On 20/05/19 13:22, Nicolas Quiniou-Briand via PacketFence-users wrote: Hello Enrico,
On 2019-05-20 10:29 a.m., Enrico Pasqualotto via PacketFence-users wrote: Anyone has already done something like this? Can I make a custom VLAN assignment to match that value (Called-Station-ID)? Yes, you can use VLAN filters, see [0]. You will find some examples in /usr/local/pf/conf/vlan_filters.conf.example. [0] https://packetfence.org/doc/PacketFence_Installation_Guide.html#_vlan_filter_definition Hello, I'm trying to setup the configuration in these days. I saw with my Cisco Mobility Express WLC I already have the AP MAC into the request (switch_mac) without checking the radius attribute handling radius autz request: from switch_ip => (10.X.X.X), connection_type => Wireless-802.11-EAP,switch_mac => (2c:3e:cf:1d:92:d0), mac => [12:12:12:12:12:12], port => 1, username => "domain\username", ssid => MySSID (pf::radius::authorize) Into VLAN_Filter I can use the switch._switchMac in condition but how integrate it with my configuration where using authentication I assing custom VLAN based on AD Group? For example in authentication.conf I have: [XXXX_Auth_PF_Guest rule PF-GUEST] action0=set_role=XXX-GUEST condition0=memberOf,matches regexp,PF-Guest condition1=SSID,equals,XXX match=all class=authentication action1=set_access_duration=12h (so I assign role XXX-GUEST in user is in PF-Guest AD Group) My GOAL is to have a config like: If user in group PF-GUEST authenticate to WIFI on AP X set role XXX-GUEST if user in group PF-GUEST authenticate to WIFI on AP Y set role YYY-GUEST Is this possibile? I need this because some AP are in other site by connected on same WIFI controller (so for PacketFence is the same "switch" but sending different switch_mac) I hope I was clear. Thanks --
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
