Hello Christian,
On 2019-02-19 8:57 p.m., Christian McDonald via PacketFence-users wrote:
Greetings,
I want to make sure that registrations performed on one SSID aren't
allowed on another SSID. For example, I have an 802.1X WPA2-Enterprise
SSID for staff and students to use with their username and password
(Active Directory). I also have an open guest network that using dynamic
VLAN assignment to initially drop users onto the registration VLAN and
then move them over to the production guest VLAN.
I want to make sure that if a registered user decides to move from the
WPA2-Enterprise SSID to the Guest SSID, that their role (and VLAN)
doesn't follow them onto the other SSID.
There is a default VLAN filter called pf_deauth_from_wireless_secure
that should do the job (see vlan_filters.conf.defaults).
You should see its call in packetfence.log when a user try to move from
the secure SSID to the open.
--
Nicolas Quiniou-Briand
[email protected] :: +1.514.447.4918 *140 :: https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
