Thanks guys,
Have added it to the switches.conf, restarted all services but it still
puts the client in the default vlan (99)
These are the steps I took and have attached switches.conf.
1.Created Portal Profile srsec
2. Created Role: VLAN112
3.Created Source: AD
a. Created rule: VLAN 112 -> if SSID equal srsec set role VLAN_112
4. Added Vlan to switches.conf
5. Restart all services.
#
# Copyright 2006-2008 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
[default]
vlans=1,2,3,4,5
normalVlan=1
registrationVlan=2
isolationVlan=3
macDetectionVlan=4
voiceVlan=5
inlineVlan=6
inlineTrigger=
normalRole=normal
VoIPEnabled=N
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=1
SNMPCommunityTrap=public
type=Accton::ES3526XA
[192.168.0.3]
mode=production
#deauthMethod=Telnet
description=WLC
type=Cisco::WLC_2500
radiusSecret=Reggulat10ns
cliUser=Cisco
cliPwd=*****
cliEnablePwd=****
cliTransport=SSH
SNMPVersion=2c
defaultVlan=99
guestVlan=99
externalGuestVlan=110
SNMPCommunityRead=*****
SNMPCommunityWrite=*****
SNMPCommunityTrap=****
VLAN_12Vlan=112
------------------------------------
Packetfence Log:
Apr 14 15:37:06 pf::WebAPI(2097) INFO: handling radius autz request: from
switch_ip => 192.168.0.3, connection_type => Wireless-802.11-EAP mac =>
c8:f7:33:69:89:03, port => 1, username => amulgrew (pf::radius::authorize)
Apr 14 15:37:06 pf::WebAPI(2097) INFO: autoregister a node that is already
registered, do nothing. (pf::node::node_register)
Apr 14 15:37:06 pf::WebAPI(2097) INFO: MAC: c8:f7:33:69:89:03, PID:
amulgrew, Status: reg. Returned VLAN: 99 (pf::vlan::fetchVlanForNode)
On 14 April 2014 14:44, Max McGrath <[email protected]> wrote:
> Adrian -
>
> Look in Configuration --> Switches and dig into your wireless controller.
> In there check out the Roles tab. That may be what you are looking for.
>
> Max
>
> --
> Max McGrath
> Network Administrator
> Carthage College
> 262-552-5512
> [email protected]
>
>
> On Mon, Apr 14, 2014 at 6:04 AM, Adrian Mulgrew
> <[email protected]>wrote:
>
>> Thanks Louis.
>> I had a look but can't see how you Map a VLAN to a role?
>>
>>
>> On 10 April 2014 17:22, Louis Munro <[email protected]> wrote:
>>
>>> Hi Adrian,
>>> There are easier ways to do this in PacketFence 4.
>>>
>>> You can set a rule to match a specific SSID in the authentication
>>> sources.
>>> There is no need to write custom code for that.
>>> That's still supported for backwards compatibility with PF3.
>>>
>>> Have a look at your authentication sources and their rules.
>>>
>>> You should be able to create a rule with a conditions like this:
>>>
>>> 'SSID equals srsec'
>>>
>>> and then add an action that assigns a role mapped to the VLAN you want
>>> to sent the device to, such as :
>>>
>>> 'Set role srsec'
>>>
>>>
>>> Regards,
>>> --
>>> Louis Munro
>>> [email protected] :: www.inverse.ca
>>> +1.514.447.4918 *125 :: +1 (866) 353-6153
>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
>>> www.packetfence.org)
>>>
>>> On 2014-04-10, at 11:57 , Adrian Mulgrew <[email protected]>
>>> wrote:
>>>
>>> Hi,
>>>
>>> We would like to modify the VLAN based on the SSID. Currently we have it
>>> working by using the function in –/usr/local/pf/lib/pf/vlan/custom.pm.
>>> This was working perfectly until we then decided we needed two different
>>> VLANs depending on the connected SSID. I thought I could simply modify the
>>> script with an elseif statement. Of course my script knowledge is poor and
>>> I ended up breaking it so nothing would authenticate at all.
>>>
>>> I could see this error in the Radius log:
>>>
>>> Thu Apr 10 14:31:53 2014 : Error: rlm_perl: An error occurred while
>>> processing the authorize SOAP request: syntax error at line 1, column 49,
>>> byte 49 at /usr/lib64/perl5/XML/Parser.pm line 187 a
>>>
>>> So I'm assuming this was down to my script modification.
>>>
>>> Would someone be able to have a quick look at let me know what I've done
>>> wrong please:
>>>
>>> custom.pm
>>> --------
>>> sub getNormalVlan {
>>> my ($this, $switch, $ifIndex, $mac, $node_info, $connection_type,
>>> $user_name, $ssid) = @_;
>>> my $logger = Log::Log4perl->get_logger();
>>>
>>> # custom example: VLAN by SSID
>>> # # return customVlan1 if SSID is 'PacketFenceRocks'
>>> if (defined($ssid) && $ssid eq 'srguest') {
>>> return $switch->getVlanByName('externalGuest');
>>> } elseif (defined($ssid) && $ssid eq 'srsec') {
>>> return $switch->getVlanByName('secTeam');
>>> }
>>>
>>> return $switch->getVlanByName('default');
>>>
>>> }
>>>
>>> ----------
>>>
>>> ------------------------------------------------------------------------------
>>> Put Bad Developers to Shame
>>> Dominate Development with Jenkins Continuous Integration
>>> Continuously Automate Build, Test & Deployment
>>> Start a new project now. Try Jenkins in the cloud.
>>>
>>> http://p.sf.net/sfu/13600_Cloudbees_______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Put Bad Developers to Shame
>>> Dominate Development with Jenkins Continuous Integration
>>> Continuously Automate Build, Test & Deployment
>>> Start a new project now. Try Jenkins in the cloud.
>>> http://p.sf.net/sfu/13600_Cloudbees
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/NeoTech
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
