PacketFence - BTS - PacketFence
View Issue Details
0001005PacketFencecaptive portalpublic2010-06-07 17:582012-10-19 14:51
obilodeau 
 
normalfeatureN/A
resolvedfixed 
 
 
0001005: 802.1x and unauthenticated VLAN
This auth combinaison is a way to handle guests without a full-blown NAC like PacketFence. If the client is unable to provide proper credentials, then a specific VLAN is used as a last mean to give access. It is not the same as Cisco's Guest-VLAN feature.

The variant with MAB means that non-capable 802.1x go straight to MAB while 802.1x capable devices that fail to provide valid credential (or successful EAP exchanges) are put in the unauthenticated VLAN. With this in mind, you can clearly see that you can use the captive portal also to remediate misbehaving 802.1x clients (including guests from other 802.1x networks) into a proper config.

So, if configured properly, a registered 802.1x user that is in isolation VLAN would need to be presented with 802.1x instructions (including offering a download of a client) and could be logged.

Modifying the captive portal to support that is trivial but it might not be something that everyone wants so it needs to be considered appropriately.
802.1x
Issue History
2010-06-07 17:58obilodeauNew Issue
2010-06-07 17:58obilodeauStatusnew => assigned
2010-06-07 17:58obilodeauAssigned To => obilodeau
2010-06-07 18:00obilodeauTag Attached: 802.1x
2010-11-19 14:25obilodeauTarget Version1.10.0 => 2.0.0
2011-01-18 09:30obilodeauTarget Version2.0.0 => 2.1.0
2011-03-03 15:16obilodeauTarget Version2.1.0 => +1
2011-03-03 15:18obilodeauTarget Version+1 => +2
2012-10-19 14:51fgaudreaultNote Added: 0003201
2012-10-19 14:51fgaudreaultStatusassigned => resolved
2012-10-19 14:51fgaudreaultResolutionopen => fixed
2012-10-19 14:51fgaudreaultAssigned Toobilodeau =>
2012-10-19 14:51fgaudreaultTarget Versionlong-term =>

Notes
(0003201)
fgaudreault   
2012-10-19 14:51   
Custom use case. Using Inline for that VLAN would work.