Hey Kai,
I tried to integrate the Web Auth configuration into a configuration
already using MAC bypass and 802.1x and failed.
While looking into possible reasons I came up with the thought what the
advantage of Web Auth would be to my setup? I didn't find an answer.
I'm writing this, because I'd like to get better insight into the
concept of portals - not because I thing I really understood the
complete context. But maybe one of the thoughts might be helpfull.
The disadvantages I found for Web Auth based on switch configuration are:
* vendor dependend - different vendors, different configurations
* higher complexity - to make it work a switch configuration is needed
beside the packetfence configuration
As I wrote above, I couldn't see the advantages.
I ended up doing the following:
* MAC bypass to get devices into the registration VLAN.
* Using the registration VLAN with a packetfence portal
* packtefence provides DHCP and DNS
* packetfence redirects reliably the client to its portal
* bonus: a good time to do any scannning to maybe divert the device
into isolation
* when registered successfully the device moves on to the guest vlan
At any time during the above the device is able to initiate a 802.1x
authentication to register into some other vlan like the company
internal vlan.
I've got the feeling I overlooked some advantages for the Web Auth
configured on the switch. Otherwise the use of Web Auth would be
obsolete in the context of a Packetfence setup (at least with an
external portal).
Chris
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
