It depend how you configure your violation.
Le 19-07-18 à 05 h 33, Chadwick Boseman via PacketFence-users a écrit :
Hi Fabrice,
Thanks a lot for ur answer, really helpful!
One more thing I wanna ask is, if I do as you said
/"You need to create a wmi scan engine and add it in the connection
profile."/
When the client device triggers a violation, will it be automatically
moved to the isolation VLAN
On Tue, Jul 16, 2019 at 8:16 PM Fabrice Durand via PacketFence-users
<[email protected]
<mailto:[email protected]>> wrote:
Hello Chadwick,
Le 19-07-16 à 04 h 59, Chadwick Boseman via PacketFence-users a
écrit :
Hi All,
So I have a PF Zen up and running,
I have some questions regarding my understanding of VLAN
membership in PF:
1. When a new device (never connect / never register before) is
connected to the switch, it will be put into the registration
VLAN. And after they register their device from the captive
portal it will be moved to guest VLAN automatically. Is this
correct?? if not, please explain to me
In fact the vlan you want.
2. after the device's MAC is registered in the PF server, does
the user have to manually enable the 802.1x auth from their
ethernet adapter? or can PF actually automatically change the
VLAN to default/normal VLAN and activate the 802.1x auth?
The supplicant needs to be configured if you wants to do 802.1x,
you can do it by GPO if you have a domain.
Also you can do provisioning with packetfence but only for
wireless right now.
i followed the pf installation guide , the captive portal is
configured to the bare minimum where the user just need to agree
to some policy, and the device then registered. My VLANs are as
follow :
Guest : VLAN 640
Registration : VLAN 640
Normal/default : VLAN 625
Isolation : VLAN 641
The guest and registration VLANs are the same because the
installation guide said
/"in Role by VLAN ID, set the registration and guest VLAN ID to
20 - this will ensure unregistered clients are initially put in
VLAN 20 and avoid a VLAN change once they properly authenticate
from the captive portal"/
/It's for web authentication, not for vlan enforcement, so the
registration vlan needs to be different than the guest vlan./
I want something more to do on the captive portal, so I
configured a WMI scan so when a client register their device on
the captive portal, WMI checks whether they have an Antivirus
installed or not..
I want that if the device doesn't have an AV installed, it is
moved to the isolation VLAN (That's the correct behavior right?)
so how do I achieve this?
You need to create a wmi scan engine and add it in the connection
profile.
Regards
Fabrice
Thanks a lot guys..I'll really appreciate any explanation/answer
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
