Hello David!
Let me try to help you with the different questions you have.
On 6/1/12 19:17 , David Schiller wrote:
Hello, I am trying to set up a new wireless infrastructure, but I am
having trouble getting everything to work. We are only using Cisco
WAP4410N's (I am assuming they will work because there is support for
4400 series?).
Well, your assumption is not exactly right. Yes we supports 4400 series
but WLC 4400 Series. Those are Cisco Wireless Controllers.
The Cisco WAP4410N's that you own are some Linksys access-point which
are not the same thing at all.
The goal is to have two SSID's, one where people will freely have
access (restricted by network ACL's) and the other which will be
presented with a captive portal and then have access to everything
internal once registered.
You will have to describe me HOW people will register on the
"private/secure" SSID. Do you plan on using only the captive-portal or
do you want to also offer some kind of encryption (802.1x)
My question has to do with what settings I need on the wireless access
point. The access point has a single port, which we have plugged into
a trunk port which has the default VLAN of 96, and tagged with 94 and
96. On the AP, the default VLAN is set to 96, as well as the AP
Management VLAN. There are then two SSID's configured: UNREGISTERED
on 96 and REGISTERED on 94. Is it ok to have one of the SSID's be on
the default VLAN?
I'm not sure to following you when you ask if it's ok to have one of the
SSID's be on the default VLAN.
Do you plan on having some kind of authentication on this SSID? What do
you want to put in place with this one? If you only put on of the SSID's
on the default VLAN, people who will connect to this SSID will have
access to that "default VLAN".
Do you mind on elaborating a bit on what you want to achieve with that
one SSID?
At this point, I am able to connect to UNREGISTERED and get on the
internet. But when I connect to REGISTERED, it shows me the captive
portal and lets me register, but then never gives me internet access.
I'm not receiving any traps on the packetfence server, even though I
have the trap destination set to the correct IP.
When you say "not receiving any traps on the packetfence server...",
what kind of traps do you talk about?
You need to understand that wireless access control is managed by RADIUS
requests. There is no SNMP traps in the whole process.
You either enable mac-authentication or 802.1x on one SSID then set
PacketFence as the RADIUS server.
When the client will connect to the SSID, PacketFence will receive an
Access-Request for the access-point and will (in the case of a simple
mac-autentication) return the correct vlan to put the clients in.
That being said, the access-point will need to supports dynamic vlan
assignment (AAA override) which is mandatory for PacketFence to do his job.
Any help would be much appreciated... this is getting a little
frustrating.
I tried to make myself clear. If it's not, don't hesitate to reply with
some further details/questions.
We'll be more than happy to help you out with that new wireless
infrastructure.
Waiting for some news from your side!
David
Cheers!
--
Derek Wuelfrath
dwuelfr...@inverse.ca <mailto:dwuelfr...@inverse.ca> :: +1.514.447.4918
x110 :: www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>)
and PacketFence (www.packetfence.org <http://www.packetfence.org>)
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
