Hi Fabrice, Thanks a lot for ur answer, really helpful! One more thing I wanna ask is, if I do as you said
*"You need to create a wmi scan engine and add it in the connection profile."* When the client device triggers a violation, will it be automatically moved to the isolation VLAN On Tue, Jul 16, 2019 at 8:16 PM Fabrice Durand via PacketFence-users < [email protected]> wrote: > Hello Chadwick, > Le 19-07-16 à 04 h 59, Chadwick Boseman via PacketFence-users a écrit : > > Hi All, > So I have a PF Zen up and running, > > I have some questions regarding my understanding of VLAN membership in PF: > 1. When a new device (never connect / never register before) is connected > to the switch, it will be put into the registration VLAN. And after they > register their device from the captive portal it will be moved to guest > VLAN automatically. Is this correct?? if not, please explain to me > > In fact the vlan you want. > > 2. after the device's MAC is registered in the PF server, does the user > have to manually enable the 802.1x auth from their ethernet adapter? or can > PF actually automatically change the VLAN to default/normal VLAN and > activate the 802.1x auth? > > The supplicant needs to be configured if you wants to do 802.1x, you can > do it by GPO if you have a domain. > > Also you can do provisioning with packetfence but only for wireless right > now. > > > i followed the pf installation guide , the captive portal is configured to > the bare minimum where the user just need to agree to some policy, and the > device then registered. My VLANs are as follow : > Guest : VLAN 640 > Registration : VLAN 640 > Normal/default : VLAN 625 > Isolation : VLAN 641 > > The guest and registration VLANs are the same because the installation > guide said > *"in Role by VLAN ID, set the registration and guest VLAN ID to 20 - this > will ensure unregistered clients are initially put in VLAN 20 and avoid a > VLAN change once they properly authenticate from the captive portal"* > > *It's for web authentication, not for vlan enforcement, so the > registration vlan needs to be different than the guest vlan.* > > > I want something more to do on the captive portal, so I configured a WMI > scan so when a client register their device on the captive portal, WMI > checks whether they have an Antivirus installed or not.. > I want that if the device doesn't have an AV installed, it is moved to the > isolation VLAN (That's the correct behavior right?) so how do I achieve > this? > > You need to create a wmi scan engine and add it in the connection profile. > > Regards > > Fabrice > > > > Thanks a lot guys..I'll really appreciate any explanation/answer > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
