Hi Christian, I am busy configuring PF 8.3 and it looks like vlan_filters.conf.defaults is ignored. Same issue in PF 7.2 but only found a workaround now.
I had to add this in vlan_filters.conf to resolve: ################################################################## #Auto unreg anything that was autoreg when connecting to Guest [pf_node_auto_reg] filter = node_info.autoreg operator = is value = yes [guest_ssid] filter = ssid operator = is value = Guest #################### Always unregister device from autoreg ssid ##################### [10:pf_node_auto_reg&guest_ssid] scope = RegisteredRole action = modify_node action_param = mac = $mac, status = unreg, autoreg = no role = registration ################################################################## This unregisters any auto-registered device ie via 802.1x auth etc when the device connects to the guest ssid. Regards, Craig. >>> Nicolas Quiniou-Briand via PacketFence-users >>> <[email protected]> 2019/02/20 9:45 AM >>> Hello Christian, On 2019-02-19 8:57 p.m., Christian McDonald via PacketFence-users wrote: > Greetings, > > I want to make sure that registrations performed on one SSID aren't > allowed on another SSID. For example, I have an 802.1X WPA2-Enterprise > SSID for staff and students to use with their username and password > (Active Directory). I also have an open guest network that using dynamic > VLAN assignment to initially drop users onto the registration VLAN and > then move them over to the production guest VLAN. > > I want to make sure that if a registered user decides to move from the > WPA2-Enterprise SSID to the Guest SSID, that their role (and VLAN) > doesn't follow them onto the other SSID. There is a default VLAN filter called pf_deauth_from_wireless_secure that should do the job (see vlan_filters.conf.defaults). You should see its call in packetfence.log when a user try to move from the secure SSID to the open. -- Nicolas Quiniou-Briand [email protected] :: +1.514.447.4918 *140 :: https://inverse.ca Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence (https://packetfence.org) and Fingerbank (http://fingerbank.org) _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
