In the PF interface: [image: image.png]
in the IAP interface: [image: image.png] Le jeu. 12 août 2021 à 14:28, Jeremy Yoke via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Thank you very much for your reply Fernando! > > I am very much looking forward to your tutorial. There are several > resources to translate that along with pictures would be quite helpful. I > also did it with /captive-portal. I do have roles in both. I effectively > just use registration and guest currently. I will retry with COA on. I > assume I have my roles setup correctly in Aruba, these are actually access > lists or ACLs right? > > > > Kind Regards, > > > > *Jeremy Yoke * > > *Info Tech Manager * > > *TREALITY**®** Simulation Visual Systems * > > > > *From:* Fernando Pimenta via PacketFence-users < > packetfence-users@lists.sourceforge.net> > *Sent:* Wednesday, August 11, 2021 9:07 AM > *To:* packetfence-users@lists.sourceforge.net > *Cc:* Fernando Pimenta <fernando.c.pime...@gmail.com> > *Subject:* Re: [PacketFence-users] Aruba IAP > > > > Hi Jeremy, > > I managed to get Aruba IAP working with packetfence CP. > > I'm preparing a small tutorial (in Portuguese, but with many images > showing the configs). > > I had to create roles in PF and roles in IAP, and mapping these roles. > I've used role-based authentication and CoA. But the URL I use is not the > same as yours. I've put /captive-portal in the field. > > Best regards, > > Fernando Pimenta > > > > On Wed, Aug 11, 2021 at 5:12 AM Jeremy Yoke via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > > Hello All, > > > > I have searched through the archives and see I have a similar problem, but > none of the answers seem to help or they end in seemingly no conclusion. > > I have a new install of Packetfence 10.2 on Debian 9.13 (Stretch). > > I am struggling with getting the captive portal working in a solid manner > with my IAPs (Aruba IAP-225) v6.5.4 (has a Virtual Controller) > > > > The captive portal works when I use URL http://my.ip.add/Aruba > <https://us-east-2.protection.sophos.com?d=my.ip.add&u=aHR0cDovL215LmlwLmFkZC9BcnViYQ==&i=NjBhNGUxYjg5YzEyNDkwZTllOGRmYTI2&t=SlJHUXJidDNhRUZIU3hyVkpTVWhiTTZDbEljVlVjbG5CaHk3am5GOWJUOD0=&h=be552bdf7b724fce9b1bc74ab56ebd25> > , but it shows Not Implemented when I use > http://my.ip.add/Aruba::Instant_Access > <https://us-east-2.protection.sophos.com?d=my.ip.add&u=aHR0cDovL215LmlwLmFkZC9BcnViYTo6SW5zdGFudF9BY2Nlc3M=&i=NjBhNGUxYjg5YzEyNDkwZTllOGRmYTI2&t=bnU3SjFLQ2lvNUMyVTFYZmZZeXd2RlJISEpTazM2aE1MZmVpWDhrcm5aWT0=&h=be552bdf7b724fce9b1bc74ab56ebd25> > > With the /Aruba URL I am able to register and login, it unfortunately does > not assign my role. In the auditing it says it gets no response - > Reply-Message = Error - Timeout > > If I disconnect and reconnect I am fully connected and the internet works > as it should. I believe however that having to disconnect and re-connect > is not an efficient method. > > I have tried with COA, without COA, With a controller IP and without. > Deauthentication method as Blank and as RADIUS as well as several of these > combinations. I maybe missing the right ones. > > > > Anyone have a full write up on the configuration or fields that need to be > filled on PF? Unfortunately the guide does not cover captive portal with > Instant Access. > > Also a config for the IAP? > > > > Switches.conf > > > > [10.1.145.100] > > group=Aruba_IAP > > description=Aruba VC > > > > [10.1.145.105] > > group=Aruba_IAP > > description=Operations > > > > [group Aruba_IAP] > > type=Aruba::Instant_Access > > radiusSecret=mysecret > > description=Aruba Wireless AP > > VoIPDHCPDetect=N > > defaultRole=Test > > registrationRole=registration > > RoleMap=Y > > registrationUrl=http://10.1.145.113/Aruba::Instant_Access > > guestRole=guest > > ExternalPortalEnforcement=Y > > guestAccessList=guest > > AccessListMap=Y > > registrationAccessList=registration > > defaultAccessList=Test > > VlanMap=N > > UrlMap=Y > > useCoA=N > > > > On IAP this is what I have: > > > > wlan access-rule registration > > Some settings/rules > > wlan access-rule guest > > Some Settings/rules > > > > wlan auth-server packetfencer > > ip 10.1.145.113 > > port 1812 > > acctport 1813 > > retry-count 5 > > key ***************** > > rfc3576 > > cppm-rfc3576-port 5999 > > > > wlan ssid-profile Test > > enable > > index 3 > > type guest > > essid Some-Guest > > opmode opensystem > > max-authentication-failures 0 > > vlan 159 > > auth-server packetfencer > > set-role-pre-auth registration > > rf-band all > > captive-portal external profile packetfencep > > mac-authentication > > dtim-period 1 > > broadcast-filter arp > > radius-accounting > > dmo-channel-utilization-threshold 90 > > local-probe-req-thresh 0 > > max-clients-threshold 64 > > > > wlan external-captive-portal packetfencep > > server 10.1.145.113 > > port 80 > > url "/Aruba" > > auth-text "" > > redirect-url https://www.myinternetpage.com/ > <https://us-east-2.protection.sophos.com?d=myinternetpage.com&u=aHR0cHM6Ly93d3cubXlpbnRlcm5ldHBhZ2UuY29tLw==&i=NjBhNGUxYjg5YzEyNDkwZTllOGRmYTI2&t=WVAwdmxzbldpQk55c1VLUnZxLzlEYWR5L2ZDWDVtN2JGRHlCTlp1RHVhWT0=&h=be552bdf7b724fce9b1bc74ab56ebd25> > > auto-whitelist-disable > > server-offload > > > > > > *Jeremy Yoke* > > *Info Tech Manager* > > *TREALITY**®** Simulation Visual Systems* > > 600 Bellbrook Ave. > > Xenia, Ohio 45385 > > Direct Tel: +1 (937) 736 2215 > > Cell: +1 (937) 901 5684 > > jeremy.y...@trealitysvs.com <alessandra.na...@trealitysvs.com> > > www.TREALITYSVS.com <http://www.trealitysvs.com/> > > Follow us on > <https://us-east-2.protection.sophos.com/?d=linkedin.com&u=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2NvbXBhbnkvZXN0ZXJsaW5lLXN2cw==&i=NjBhNGUxYjg5YzEyNDkwZTllOGRmYTI2&t=dFNXVE9hd0lVNElXWUpvcTd5em9IWGlWYUcxaW5FejN0Tk01Nlc0eXlnND0=&h=be552bdf7b724fce9b1bc74ab56ebd25> > > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > <https://us-east-2.protection.sophos.com?d=sourceforge.net&u=aHR0cHM6Ly9saXN0cy5zb3VyY2Vmb3JnZS5uZXQvbGlzdHMvbGlzdGluZm8vcGFja2V0ZmVuY2UtdXNlcnM=&i=NjBhNGUxYjg5YzEyNDkwZTllOGRmYTI2&t=UGNnWnh2eUxmclJwWkR5Y2RSeUthVmlveW5SR0Z3SnYzSVJjZUVjblpxWT0=&h=be552bdf7b724fce9b1bc74ab56ebd25> > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
