I saw one can set a role using a "violation" but this is not a real
violation. The role is set but the device is put into the isolation vlan
if I set "Re-evealuate". The violation should set the role, "self-close"
and reevaluate.
Anyway I cannot restrict the violation to only one SSID like I would like
Another way is via vlan_filters like this:
[smartphones_by_devclass]
filter = node_info.device_class
operator = is
value = Smartphones/PDAs/Tablets
[employees_ssid]
filter = ssid
operator = is
value = aprapfdot1x
[set_smartphone_role:smartphones_by_devclass&employees_ssid]
scope = RegisteredRole
role = smartphones
It works but the role is not reflected in the gui, furthemore there is
no way to "override" this behaviour for some device.
What I would like to achieve is:
Corporate smartphones are assigned the smartphone role and put in the
appropriate vlan BY DEFAULT, but I should be able to override this if needed
Ty
Il 03/08/2017 14:20, Cristian Mammoli via PacketFence-users ha scritto:
Hi, is it possible to assign a role based on the device class as shown
in the nodes page?
I would like to put all corporate smartphones in a dedicated vlan but
I didn't find a way to do it.
Smartphones are authenticated with 802.1x, I tried to assign a role in
the authentication source based on the computer name "start with
android-" but it is ignored.
--
Mammoli Cristian
System administrator
T. +39 0731 22911
Via Brodolini 6 | 60035 Jesi (an)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users