I try to make wifi works with captive portal and VLAN enforcement, but
without the 802.1X, so I read this mail :
http://www.mail-archive.com/[email protected]/msg01650.html
And I try many solution, I post here the last :
Cisco Aironet 1242 :
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
no aaa new-model
!
dot11 ssid PacketFence-hidden[test]
vlan 10
authentication open mac-address 0200.0001.0001
!
dot11 ssid PacketFence-pub[test]
vlan 20
authentication open
guest-mode
!
dot11 network-map
power inline negotiation prestandard source
!
!
username Cisco password 7 032752180500
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
ssid PacketFence-hidden[test]
!
ssid PacketFence-pub[test]
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0
24.0 36.0 48.0 54.0
station-role root
bridge-group 100
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
bridge-group 100 spanning-disabled
!
interface Dot11Radio0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
bridge-group 10 spanning-disabled
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
!
interface Dot11Radio0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
bridge-group 30 subscriber-loop-control
bridge-group 30 block-unknown-source
no bridge-group 30 source-learning
no bridge-group 30 unicast-flooding
bridge-group 30 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 101
bridge-group 101 subscriber-loop-control
bridge-group 101 block-unknown-source
no bridge-group 101 source-learning
no bridge-group 101 unicast-flooding
bridge-group 101 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
hold-queue 160 in
!
interface FastEthernet0.10
encapsulation dot1Q 10
no ip route-cache
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
!
interface FastEthernet0.30
encapsulation dot1Q 30
no ip route-cache
bridge-group 30
no bridge-group 30 source-learning
bridge-group 30 spanning-disabled
!
interface FastEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 192.168.50.11 255.255.255.0
no ip route-cache
!
snmp-server community public RO
snmp-server community private RW
snmp-server enable traps snmp authentication linkdown linkup coldstart
warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server host 192.168.50.1 version 2c public deauthenticate
!
bridge 1 route ip
And, in PacketFence, in switches.conf :
[192.168.50.11]
type=Cisco::Aironet_1242
mode=production
vlans=10,20,30
normalVlan=10
registrationVlan=20
isolationVlan=30
controllerIp=
SNMPVersionTrap=2c
SNMPVersion=2c
I read "Network Device Configuration Guide" but your setup is for 802.1X
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
