Hello Andy,
let's try this:
[reg_devices]
filter = node_info
operator = is
attribute = status
value = reg
[reg_network]
filter = ssid
operator = is
value = setup_wifi
[block_reg_devices:reg_devices®_network]
scope = RegistrationVlan
role = blocked
But i have a question, if the device is reg then it's suppose to go on a
production vlan, not the registration vlan ?!
Regards
Fabrice
Le 2015-11-04 06:16, Morris, Andi a écrit :
Now I have the vlan_filters in front of me, does this look doable?
[reg_devices]
filter = node_info
operator = is
attribute = status
value = reg
[reg_network]
filter = ssid
operator = is
value = setup_wifi
[block_reg_devices:reg_devices®_network]
role = blocked
Cheers,
Andi
*From:*Morris, Andi [mailto:[email protected]]
*Sent:* 03 November 2015 20:08
*To:* [email protected]
*Subject:* [PacketFence-users] Registered devices sitting in captive
portal
Hi all,
I'm still having a large problem with devices sitting in my captive
portal, and as such using up a lot of PF resources. With others help
on here I've setup a violation that I can trigger if I see a device
sitting in there for too long, and I've managed to get any long term
devices off the network in that way, but the main problem I'm getting
is with devices that are setup and registered for my main SSID,
however the setup SSID isn't forgotten on the device, which means that
as users roam around the devices switch between networks frequently.
There are simply too many of these devices for me to capture and
notify the users manually (20,000 registered devices, 3000 main SSID
and 500 in setup SSID during peak times).
Is there a way, and is it advisable, to block a device from the
registration network once it is registered? Perhaps using vlan
filters? Something like (rough pseudo code sorry, I don't have the
filters in front of me):
If
SSID = setup_network
device = registered
then
role = blocked
Then outside of vlan filters the blocked role assigns the vlan of -1
in switches.conf?
I know that if a device then need to get setup again they will need to
contact our helpdesk to get them unregistered (I can't get status page
working here), but at the moment I think that's a better solution than
having the PF box run out of CPU during peak hours.
Cheers,
Andi
------------------------------------------------------------------------
Image removed by sender. Cardiff Metropolitan University - 150 years
of nurturing talent <http://www.cardiffmet.ac.uk/cardiffmet150>
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
