All,
Thinking about using PF for Cisco WiSM's and LWAPP AP's. Saw some
postings that suggest I just need to point AAA at PF and be done with
it, but I do not believe it is all that simplistic. I am still trying to
figure out exactly what vlans should be on the nics of the system. I am
confident the registration and isolation vlans need to be trunked.
Assuming I will be changing vlans after registration using RADIUS
attributes, then the first question:
1. Whether the user vlan needs to be on a PF nic? I would like our
corporate DHCP/DNS to manage user vlan.
There is no real mentioning of a management vlan, yet I believe I need
to attach that to a nic on PF so I can access the Web GUI. Brings up
question:
2. Do I need to add a management vlan to nic on PF and assign an
address?
Since our wireless has grown quite a bit and we do not desire to have
too large a broadcast domain, we are using Interface Groups which attach
multiple vlans to a dynamic interface on the WiSM's. Brings up more
questions:
3. Do I have to make any special provisions for PF? Maybe helpers
on those vlans point to management interface so dhcpdlisten can listen?
4. Do I need to trunk the Registration and Isolation vlans to the
WiSM's?
5. Relative to the WLAN configuration, what sort of special things
must I do there to make sure PF will work?
6. How do I insure PF handles Web Auth and not Cisco?
7. What Interface do I attach WLAN to? The Registration vlan and
let AAA facilitate change to user vlan?
As you can see I am very green on this and seek assistance from someone
who is familiar with using PF on Cisco Wireless. Is there a collection
of docs out there that would explain some of this better?
Thank you,
Andrew
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
