Hi Fabrice,
Thanks a lot for ur answer, really helpful!
One more thing I wanna ask is, if I do as you said
/"You need to create a wmi scan engine and add it in the
connection profile."/
When the client device triggers a violation, will it be
automatically moved to the isolation VLAN
On Tue, Jul 16, 2019 at 8:16 PM Fabrice Durand via
PacketFence-users <[email protected]
<mailto:[email protected]>> wrote:
Hello Chadwick,
Le 19-07-16 à 04 h 59, Chadwick Boseman via
PacketFence-users a écrit :
Hi All,
So I have a PF Zen up and running,
I have some questions regarding my understanding of
VLAN membership in PF:
1. When a new device (never connect / never register
before) is connected to the switch, it will be put into
the registration VLAN. And after they register their
device from the captive portal it will be moved to
guest VLAN automatically. Is this correct?? if not,
please explain to me
In fact the vlan you want.
2. after the device's MAC is registered in the PF
server, does the user have to manually enable the
802.1x auth from their ethernet adapter? or can PF
actually automatically change the VLAN to
default/normal VLAN and activate the 802.1x auth?
The supplicant needs to be configured if you wants to do
802.1x, you can do it by GPO if you have a domain.
Also you can do provisioning with packetfence but only
for wireless right now.
i followed the pf installation guide , the captive
portal is configured to the bare minimum where the user
just need to agree to some policy, and the device then
registered. My VLANs are as follow :
Guest : VLAN 640
Registration : VLAN 640
Normal/default : VLAN 625
Isolation : VLAN 641
The guest and registration VLANs are the same because
the installation guide said
/"in Role by VLAN ID, set the registration and guest
VLAN ID to 20 - this will ensure unregistered clients
are initially put in VLAN 20 and avoid a VLAN change
once they properly authenticate from the captive portal"/
/It's for web authentication, not for vlan enforcement,
so the registration vlan needs to be different than the
guest vlan./
I want something more to do on the captive portal, so I
configured a WMI scan so when a client register their
device on the captive portal, WMI checks whether they
have an Antivirus installed or not..
I want that if the device doesn't have an AV installed,
it is moved to the isolation VLAN (That's the correct
behavior right?) so how do I achieve this?
You need to create a wmi scan engine and add it in the
connection profile.
Regards
Fabrice
Thanks a lot guys..I'll really appreciate any
explanation/answer
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918
(x135) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
