Hello Enrique, Thank you for your response. Yes I have AP the AP connected via Trunk. However the same still happens, clients are not able to connect to the Open network in order to access the registration portal. Do I need to make the registration VLAN 20 the default /untagged VLAN on the trunk ports? In that case, the AP can directly communicate with PF on the default network. Thanks in advance.
Warm regards, Rexford A. Nyarko. On Wed, Jul 17, 2024 at 8:14 AM Enrique Gross via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hi Rexford > > Hope you are doing well > > When configuring SSID on the Unifi side with Radius, it is ok that you can > not set VLAN 20 as registration. On the PF side, it's in the roles (Role > mapping by VLAN ID) when configuring APs that you will set up your VLAN for > registration, prod or other vlan. So, as long registration vlan, prod, etc > vlans are vlan trunk to AP, that's fine. > > So, an unreg user will be evaluated upon connection, as the condition is > unreg it will be placed on registration vlan that is defined on your Switch > roles. > > Sorry for my bad english, hope it helps. > > Enrique. > > > > El lun, 15 jul 2024 a las 5:22, Rexford Nyarko via PacketFence-users (< > packetfence-users@lists.sourceforge.net>) escribió: > >> Hello All, >> >> First, my user environment consists mostly of Linux, windows users and >> occasionally Mac. Network hardware consists of Cisco 2960 switches for LAN >> and Unifi AP AC Pro for wireless connectivity. I need to have an >> authentication setup such that users log in with their LDAP credentials and >> users are assigned VLANS based on their *memberOf* LDAP attribute. >> >> Here's what I have done so far, >> 1. Installed PF 13.2 with two interfaces, 1 separate for management and >> another trunk with all VLAN interfaces added. >> 2. Configured LDAP Authentication source >> 3. Configured a connection Profile using the LDAP auth source. >> 4. Added Unifi APs individually to PF via MAC Address. (Initially, I >> tried adding the controller IP method but that didn't work with some weird >> errors about not being able to instantiate Switch) >> 5. Configured Unifi Controller and Wifi with guest profile and external >> Captive portal pointing to PF as instructed in the documentation. >> 6. Enabled the captive portal and respective services on the trunk >> interface. >> All to this point everything works great. As soon as a user connects to >> the open SSID they get redirected to the captive portal on PF and >> authenticate successfully with LDAP. This works great no problem. I intend >> to keep that and later change the auth source for guest Portal. >> >> Now I am trying to do vlan assignment. I followed the PF documentation >> for Ubiquity to set up the controller with the Raduis profile SSID and all. >> However, things are not working as expected. I am a bit confused here. >> 1. I have created interfaces, registration VLAN - 20 and Isolation VLAN >> - 30 on the trunk interface. >> 2. I also have added 3 other production VLANs where I manage DNS and DHCP >> 3. the open SSID on unifi controller cannot be set to the Registration >> VLAN 20 when Radius is enabled. So there is no way to communicate with PF >> via the Registration VLAN hence users cannot get IPs from PF on the open >> SSID and therefore cannot log in. >> I need advice on how to get this working. Do I have to make the >> registration VLAN the native or default vlan on the trunk and configure the >> guest captive portal on a different vlan which i can assign in the unifi >> controller? >> >> Also, I have a problem where DNS queries on each vlan/subnet points to >> the PF interface outside that subnet. eg pf.example.com - 192.168.0.1/24 >> on registration vlan, and PF on captive portal vlan 40 the IP is >> 192.168.1.1/24 but DNS query from captive portal interface gives >> registration vlan IP of PF. >> I would prefer that queries from each vlan would provide the respective >> PF interface on that vlan, >> Any help is appreciated. >> >> >> >> >> Warm regards, >> Rexford. >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > -- > > [image: Imágenes integradas 1] > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
