Hello, I have 3 iap controleur. I am in a out of band mode for PF. I use the same method of Fernando but I don't put a url anywhere (perhaps it' a error). When a new device is connected, PF push the registration role to the IAP and the IAP make the translation Role/Vlan. In PF config, you need tu put a text for the role (ex: REG) and in the IAP you need to convert the text: REG with the good Vlan (I'm not using COA).And the same with the other role you want to push.
Le jeu. 12 août 2021 à 08:14, Fernando Pimenta via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi Jeremy, > > I managed to get Aruba IAP working with packetfence CP. > > I'm preparing a small tutorial (in Portuguese, but with many images > showing the configs). > > I had to create roles in PF and roles in IAP, and mapping these roles. > I've used role-based authentication and CoA. But the URL I use is not the > same as yours. I've put /captive-portal in the field. > > Best regards, > > Fernando Pimenta > > On Wed, Aug 11, 2021 at 5:12 AM Jeremy Yoke via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > >> Hello All, >> >> >> >> I have searched through the archives and see I have a similar problem, >> but none of the answers seem to help or they end in seemingly no conclusion. >> >> I have a new install of Packetfence 10.2 on Debian 9.13 (Stretch). >> >> I am struggling with getting the captive portal working in a solid manner >> with my IAPs (Aruba IAP-225) v6.5.4 (has a Virtual Controller) >> >> >> >> The captive portal works when I use URL http://my.ip.add/Aruba , but it >> shows Not Implemented when I use http://my.ip.add/Aruba::Instant_Access >> >> With the /Aruba URL I am able to register and login, it unfortunately >> does not assign my role. In the auditing it says it gets no response - >> Reply-Message = Error - Timeout >> >> If I disconnect and reconnect I am fully connected and the internet works >> as it should. I believe however that having to disconnect and re-connect >> is not an efficient method. >> >> I have tried with COA, without COA, With a controller IP and without. >> Deauthentication method as Blank and as RADIUS as well as several of these >> combinations. I maybe missing the right ones. >> >> >> >> Anyone have a full write up on the configuration or fields that need to >> be filled on PF? Unfortunately the guide does not cover captive portal >> with Instant Access. >> >> Also a config for the IAP? >> >> >> >> Switches.conf >> >> >> >> [10.1.145.100] >> >> group=Aruba_IAP >> >> description=Aruba VC >> >> >> >> [10.1.145.105] >> >> group=Aruba_IAP >> >> description=Operations >> >> >> >> [group Aruba_IAP] >> >> type=Aruba::Instant_Access >> >> radiusSecret=mysecret >> >> description=Aruba Wireless AP >> >> VoIPDHCPDetect=N >> >> defaultRole=Test >> >> registrationRole=registration >> >> RoleMap=Y >> >> registrationUrl=http://10.1.145.113/Aruba::Instant_Access >> >> guestRole=guest >> >> ExternalPortalEnforcement=Y >> >> guestAccessList=guest >> >> AccessListMap=Y >> >> registrationAccessList=registration >> >> defaultAccessList=Test >> >> VlanMap=N >> >> UrlMap=Y >> >> useCoA=N >> >> >> >> On IAP this is what I have: >> >> >> >> wlan access-rule registration >> >> Some settings/rules >> >> wlan access-rule guest >> >> Some Settings/rules >> >> >> >> wlan auth-server packetfencer >> >> ip 10.1.145.113 >> >> port 1812 >> >> acctport 1813 >> >> retry-count 5 >> >> key ***************** >> >> rfc3576 >> >> cppm-rfc3576-port 5999 >> >> >> >> wlan ssid-profile Test >> >> enable >> >> index 3 >> >> type guest >> >> essid Some-Guest >> >> opmode opensystem >> >> max-authentication-failures 0 >> >> vlan 159 >> >> auth-server packetfencer >> >> set-role-pre-auth registration >> >> rf-band all >> >> captive-portal external profile packetfencep >> >> mac-authentication >> >> dtim-period 1 >> >> broadcast-filter arp >> >> radius-accounting >> >> dmo-channel-utilization-threshold 90 >> >> local-probe-req-thresh 0 >> >> max-clients-threshold 64 >> >> >> >> wlan external-captive-portal packetfencep >> >> server 10.1.145.113 >> >> port 80 >> >> url "/Aruba" >> >> auth-text "" >> >> redirect-url https://www.myinternetpage.com/ >> >> auto-whitelist-disable >> >> server-offload >> >> >> >> >> >> *Jeremy Yoke* >> >> *Info Tech Manager* >> >> *TREALITY**®** Simulation Visual Systems* >> >> 600 Bellbrook Ave. >> >> Xenia, Ohio 45385 >> >> Direct Tel: +1 (937) 736 2215 >> >> Cell: +1 (937) 901 5684 >> >> jeremy.y...@trealitysvs.com <alessandra.na...@trealitysvs.com> >> >> www.TREALITYSVS.com <http://www.trealitysvs.com/> >> >> Follow us on <https://www.linkedin.com/company/esterline-svs> >> >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
