba::try {...} ))
This Role PF_Guest_Permit_auth is configured on Controller aruba as
follow:
user-role PF_Guest_Permit_auth
vlan 194
access-list session PERMITE_TUDO_POLICY
When process Finishes, i can see by Aruba cli comand "Show user Mac
xxx" that this user/device is connected with correctly options and the
Role was applyed for RFC3576 (COA) but VLAN is the same (2000 -
registration), even role PF_Guest_Permit_auth setting for 194.
What happen if you disconnect and reconnect the device on the ssid (or
if you disconnect from the controller the mac address) ?
Does the device go in the vlan 194 ?
If no then it's a Aruba issue.
I already faced issue with Aruba controller, i did a configuration with
no luck, so i removed it and did the same thing and worked ...
All my chooses on packetfence are by ROLE, according that roles, a
specific Vlan should by Applyed.
Be sure to remove all the Role by vlan id blank.
Id like to publish only 1 SSID, and according with packefence
policies, the device is registered on differents Vlans ans Roles in
Aruba Controller.
It is possible??! Someone with same problem?
Yes it's possible.
Regards
Fabrice
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
