Hello José, Why not set things up first very simply, then take it from there ?
As your switch supports port-security you will not need vlan 4 for MAC detection - so don't set up for it now. Also, don't worry about custom.pm for now, you can set it up and configure it later, if necessary. Just do the basics to begin and set up for violations later, once PF is working. > About configuration of 2950 I got almost everything you said but > when I tried to run that perl script you gave to me my console > returned nothing Er, sorry, but I didn't mail you a perl script. I suggested you look at the PF administration manual and use that as a model for setting up your switch. For that you will need to get into the switch - for that a ssh or even a serial connection is necessary. If you don't know about this you should get someone local to help you. > I will plug any PC to test my violations in the future on anyone of > these ports? Sounds good - once PF is set up ... > My PF ZEN in Vmware will be plugged on Fa0/24 because its my uplink > trunk mode thats right? If I understand you correctly, then port 24 will be your 'uplink' port in 'switches.conf', although 'uplink = dynamic' may work as well. Why don't you post (attach) your dhcpd.conf, named.conf, named/named-isolation.ca, named/named-registration.ca, networks.conf, pf.conf & switches.conf so we can have a look at them. Best, Chris On Fri 22.Oct'10 at 14:39:49 -0200, José Carlos França Jr wrote: > Hi Chris; > > Thanks for helping me. > About direct or ZEN installation it is both the same thing. Networking in > windows is not difficult as it seens. My problems are others tiny details > that appears during the whole procedure. > First answering your questions: > 1 - My switch is compatible. Cisco 2950. > 2 - No VOIP intend > > Question: My question is if custom.pm depends on the vlans names or > something else in the 2950 to be configured or independs? What I configure > in custom.pm is all the way I want to PF to work? How can I interpretate the > custom.pm default? I want to assign different VLANs to the users plugged in > the switch according to the case. Users that violates one rule like no p2p > is going to the isolated vlan until he can establish status ok again like it > is said in the pdfs with vlan isolation mode > > About configuration of 2950 I got almost everything you said but when I > tried to run that perl script you gave to me my console returned nothing > printed. I didnt understand nothing > I used activeperl run the command and nothing happened just like this no > errors no printed 1 from 23. If its all equal just send the first and the > parameters that change or whatever you want more easy. > > ISSUE = > LOOK THIS EXAMPLE: > interface FastEthernet0/1 > description ....... > switchport access vlan 4 > switchport mode access > switchport port-security > switchport port-security violation restrict > switchport port-security mac-address 0200.0000.0001 > no cdp enable > spanning-tree portfast > > WHen I configure all ports 1 to 23 saying switchport access vlan 4, all > these ports when i plug a PC on it will only accessing vlan 4 to PF get the > MAC and then PF assign to other vlan? > I will plug any PC to test my violations in the future on anyone of these > ports? > In pdf of PF is saying to attribute four ports each one to each vlan of PF > (normal/registration/violation/isolation) to access, Like fa0/1 access vlan1 > fa0/2 access vlan 2 etc... > I need to do this? > My PF ZEN in Vmware will be plugged on Fa0/24 because its my uplink trunk > mode thats right? > > I have these like in PDFS of PF in the end of the email there is a copy of > the configuration pdf of ZEN I need to follow that? > I need to put the IP address mask etc of these vlans in the 2950? Like in > vlan1: You can see I`m basing in the pdf of PF Ip table in the end of > email. > > interface Vlan1 > no ip address > no ip route-cache > shutdown > ! > > > -------------------------------------------------------------------------------------------------------- > IN PDF OF PF THERE IS: > > Network Setup > ? VLAN 1 is the "regular" VLAN > ? VLAN 2 is the registration VLAN (unregistered devices will be put in this > VLAN) > ? VLAN 3 is the isolation VLAN (isolated devices will be put in this VLAN) > ? VLAN 4 is the MAC detection VLAN (empty VLAN: no DHCP, no routing, no > nothing) > VLAN ID VLAN Name Subnet Gateway > PacketFence Address > 1 Normal 192.168.1.0/24 192.168.1.1 > 192.168.1.10 > 2 Registration 192.168.2.0/24 > 192.168.2.10 192.168.2.10 > 3 Isolation 192.168.3.0/24 > 192.168.3.10 192.168.3.10 > 4 MAC > ------------------------------------------------------- > > > ? Mount eth1 and eth2 > At this point you need to make PacketFence can access all VLANs. In order to > do so you need > to: > ? put one port of the switch in the Registration VLAN > ? put another port in the Isolation VLAN > ? put another port in the MAC Detection VLAN > > ------------------------------------------------------------------------------------------------------- > MY VLANS: > Sw1LabRedes#show vlan > > VLAN Name Status Ports > ---- -------------------------------- --------- > ------------------------------- > 1 default active Fa0/24 > 2 REGISTRATION active > 3 ISOLATION active > 4 MAC_DETECTION active Fa0/1, Fa0/2, Fa0/3, Fa0/4 > Fa0/5, Fa0/6, Fa0/7, Fa0/8 > Fa0/9, Fa0/10, Fa0/11, > Fa0/12 > Fa0/13, Fa0/14, Fa0/15, > Fa0/16 > Fa0/17, Fa0/18, Fa0/19, > Fa0/20 > Fa0/21, Fa0/22, Fa0/23 > 1002 fddi-default act/unsup > 1003 token-ring-default act/unsup > 1004 fddinet-default act/unsup > 1005 trnet-default act/unsup > --------------------------------------------------------------------------------------------------------- > > Thanks for any help. > Jose > > > ----- Original Message ----- > From: <[email protected]> > To: <[email protected]> > Sent: Friday, October 22, 2010 6:20 AM > Subject: Re: [Packetfence-users]Packetfence working. (For José Carlos França > Jr) > > > Hello José, > > Please reply to the list, so that the conversation is visible to > others. > > Well, it seems that all of us, here on the list, are to one degree or > another, struggling like you to get PF configured and working. I will > do what I can to help but I am far from an expert in the adaptation of > PF. The real 'gurus' would be the 'Inverse' guys who hang out here. > > I got my switch working (it's an HP ProCurve 2600, by the way) by > following the setup recipes carefully and doing a lot of fiddling with > it all. No particular expertise there. I am also working with a > 'direct' installation of PF, not the VM ; that probably doesn't make > much difference, except for setting up the VM's networking, I really > have no idea about that, except that it must be adequately described > in the ZEN manual. If you've followed the recipes there, it should be > ok ... Further (to complete the disclaimer) I work on the Unix side of > things and, beyond the most simple setup, really have no idea of how > it's done on Windows - i.e., I have no clue as to how VLANs might be > set up & configured in the Windows environment. > > The advantage of posting to the list, rather than personal emails, is > obvious : others can then comment and fill in expertise/knowledge in > the (many) areas where I am ignorant. > > So, please give an overview of what you are trying to do, your vlan > setup, etc. to begin with. Have you read the switch's recommended > configuration on page 21 of the PacketFence_Administrators' manual ? > Do you intend to have VOIP devices on your network ? Please sketch it > out. > > Best, > > Chris > > On Wed 20.Oct'10 at 16:25:09 -0200, José Carlos França Jr wrote: > > Hi Chris; > > > > I saw your email to the list and you said: > > > > > I have PacketFence working well with our wired switches - the captive > > > portal is presented, authentication is performed, vlans are changed > > > correctly, etc. > > > > I`m having troubles to get packetfence to work running with cisco 2950 > > switch and PF configuration. I`m desperate! I need to put this working for > > my final project. > > > > I`m doing a project that is all about packetfence, about what you can do > > with it. > > In pdfs or in the packetfence`s site it is said that it can block p2p > > activities or other things you want with squid blocking FB orkut msn etc. > > I want to implement this. > > > > I just wanna configure my cisco 2950 to assign different VLANs to the > > users plugged in the switch according to the case. Users that violates one > > rule like no p2p is going to the isolated vlan until he can establish > > status ok again like it is said in the pdfs with vlan isolation mode. > > > > I have a notebook running the PF zen in vmware workstation with 3 virtual > > Nics + some lab pcs + and cisco switch 2950. > > > > I wanna my PF to work exactly like yours. Please help me throw PF > > configuration custom.pm etc and cisco 2950 configuration. Please. > > > > > > Thank you very much for helping me with this. > > I really appreciate for your time to read my email. > > > > Jose > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
