I have a rather complex situation that I think I can do with a Captive Portal.

Here is the run down on what I have working.

Student / Client connects to SSID with no captive portal, we have multiple SSIDs they get assigned the apropriate role for the given SSID.

Client gets virus or some kind of malware, This trips our third party box that sends an alert via syslog.

Syslog parsing rule verifies that the IP is on a wireless vlan and changes the role to the "virus" role.

"Virus" role redirects all web traffic to captive portal, denys any other traffic. Captive portal displays a page that tells the user he has been detected/infected with a virus or some kind of malware. this is a custom page with no logon capabilities.

All of this functions without issue.

There is one problem with the solution if the user disconnects and reconnects he is back to the original role and has access again until the virus / malware calls out again. We would like to blacklist them and block access for at least a few days so that students get the hint that they realy need to get their pc cleaned up before we let them connect.

I can set the syslog parsing rule to blacklist but this doesn't tell the user why they can't connect.

what I need to be able to do is set a ACL to blacklist them after the display of the captive portal page. I have tried to put a ACL in the "virus" role but this blacklists them before they can get to the captive portal page.

Does anyone know of a way to have the role change after the captive portal page appears. I have thought of an Acceptable Use Policy with a accept button on it but how do I change the role?

any ideas ??
You can use the xml-api function with an external captive portal. So your external captive portal page can be a CGI that verify in a database if your user have been blacklist before and why. Then you can move him into another role if you want.
