Merry Christmas PF users!
I sent this 'plea for help' email to the list back in September, but I didn't
hear from anyone, so I'm guessing nobody is running a similar setup?
Or had any luck getting hostapd, openwrt & unifi Aps working in any
combination? If others have had success with variants on this theme, I'd love
to hear about it?
Now also looking to investigate alternative hardware that we could use with
Packetfence.
Is anyone successfully using anything from Microtik/RouterOS?
We would prefer a hardware/firmware AP combo that will support dynamic vlan &
hostapd functionality.
Any comments & suggestions on compatible access points would be greatly
appreciated.
Thanks in advance,
Dan Hack
Network Administrator
Corporate Information Technology
DPIPWE
p: (03) 6165 4484
f: (03) 6224 1388
e: [email protected]
From: Hack, Daniel (DPIPWE)
Sent: Wednesday, 17 September 2014 11:14 AM
To: '[email protected]'
Subject: PF 4.3 hostapd dynamic VLAN with OpenWRT on Ubiquiti UAP
Hi All,
For the last couple of months, we have been working on setting up corporate and
guest access for wireless devices using Packetfence 4.3.
A fantastic product which we would love to be able to leverage in our
environment (a Tasmanian government department).
Currently we have a PF VM, with a dedicated NIC on each VLAN; ie; mgmt, reg,
guest, trusted, isolation.
Access points are OpenWRT on Ubiquiti Unifi. Two flavours....OpenWRT 12.09, and
14.07
Two SSIDs; 'Access' for open mac auth to registration vlan, and 'Secure' for
trusted AD authentication using captive portal and wireless provisioning
profile.
Aps have their dynamic VLAN for hostapd configured as per PF device guide, ie;
replace hostapd.sh, create a hostapd.vlan file etc.
As proof of concept we have managed to get everything we need in PacketFence
working ie; DHCP, radius, captive portal, provisioning, role-based vlan
access,etc.
It would seem that the last hurdle for us to overcome is to configure OpenWRT
in a stable fashion.
I apologise for posting here, as I don't believe this is a problem with
Packetfence at all, but I was hoping that someone may have had a similar
experience, or could offer some suggestions?
Without going into too much logfile detail at this point, here are the two
issues observed...
1. For OpenWRT 12.09, we continually experience the dynamic bridge
interfaces falling over, along the lines of:
Kernel: [xxxxxxx.xxxxx] brvlan340:port 1(wlan0.340) entered disabled state
The only way to recover is to restart wifi, which sometimes works, sometimes
not.
2. For OpenWRT 14.07, because of the move to 'netifd' the configuration
of hostpad, and the location of the hostapd.sh file has changed to
/lib/netifd/hostapd.sh
Replacing the hostapd.sh file with the supplied Packetfence 4.3 file breaks the
radio0 device and gives errors such as:
netifd: radio0 (819): ./mac80211.sh: eval: line 1: config_get: not found
&
netifd: radio0 (819): sh: bad number
Again, I realise that this is more an OpenWRT issue, and likely that the PF4.3
hostapd.sh is not compatible with netifd.
I haven't ruled out the possibility that maybe the Unifi AP chipset is just not
going to cut it, as Ubiquiti have been promising dynamic vlan support in their
firmware for years now.
If anyone is able to offer any advice or experience, on either of these two
issues, it would be greatly appreciated.
Alternatively, if anyone has had PF/OpenWRT success with another model of
access point, would be really helpful too.
Thanks in advance,
Dan Hack
Network Administrator
Corporate Information Technology
DPIPWE
p: (03) 6165 4484
f: (03) 6224 1388
e: [email protected]<mailto:[email protected]>
________________________________
CONFIDENTIALITY NOTICE AND DISCLAIMER
The information in this transmission may be confidential and/or protected by
legal professional privilege, and is intended only for the person or persons to
whom it is addressed. If you are not such a person, you are warned that any
disclosure, copying or dissemination of the information is unauthorised. If you
have received the transmission in error, please immediately contact this office
by telephone, fax or email, to inform us of the error and to enable
arrangements to be made for the destruction of the transmission, or its return
at our cost. No liability is accepted for any unauthorised use of the
information contained in this transmission.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
