Hi *,
during the last week i successfully build a testing Environment for
Packetfence with a Cisco Catalyst 3500XL Switch.
It seems to work very good.
The Setup is as follows:
Network Config:
====================================================================================================
Test Network is 192.168.57.0/24 vlan1 (Packetfence Server has IP
192.168.57.2, gw is 192.168.57.1)
Registration Network is 192.168.58.0/24 vlan2 (Packetfence Server has
192.168.58.1)
Isolation Network is 192.168.59.0/24 vlan3 (Packetfence Server has
192.168.59.1)
Packetfence Server Config:
====================================================================================================
On the Packetfence Server I got three physical Ethernet Nics:
- eth0 (connected to port Fastethernet 0/1, IP 192.168.57.2)
- eth1 (connected to port Fastethernet 0/22 No IP)
- eth2 (connected to port Fastethernet 0/23 No IP)
eth0 is also connected to vlan2 and vlan3 via
eth0.2 (registration, IP 192.168.58.1) and
eth0.3 (isolation, IP 192.168.59.1)
Switch Config:
====================================================================================================
FastEthernet0/24 on the Switch is the Uplink to gateway 192.168.57.1
Interfaces:
==================================================================================================
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast
end
interface FastEthernet0/2 - FastEthernet0/21
switchport access vlan 4
snmp trap mac-notification added
spanning-tree portfast
end
interface FastEthernet0/22
description dhcp_sniffer
port monitor FastEthernet0/24
port monitor VLAN1
end
interface FastEthernet0/23
description snort_sniffer
port monitor FastEthernet0/24
port monitor VLAN1
end
interface FastEthernet0/24
end
VLAN:
==================================================================================================
pfsw1#show vlan
VLAN Name Status Ports
---- -------------------------------- ---------
-------------------------------
1 default active Fa0/22, Fa0/23, Fa0/24
2 registration active
3 isolation active
4 undefined_state active Fa0/2, Fa0/3, Fa0/4,
Fa0/5,
Fa0/6, Fa0/7, Fa0/8,
Fa0/9,
Fa0/10, Fa0/11, Fa0/12,
Fa0/13,
Fa0/14, Fa0/15, Fa0/16,
Fa0/17,
Fa0/18, Fa0/19, Fa0/20,
Fa0/21,
Gi0/1, Gi0/2
5 guest active
Now I would like to use eth1 for the dhcplistener and eth2 for monitoring with
snort.
The problem i am faced with, is how to get the whole vlan1 traffic to eth1?
As far as i understand this, i have to get the whole traffic there in order to
detect rogue dhcp Servers.
Is this even possible with the 3500XL?
Another Problem I have is that everytime I reload the Switch, Interface
FastEthernet0/1 gets a
"switchport trunk native vlan 4", and I can not Access the Packetfence Server
until I remove this.
Maybe anyone has a hint for me, to make this testing Environment even more
perfect.
Thanks, greetings
Martin Soentgenrath
--
tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH
Geschäftsführer: Boris Esser, Elmar Geese
HRB AG Bonn 5168 - USt-ID (VAT): DE122264941
Heilsbachstraße 24, 53123 Bonn, Telefon: +49 228 52675-0
Thiemannstraße 36 a, 12059 Berlin, Telefon: +49 30 5682943-30
Internet: http://www.tarent.de/ • Telefax: +49 228 52675-25
------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
