What you are describing is exactly what we have too. While we are not yet in
full production the basic idea of our deployment will not change when we are so
I am comfortable sharing it.
In our environment each building has its own set of VLans each with their own
IP space, to cross VLans or buildings you need to be routed. We found you do
NOT need the PacketFence box to have an interface in each VLan since the router
will take care of the routing (go figure, right!).
We have setup IP Helpers on each of our vlans to both our DHCP server and our
PF box, this makes sure that the dhcp request and inform packest are seen by PF
and you don't get that nasty "ip was not found in database" screen on your
clients. Then, since BIND is awesome and so lightweight, we used the PF box to
do the DNS blackhole-ing for the registration and remediation networks. The
only catch was to make sure you have all the networks you want PF to manage in
your networks.conf file. Without this it will not work. But, you do not need
to enter anything in the PF Gateway field, in a routed environment it is not
needed.
Hope that helps!
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Mark Duling [mailto:[email protected]]
Sent: Thursday, June 30, 2011 7:18 PM
To: [email protected]
Subject: [Packetfence-users] PacketFence and routed networks
Hello all,
I'm new to PF and planning a test setup. I've read as much as I can of the
docs and mailing lists, but I still have a few questions about how I need to
setup PF.
My planned setup is for all registration and isolation vlans to be routed
--none will be local--since our campus uses routed links between buildings and
all vlans are local to a given building's L2 domain.
Q1) My assumption therefore is that I don't do trunking on the PF server's
NIC. No problem with all routed vlans, correct?
Q2) What will be the pf_gateway for each routed registration and isolation
vlan?
In the Guide_To_Deploy_PF_In_Routed_Network, in section "Routed Registration
and Isolation Vlans," it says:
"For a remote routed network, this has to be set to the PacketFence local
network gateway in this Vlan. PacketFence uses it to create local static routes
to the remote routed network."
In the example, it uses an ip for pf_gateway that is in the ip range of a local
vlan defined in networks.conf. Does there need to be a local vlan for each
routed one just to have a gateway? If not, how are the vlans related to each
other, and why would there need to be a dhcp range for both a local and a
routed registration vlan?
Or, to put it another way, what is the simplest and best way to set up PF to
have all registration and isolation vlans routed?
Best regards,
Mark
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
