Jake,
Thanks so much for that invaluable info. It will no doubt save me a lot of
time. I'm going to try it today. I also wish to use our own (not-PF) DHCP
server, so it sounds like our environments are identical.
I may have some further questions as I go. Thanks again!
Mark
On Fri, Jul 1, 2011 at 8:04 AM, Sallee, Stephen (Jake) <[email protected]
> wrote:
> What you are describing is exactly what we have too. While we are not
> yet in full production the basic idea of our deployment will not change when
> we are so I am comfortable sharing it.****
>
> ** **
>
> In our environment each building has its own set of VLans each with their
> own IP space, to cross VLans or buildings you need to be routed. We found
> you do NOT need the PacketFence box to have an interface in each VLan since
> the router will take care of the routing (go figure, right!). ****
>
> ** **
>
> We have setup IP Helpers on each of our vlans to both our DHCP server and
> our PF box, this makes sure that the dhcp request and inform packest are
> seen by PF and you don’t get that nasty “ip was not found in database”
> screen on your clients. Then, since BIND is awesome and so lightweight, we
> used the PF box to do the DNS blackhole-ing for the registration and
> remediation networks. The only catch was to make sure you have all the
> networks you want PF to manage in your networks.conf file. Without this it
> will not work. But, you do not need to enter anything in the PF Gateway
> field, in a routed environment it is not needed.****
>
> ** **
>
> Hope that helps!****
>
> ** **
>
> Jake Sallee****
>
> Godfather of Bandwidth****
>
> System Engineer****
>
> University of Mary Hardin-Baylor****
>
> 900 College St.****
>
> Belton, Texas****
>
> 76513****
>
> Fone: 254-295-4658****
>
> Phax: 254-295-4221****
>
> ** **
>
> *From:* Mark Duling [mailto:[email protected]]
> *Sent:* Thursday, June 30, 2011 7:18 PM
> *To:* [email protected]
> *Subject:* [Packetfence-users] PacketFence and routed networks****
>
> ** **
>
> Hello all,****
>
> ** **
>
> I'm new to PF and planning a test setup. I've read as much as I can of the
> docs and mailing lists, but I still have a few questions about how I need to
> setup PF.****
>
> ** **
>
> My planned setup is for all registration and isolation vlans to be routed
> --none will be local--since our campus uses routed links between buildings
> and all vlans are local to a given building's L2 domain. ****
>
> ** **
>
> Q1) My assumption therefore is that I don't do trunking on the PF server's
> NIC. No problem with all routed vlans, correct?****
>
> ** **
>
> Q2) What will be the pf_gateway for each routed registration and isolation
> vlan?****
>
> ** **
>
> In the Guide_To_Deploy_PF_In_Routed_Network, in section "Routed
> Registration and Isolation Vlans," it says:****
>
> ** **
>
> "For a remote routed network, this has to be set to the PacketFence local
> network gateway in this Vlan. PacketFence uses it to create local static
> routes to the remote routed network."****
>
> ** **
>
> In the example, it uses an ip for pf_gateway that is in the ip range of a
> local vlan defined in networks.conf. Does there need to be a local vlan for
> each routed one just to have a gateway? If not, how are the vlans related
> to each other, and why would there need to be a dhcp range for both a local
> and a routed registration vlan?****
>
> ** **
>
> Or, to put it another way, what is the simplest and best way to set up PF
> to have all registration and isolation vlans routed?****
>
> ** **
>
> Best regards,****
>
> ** **
>
> Mark****
>
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2d-c2
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
