Hello Chadwick,
Le 19-07-16 à 04 h 59, Chadwick Boseman via PacketFence-users a écrit :
Hi All,
So I have a PF Zen up and running,
I have some questions regarding my understanding of VLAN membership in PF:
1. When a new device (never connect / never register before) is
connected to the switch, it will be put into the registration VLAN.
And after they register their device from the captive portal it will
be moved to guest VLAN automatically. Is this correct?? if not, please
explain to me
In fact the vlan you want.
2. after the device's MAC is registered in the PF server, does the
user have to manually enable the 802.1x auth from their ethernet
adapter? or can PF actually automatically change the VLAN to
default/normal VLAN and activate the 802.1x auth?
The supplicant needs to be configured if you wants to do 802.1x, you can
do it by GPO if you have a domain.
Also you can do provisioning with packetfence but only for wireless
right now.
i followed the pf installation guide , the captive portal is
configured to the bare minimum where the user just need to agree to
some policy, and the device then registered. My VLANs are as follow :
Guest : VLAN 640
Registration : VLAN 640
Normal/default : VLAN 625
Isolation : VLAN 641
The guest and registration VLANs are the same because the installation
guide said
/"in Role by VLAN ID, set the registration and guest VLAN ID to 20 -
this will ensure unregistered clients are initially put in VLAN 20 and
avoid a VLAN change once they properly authenticate from the captive
portal"/
/It's for web authentication, not for vlan enforcement, so the
registration vlan needs to be different than the guest vlan./
I want something more to do on the captive portal, so I configured a
WMI scan so when a client register their device on the captive portal,
WMI checks whether they have an Antivirus installed or not..
I want that if the device doesn't have an AV installed, it is moved to
the isolation VLAN (That's the correct behavior right?) so how do I
achieve this?
You need to create a wmi scan engine and add it in the connection profile.
Regards
Fabrice
Thanks a lot guys..I'll really appreciate any explanation/answer
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
