Hi Michael, On 10/11/10 9:21 PM, Hsin-mu Tsai wrote: > Hi, > > We are currently evaluating whether it is possible to use packetfence > in our environment. I have done some research on the maillist but > couldn't find an exact answer. > > Here is a short version of my question: does packetfence support the > use case of having multiple devices (MAC addresses) under one switch > port (in vlan mode)? > > Let me know explain a little bit more about our environment. Our core > switch and access switches are mostly cisco (3750 and 2960) ones, > which are supported by packetfence according to the documentation. > However, the problem is that when the network cables are deployed > throughout our building, each laboratory in our department only gets 3 > cables (and, hence, 3 ports on the access switch). This is obviously > not enough for the lab as they usually have 10-20 devices, and have > their own unmanaged small switches. An obvious solution would be to > renew the cable infrastructure and add more access switches, but we > currently don't have the budget to do so. Hence, the multiple MAC > addresses under one switch port problem. > > We want to implement a basic registration mechanism, so that all > devices on our network are associated with a user in our department > and if new devices without registration are plugged in they will be > blocked. The registration process doesn't have to be done on the new > device since we can ask the user to register new ones using an already > registered computer or submit the request to the network administrator > via e-mail. Can packetfence simply add registered devices to the > secure MAC address list and increase the maximum allowed MAC on the > switch? (and therefore, the switch will block any unregistered new > devices) As for isolation, since all devices on the same switch port > belong to the same lab, it is okay to put all of them to the isolation > vlan if there's a violation from any of those devices. > > We understand that the feature we are interested in might need some > modifications to the current version of packetfence. If that is the > case, where do we start?
You understand the problems very well and with the limitations you are ready to accept, yes it would be possible. It would need a rework of the core. Hop on to the packetfence-devel mailing list and tell us where you are at and we'll see if we can help you. Cheers! -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
