Hi Fabrice,
Thanks a lot for ur answer, really helpful!
One more thing I wanna ask is, if I do as you said
/"You need to create a wmi scan engine and add it in the
connection profile."/
When the client device triggers a violation, will it be
automatically moved to the isolation VLAN
On Tue, Jul 16, 2019 at 8:16 PM Fabrice Durand via
PacketFence-users <packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Chadwick,
Le 19-07-16 à 04 h 59, Chadwick Boseman via PacketFence-users
a écrit :
Hi All,
So I have a PF Zen up and running,
I have some questions regarding my understanding of VLAN
membership in PF:
1. When a new device (never connect / never register before)
is connected to the switch, it will be put into the
registration VLAN. And after they register their device from
the captive portal it will be moved to guest VLAN
automatically. Is this correct?? if not, please explain to me
In fact the vlan you want.
2. after the device's MAC is registered in the PF server,
does the user have to manually enable the 802.1x auth from
their ethernet adapter? or can PF actually automatically
change the VLAN to default/normal VLAN and activate the
802.1x auth?
The supplicant needs to be configured if you wants to do
802.1x, you can do it by GPO if you have a domain.
Also you can do provisioning with packetfence but only for
wireless right now.
i followed the pf installation guide , the captive portal is
configured to the bare minimum where the user just need to
agree to some policy, and the device then registered. My
VLANs are as follow :
Guest : VLAN 640
Registration : VLAN 640
Normal/default : VLAN 625
Isolation : VLAN 641
The guest and registration VLANs are the same because the
installation guide said
/"in Role by VLAN ID, set the registration and guest VLAN ID
to 20 - this will ensure unregistered clients are initially
put in VLAN 20 and avoid a VLAN change once they properly
authenticate from the captive portal"/
/It's for web authentication, not for vlan enforcement, so
the registration vlan needs to be different than the guest vlan./
I want something more to do on the captive portal, so I
configured a WMI scan so when a client register their device
on the captive portal, WMI checks whether they have an
Antivirus installed or not..
I want that if the device doesn't have an AV installed, it
is moved to the isolation VLAN (That's the correct behavior
right?) so how do I achieve this?
You need to create a wmi scan engine and add it in the
connection profile.
Regards
Fabrice
Thanks a lot guys..I'll really appreciate any explanation/answer
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users