Hello,
We are using PF 5.7.0 (Debian) with OpenWRT (15.05) hostapd as AP switches.
We are looking for assistance getting de-auth working for our second SSID
using hostapd.
details follow,
cheers,
Ian
With a few pointers from Fabrice/Inverse to use chained authentication we
now have Packetfence setup to authenticate anyone on-site (guests/members)
using a locally shared password with a follow-on self-registration for
email that gives them 10 minutes to verify their email before kicking them
off the network using dynamic VLANs.
This is great, except that the revocation after 10 minutes (if not verified
by email) seems to be limited by a hostapd limitation whereby only one of
the SSIDs can be associated with the CoA listener on OpenWRT. We have
two, one on 2.4G and on one on 5G.
So connections on the SSID that use the CoA listener get bumped in
real-time after 10 minutes while connections on the SSID that does not have
the CoA listener function normally until the user tries to connect or
reconnect. (by leaving the service area or getting too close to another AP
with same SSID)
This isn't a major issue [yet], but it does mean that 10 minutes will
become "as long as you are connected to that access point" for one of the
SSIDs.
Our only fear is that some creative users might learn they can enter junk
email addresses each time they want to use the network.
Does anyone know how to work around this limitation of OpenWRT to somehow
spawn multiple CoA listeners for different SSIDs perhaps with use of
multiple nasid's and/or some additional packetfence switch AP config?
Our ideas so far are below, with c) seeming like the only option that may
work.
a) setup two OpenWRT boxes in each area that we would like to serve both
2.4G and 5G (not feasible in our scenario)
b) experiment with making the 2.4G and 5G SSIDs the same (but we expect the
session is STA specific so this will not work)
c) try some other out-of-band de-auth method for the second SSID like
snmptrap/CLI or other method; We are not familiar with this so any
pointers helpful
cheers,
Ian
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
