Please Add Dynamic VLAN Assignment for packetfence / openNAC Support.
+1
+1 here
+1 would use.
+1 would use
+1 vote
+1 vote
Never used but looks promising.
+1.
+1 here
+1
I need to purchase ~40 small switches/routers this year to replace ancient dumb switches. PacketFence support would definitely put Mikrotik devices in the lead. Evaluating multiple brands now.
According to this: http://en.wikipedia.org/wiki/PacketFence
On what PacketFence feature are interested which actual 6.18 RouterOS can not do?
RouterOS cannot do what packetfence does. PacketFence is a NAC (Network Access Control) Platform. It is second to none, and is superior to OPENNAC.
All RouterOS needs to do to support it is add the dynamic VLAN Assignment… See this post http://forum.mikrotik.com/t/add-dynamic-vlan-assignment/76436/1
Someone Decreased my Karma for posting, but I thought it was a valid post. Sorry for offending whoever it was.. I only give out karma… But I Never try to lower other’s karma…
You could write a packetfence module. You’d get results faster that way. Their modules design is usable via ssh. Could also interface it with the packetfence API.
Although I work with C++, I cannot write a module for it, it has to be a function that is enabled in routeros.. I understand how it works and even though I do not have access to routeros code, I am certain a person with equal or greater programming skill as my own could complete it in less than 48 hours. Do you understand how dynamic VLAN Assignment works ? Packetfence has documentation on their webpage, and I have worked with Ludovic for over 5 months trying to get packetfence support. Ive purchased a mikrotik radio and had it shipped to Canada just for him to test with.. He tried many times to contact the people at mikrotik, but he was rejected every time he reached out. I am doing the best I can to push the ball forward, but mikrotik has no concern. I have had 4 different larger scale jobs go with another product because I could not offer them mikrotik as it did not support the generic 3rd party NAC platform they wanted to use. I know the size and scope of adding dynamic VLAN Assignment and it is not a big deal, over 60 percent of it is taken care of already via HOSTAPD functionality.. This is a smaller request of all the requests being made and truly there is no excuse for mikrotik not to get it done once and for all… Its just as essential as DHCP… Do they still have to bug-test DHCP every time they release an update to routeros ? As a business man, I just have to compare the size of return of enabling dynamic VLAN Assignment to the cost of adding it to the next routeros release to realize it is a very good choice.
Get it added. Please… In the name of Jesus Add Dynamic VLAN Assignment.
http://www.packetfence.org/about/overview.html
I be for a 10000 port, 200+ switch network with 300 aps running packetfence. I understand completely how it works. I’ve written custom modules for packetfence and it isn’t that hard. It will already work for wireless(capsman mac auth), Just not for wired. There is absolutely no support for it in Routeros for switches yet. But using snmp traps and cli, you could easily make it work on switches. I’m sure they will add support in some future release but just because 1/2 dozen people want it doesn’t mean it’s going to be put in in 2 weeks. I’m sure they could have a proof of concept thrown together quick but I’ve dealt with the repercussions of quirks in radius mac auth code. You don’t want it. You want something planned, thought over, and executed properly.
Again. It already exists in wireless. Use capsman. Just not 802.1x yet
Packetfence support needs HOSTAPD… Mikrotik has implemented a non-standard instance of this, thats why Packetfence does not work with ANY mikrotik products… I do not know what you are doing with whatever modules you claim to have made, but Unless it is doing actual dynamic VLAN assignment, it is not packetfence. The problem is Mikrotik thinks capsman is a sufficient answer. It is not. School systems are not rolling out Multi-AP Installs with the hopes of running capsman. they want a Real and full featured NAC. Im not going to keep arguing the point, I dont need to. The people at packetfence reached out months ago like i said earlier and mikrotik did not work with them. If mikrotik would just enable Dynamic VLAN Assignment everything would be good. their existing products could be installed in these larger scale projects and it would be there for all their future 802.11 AC Stuff as well.
You moron. Capsman supports radius dynamic
Vlan assignment using standard radius attributes. It will work with packetfence. Hostapd has absolutely nothing to do with switches.
Configure a capsman access point with radius mac auth and point it at packetfence configured as hostapd and it will probably work out of the box with minimal if any changes.
I use packetfence. By inverse. A pretty well customized version supporting active/active servers for redundancy. We have almost 80 stacks and over 200 switches and 300 aps being controlled by it. I actually have a Mikrotik captive portal interfacing with it via radius to test some possibilities.
Packetfence is very well written and easily customizable. If you were actually some experienced c++ programmer you would be able to handle the perl to understand how pf works.
Haha, Your funny… You want to decrease my karma AND call me the idiot… Man, This is hilarious… .. Not to mention your facts are wrong about packetfence… But I dont need to prove that I am right, and im not going to lower your Karma because of your prideful foolishness either..
What facts are wrong about packetfence?
I’m calling your bluff. You don’t know anything about how packetfence works. You do have to prove yourself right in this case. You are spreading misinformation.
Maybe, just to shut you up, I’ll setup a mt ap as a client to packetfence and show you it works. Then you can delete all the posts isn threads you have shit on that bear zero relevance to dynamic vlan assignment.
Are you Serious… This is a legitimate request for Dynamic VLAN Assignment and you are choosing to conduct your self like this… I guess it is your choice to do so, but this is not the quality of behavior I expected from the Manufacture’s website for some of the products I own.
You are Technically Incorrect in your assertions, and 90% of that is due to the fact that you are incorrectly miss-representing what this post is about. It is a poor attempt at usurping the real point in case, which is I am pushing for Dynamic VLAN Assignment and complete packetfence support which is not a difficult task.
You are wrong and your attempt to blur the facts only clarifies your defensive position. Yes, Packetfence does have two modes, and yes indeed running in inline mode you could hook a Mikrotik Ap up to it, but Inline mode is an inferior method and offers less control… So I am here to cordially ask for packetfence support, I was going to just respond to your message with one from Loick and Ludovic to put the issue to rest regarding Dynamic VLAN Assignment, but caught my self as that message was between them and myself and to use it publicly would be to conduct my self at the same low level you currently are conducting your self, and I will not stoop to that low of a level.
I guess All forum’s have people like you in them, but you are the real person who needs their karma decreased. No Doubt your immaturity will want to respond and come to the defense of your ignorant pride, But perhaps you could take a moment of pause and see this whole thing from a higher point of view. I am actually here to get business done and move the ball forward as far as getting Dynamic VLAN Assignment and Packetfence support. Your personal emotional vendetta is only serving to constipate and degrade the value of my legitimate request. The end results of your conduct is that mikrotik does not move forward and increase their functionality to support Dynamic VLAN Assignment, the consequence to My cause is that the would… and that makes mikrotik better, not worse. I would like to take a moment and publicly say I am sorry to you because I have obviously offended you or hurt your feelings. Please accept my apology, It is genuine.
I am sorry now that this Clean attempt to achieve superior functionality has become muttled and will more than likely fall by the wayside.
-Jonathan
P.S. The only one who has been bringing up switches is you. Ive got AP’s to get functional.
And cross posting in any thread where someone has a question about wireless “you should request dynamic vlan assignment” is what?
Get a life. If the product does t do what you want then find another product. Don’t expect a company that sells budget products to drop everything because you have a request.