[PacketFence-users] PacketFence and Wireless Integration
Hello there, I'm a new PacketFence's user and I've to ask you some questions about Wireless configuration. Forgive my english please.. So I've 4 Aruba 2540 Switchs, on those ones, I've a PacketFence server connected to them and the authentication Radius is working well in wired connection. It means all ports are configured to be in the registered Vlan. So actually, when someone is pluged, the captive portal woke up and the credentials are asked. No probs ! But... i've 2 Cisco AiroNet 2802 series (Wireless hotspot) without controller... The hotspot have to initiate connection with controller (Location : Paris - Don't have any hands on it) before starting. It means that I can't put them to the registered Vlan because this Vlan doesn't have access to anything (except the PF server / Captive Portal) and so the hotspot can't start. With this.. How is it possible to give access (Registered Vlan should be good) to my wireless users thanks to the hotspot ? How my ports have to be configured to enable the registered vlan to pass through the hotspot and make my wireless users able to authenticate to the captive portal ? Huge thanks to future answers. Nice Day, Ju. ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] PacketFence and Wireless Integration
Hello Julien, not sure to understand your issue, you say that it's a standalone AP but connected to a controller. If there is a controller then you probably need to configure the AP on the controller. Vous pouvez continuer en français si vous voulez. Regards Fabrice Le 19-08-01 à 08 h 41, MACONE Julien via PacketFence-users a écrit : Hello there, I’m a new PacketFence’s user and I’ve to ask you some questions about Wireless configuration. Forgive my english please.. So I’ve 4 Aruba 2540 Switchs, on those ones, I’ve a PacketFence server connected to them and the authentication Radius is working well in wired connection. It means all ports are configured to be in the registered Vlan. So actually, when someone is pluged, the captive portal woke up and the credentials are asked. No probs ! But… i’ve 2 Cisco AiroNet 2802 series (Wireless hotspot) without controller… The hotspot have to initiate connection with controller (Location : Paris – Don’t have any hands on it) before starting. It means that I can’t put them to the registered Vlan because this Vlan doesn’t have access to anything (except the PF server / Captive Portal) and so the hotspot can’t start. With this.. How is it possible to give access (Registered Vlan should be good) to my wireless users thanks to the hotspot ? How my ports have to be configured to enable the registered vlan to pass through the hotspot and make my wireless users able to authenticate to the captive portal ? Huge thanks to future answers. Nice Day, Ju. ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] PacketFence and Wireless Integration
Bonjour Fabrice, Merci de votre réponse. Pour vous éclairer : Nous avons des bornes Wi-fi Cisco, nous ne gérons pas du tout le contrôleur Wi-fi, celui-ci est sous la direction de la maison mère, néanmoins, les bornes se connectent à celui-ci pour récupérer la configuration initiale. Pour se connecter au contrôleur, elle passe donc par le réseau d'entreprise. Egalement, PacketFence, le Vlan Registration n'est pas dans le réseau d'entreprise (Sinon aucun intérêt de créer un NAC). Partons donc de cette configuration : Vlan entreprise = Vlan 1 Vlan Registration = Vlan 10 --> Captive Portal * Si ma borne est sur un port configurer en Vlan 1, alors les utilisateurs ne passeront pas par PacketFence. * Si ma borne est sur un port configurer en Vlan 10, alors elle ne pourra pas trouver le contrôleur et donc les utilisateurs n'auront aucunement la possibilité de s'authentifier. Je voulais donc savoir, étant nouveau sur PacketFence, est-il possible de mettre en place une exception pour la borne Wi-fi ?? La laisser dans le Vlan 1 mais toutes les connections qui s'y feront seront sur le Vlan 10 ? Ou une autre solution, une autre technique je ne sais pas.. :/ Cordialement, Julien. De : Fabrice Durand via PacketFence-users Envoyé : jeudi 1 août 2019 15:43 À : packetfence-users@lists.sourceforge.net Cc : Fabrice Durand Objet : Re: [PacketFence-users] PacketFence and Wireless Integration Hello Julien, not sure to understand your issue, you say that it's a standalone AP but connected to a controller. If there is a controller then you probably need to configure the AP on the controller. Vous pouvez continuer en français si vous voulez. Regards Fabrice Le 19-08-01 à 08 h 41, MACONE Julien via PacketFence-users a écrit : Hello there, I'm a new PacketFence's user and I've to ask you some questions about Wireless configuration. Forgive my english please.. So I've 4 Aruba 2540 Switchs, on those ones, I've a PacketFence server connected to them and the authentication Radius is working well in wired connection. It means all ports are configured to be in the registered Vlan. So actually, when someone is pluged, the captive portal woke up and the credentials are asked. No probs ! But... i've 2 Cisco AiroNet 2802 series (Wireless hotspot) without controller... The hotspot have to initiate connection with controller (Location : Paris - Don't have any hands on it) before starting. It means that I can't put them to the registered Vlan because this Vlan doesn't have access to anything (except the PF server / Captive Portal) and so the hotspot can't start. With this.. How is it possible to give access (Registered Vlan should be good) to my wireless users thanks to the hotspot ? How my ports have to be configured to enable the registered vlan to pass through the hotspot and make my wireless users able to authenticate to the captive portal ? Huge thanks to future answers. Nice Day, Ju. ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] PacketFence and Wireless Integration
Bonjour Julien, si l'ap est managé par le contrôleur alors vous n'avez pas trop le choix d'utiliser celui-ci pour configurer votre AP. Il me semble que vous pouvez définir localement le serveur radius a utiliser et mettre l'ap en mode flex-connect. Cordialement Fabrice Le 19-08-01 à 11 h 04, MACONE Julien via PacketFence-users a écrit : Bonjour Fabrice, Merci de votre réponse. Pour vous éclairer : Nous avons des bornes Wi-fi Cisco, nous ne gérons pas du tout le contrôleur Wi-fi, celui-ci est sous la direction de la maison mère, néanmoins, les bornes se connectent à celui-ci pour récupérer la configuration initiale. Pour se connecter au contrôleur, elle passe donc par le réseau d’entreprise. Egalement, PacketFence, le Vlan Registration n’est pas dans le réseau d’entreprise (Sinon aucun intérêt de créer un NAC). Partons donc de cette configuration : Vlan entreprise = Vlan 1 Vlan Registration = Vlan 10 àCaptive Portal * Si ma borne est sur un port configurer en Vlan 1, alors les utilisateurs ne passeront pas par PacketFence. * Si ma borne est sur un port configurer en Vlan 10, alors elle ne pourra pas trouver le contrôleur et donc les utilisateurs n’auront aucunement la possibilité de s’authentifier. Je voulais donc savoir, étant nouveau sur PacketFence, est-il possible de mettre en place une exception pour la borne Wi-fi ?? La laisser dans le Vlan 1 mais toutes les connections qui s’y feront seront sur le Vlan 10 ? Ou une autre solution, une autre technique je ne sais pas.. :/ Cordialement, Julien. *De :*Fabrice Durand via PacketFence-users *Envoyé :* jeudi 1 août 2019 15:43 *À :* packetfence-users@lists.sourceforge.net *Cc :* Fabrice Durand *Objet :* Re: [PacketFence-users] PacketFence and Wireless Integration Hello Julien, not sure to understand your issue, you say that it's a standalone AP but connected to a controller. If there is a controller then you probably need to configure the AP on the controller. Vous pouvez continuer en français si vous voulez. Regards Fabrice Le 19-08-01 à 08 h 41, MACONE Julien via PacketFence-users a écrit : Hello there, I’m a new PacketFence’s user and I’ve to ask you some questions about Wireless configuration. Forgive my english please.. So I’ve 4 Aruba 2540 Switchs, on those ones, I’ve a PacketFence server connected to them and the authentication Radius is working well in wired connection. It means all ports are configured to be in the registered Vlan. So actually, when someone is pluged, the captive portal woke up and the credentials are asked. No probs ! But… i’ve 2 Cisco AiroNet 2802 series (Wireless hotspot) without controller… The hotspot have to initiate connection with controller (Location : Paris – Don’t have any hands on it) before starting. It means that I can’t put them to the registered Vlan because this Vlan doesn’t have access to anything (except the PF server / Captive Portal) and so the hotspot can’t start. With this.. How is it possible to give access (Registered Vlan should be good) to my wireless users thanks to the hotspot ? How my ports have to be configured to enable the registered vlan to pass through the hotspot and make my wireless users able to authenticate to the captive portal ? Huge thanks to future answers. Nice Day, Ju. ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) ::www.inverse.ca <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
