Hello there, I'm struggling with configuring Wireless MAB with Ubiquiti Access Points, my goal is to authenticate wireless supplicants through Ubiquiti APs with PacketFence's Captive Portal and dynamic VLAN, in this way they can be moved into the right VLAN (after a successful authentication with credentials).
Some infos: Unifi controller version: 7.29 Ubiquiti AP nanohd firmware version: 6.6 PacketFence version: 13.2 To setup the environment (specifically the SSIDs) I followed the section 6.28 under the Network Devices Configuration Guide, specifically 6.28.2 VLAN Enforcement. I enabled CoA on Unifi Controller and on PacketFence "Switches" section I added the AP through his IP, then I configured: SNMP strings, WebServices (https), RADIUS secret password, associated VLAN IDs with Roles, specified Unifi Controller IP address, enabled deauth wih CoA, specified "RADIUS" under Deauthentication Method option, choosed "Production" mode and "Unifi Controller" as type. For now, a supplicant which connect to open SSID is correctly redirected to Captive Portal, but, after login, it isn't dynamically moved into the correct VLAN, instead, it needs to switch off and switch on WiFi in order to reconnect to the SSID and to take the IP in the right VLAN through our DHCP server. Is there a way to fix this behaviour and make the supplicant dynamically moved? One strange behaviour is that sometimes a supplicant is correctly dynamically moved into the assigned Role (so the assigned VLAN) after login (I don't know why sometimes it works without changing anything on Unifi side neither PF side). For example: 2 supplicants are correctly moved into thw VLAN, while the third supplicant which come after them, after a successful login, is not dynamically moved into the assigned VLAN. Any suggestions with this? Another issue: if I delete a node after a successful authentication, PacketFence RADIUS server send a Disconnect Request to the Ubiquiti AP, the Ubituiti AP replies with a "Disconnect-ACK" packet but the supplicant still connected to WiFi without being disconnected. How can I successfully disconnect a client? Eventually, I have a suspect that is all properly configured on PF and on Unifi Controller, at this point my question is: which is the actual status of integration between PF and Unifi? Does the MAB authentication ever worked? Thanks!
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
