Thanks Got in and vlans configured. I'm off to races.
Bob Soderlund Network Engineer, MCP, MCSE [email protected] Person County Government Information Technology 329 S. Morgan St. Roxboro NC, 27573 Office 336-597-7810 Fax 336-597-7455 -----Original Message----- From: Mark Holmes [mailto:[email protected]] Sent: Thursday, December 08, 2011 3:03 PM To: [email protected] Subject: Re: [Packetfence-users] 32 Internal Normal VLan Bob, Also have a look at http://www.packetfence.org/about/technical_introduction.html to understand the different modes PF can operate in. You will probably want to use 8021X with mac-auth fallback, see page 12 of http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network _Devices_Configuration_Guide-3.0.3.pdf The ZEN config guide, if you don't have it:- http://www.vmware.com/appliances/directory/uploaded_files/va/10/12/20/Pa cketFenceZEN_Installation_Guide-2.0.0.pdf I am not sure if that's the latest available, but it is the most up to date I can find. I didn't use ZEN, I installed and configured it as per the admin guide, so there may be aspects of my setup that are slightly different to yours. Let me know if you get stuck. HTH, Mark -----Original Message----- From: Bob L. Soderlund [mailto:[email protected]] Sent: 08 December 2011 18:57 To: [email protected] Subject: Re: [Packetfence-users] 32 Internal Normal VLan OK its set to dhcp, how do I set to static? BOOTPROTO=STATIC IP ADDRESS =172.30.12.10 Mask 255.255.0.0 Gateway 172.30.0.254 Is that even close? Bob Soderlund Network Engineer, MCP, MCSE [email protected] Person County Government Information Technology 329 S. Morgan St. Roxboro NC, 27573 Office 336-597-7810 Fax 336-597-7455 -----Original Message----- From: Mark Holmes [mailto:[email protected]] Sent: Thursday, December 08, 2011 12:24 PM To: [email protected] Subject: Re: [Packetfence-users] 32 Internal Normal VLan Bob, Do locate ifcfg-eth0 then cat that file Regards, Mark On 8 Dec 2011, at 17:00, "Bob L. Soderlund" <[email protected]> wrote: > Command returns "No such file or directory" > Exact error is "Determining IP information for eth0.... FAILED" > > > > Bob Soderlund > Network Engineer, MCP, MCSE > [email protected] > Person County Government > Information Technology > 329 S. Morgan St. > Roxboro NC, 27573 > Office 336-597-7810 > Fax 336-597-7455 > > > -----Original Message----- > From: Mark Holmes [mailto:[email protected]] > Sent: Wednesday, December 07, 2011 6:45 PM > To: [email protected] > Subject: Re: [Packetfence-users] 32 Internal Normal VLan > > Hi Bob, > > Are you using ZEN (the Zero Effort NAC) pre-built VM? Or your own > > What is the exact error you get with eth0? > > What does running this command:- > > cat /etc/sysconfig/network-scripts/ifcfg-eth0 > > show you? > > Regards, > > Mark > > > VLAN 1 is my > management VLAN, I was hoping to get access to PF on VLAN 1 and then > build out from there. > > Yes, that will be fine. So you'll want to have eth0 on vlan 1 and set > it as management in PF. > > > > > > > > > > On 7 Dec 2011, at 23:03, "Bob L. Soderlund" > <[email protected]<mailto:[email protected]>> wrote: > > Mark, > > Thank you! I really appreciate your help. First I have to get to the > interface. When I Mount my VM and watch it boot, I get a Failure when > determining Eth0 IP config. I'm using a trunk to feed the PF VM. > Admittedly I'm not a Linux or Perl pro, but I feel the benefits of > this are well worth the learning curve. Currently I'm using some of > the VLAN ID's already, so Ill have to transpose those first. VLAN 1 is > my management VLAN, I was hoping to get access to PF on VLAN 1 and > then build out from there. > > > > > > Bob Soderlund > Network Engineer, MCP, MCSE > [email protected]<mailto:[email protected]> > Person County Government > Information Technology > 329 S. Morgan St. > Roxboro NC, 27573 > Office 336-597-7810 > Fax 336-597-7455 > > -----Original Message----- > From: Mark Holmes [mailto:[email protected]] > Sent: Wednesday, December 07, 2011 4:44 PM > To: > [email protected]<mailto:packetfence-users@lists > .s > ourceforge.net> > Subject: Re: [Packetfence-users] 32 Internal Normal VLan > > Bob, > > Have a look in, > > /usr/local/pf/lib/pf/vlan/custom.pm > > around line 63: > > you have to change the code slightly to have PF to pass the 'Bypass' > VLAN attribute. I > > # > # custom example: enforce a node's bypass VLAN > # If node record has a bypass_vlan prefer it over normalVlan > # Note: It might be made the default behavior one day > if (defined($node_info->{'bypass_vlan'}) && > $node_info->{'bypass_vlan'} ne '') { > return $node_info->{'bypass_vlan'}; > } > # > > I > > You will see in the code you can also assign devices to VLANS via > other methods than using the Bypass attribute - eg by category - which > would probably work better for you as you have quite a few VLANS in > your setup. > > In my network I have a 'trusted' VLAN (vlan 1) and 'untrusted' (vlan > 3) (set as the 'normal' VLAN in PF). When someone completes > registered they get put in VLAN 3, we can then put them in VLAN 1 > using the bypass VLAN attribute I described. > > My PF box has interfaces in the Trusted (VLAN1) set as > management,dhcplistener,monitor,internal in PF , Untrusted(3) set as > dhcplistener,internal,monitor in PF, Registration (50) set as > registration in PF, and finally Isolation(60). You could use less > interfaces by configuring 8021Q on them I think although as your > running a VM (as am I) you probably won't mind having 4 NICS. > > I believe the PF box needs to be able to see DHCP traffic on all your > VLANS -. In my method I set a dhcplistener on the two interfaces but > as you have 32 that won't be practical (you won't want 32 interfaces!) > see the admin guide (page 26)section on dhcp listeners, you'll want > to use ip-helpers I would think. > > HTH, give me a shout if you need more help. > > Mark > > > > > > > -----Original Message----- > From: Bob L. Soderlund [mailto:[email protected]] > Sent: 07 December 2011 18:27 > To: > [email protected]<mailto:packetfence-users@lists > .s > ourceforge.net> > Subject: [Packetfence-users] 32 Internal Normal VLan > > Hey everyone, Newbie here. > > > > I have a large network with 32 vlans, Each VLAN is its own subnet, and > DNS and DHCP are all handled by our Sonic wall NSA. I would like to > use Packet Fence for NAC. The documentation refers to several vlans, > manage, Registration, Isolation, Mac Detection, Guest, and Normal. I > already have a management VLAN, and have no problem creating the other > 4. My question is the 'Normal" vlan. I would have 32 of these correct? > I sure someone has done this, and is documented it here. I just need > someone to point me in right direction. I'm using the Newest Version of PF in a VM. > I have 3Comm 5500 switches. > > > > Thanks for your help. > > > > Bob Soderlund > > Network Engineer, MCP, MCSE > > [email protected]<mailto:[email protected]> > <blocked::mailto:[email protected]> > > Person County Government > > Description: PCITInformation Technology > > 329 S. Morgan St. > > Roxboro NC, 27573 > > Office 336-597-7810 > > Fax 336-597-7455 > > > > > Nuffield College is a Registered Charity No. 1137506. Registered Office: > Nuffield College, New Road, Oxford, OX1 1NF > > ---------------------------------------------------------------------- > -- > ------ > Cloud Services Checklist: Pricing and Packaging Optimization This > white paper is intended to serve as a reference, checklist and point > of discussion for anyone considering optimizing the pricing and > packaging model of a cloud services business. Read Now! > http://www.accelacomm.com/jaw/sfnl/114/51491232/ > _______________________________________________ > Packetfence-users mailing list > [email protected]<mailto:Packetfence-users@lists > .s > ourceforge.net> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ---------------------------------------------------------------------- > -- > ------ > Cloud Services Checklist: Pricing and Packaging Optimization This > white paper is intended to serve as a reference, checklist and point > of discussion for anyone considering optimizing the pricing and > packaging model of a cloud services business. Read Now! > http://www.accelacomm.com/jaw/sfnl/114/51491232/ > _______________________________________________ > Packetfence-users mailing list > [email protected]<mailto:Packetfence-users@lists > .s > ourceforge.net> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ________________________________ > Nuffield College is a Registered Charity No. 1137506. Registered Office: > Nuffield College, New Road, Oxford, OX1 1NF > ---------------------------------------------------------------------- > -- > ------ > Cloud Services Checklist: Pricing and Packaging Optimization This > white paper is intended to serve as a reference, checklist and point > of discussion for anyone considering optimizing the pricing and > packaging model of a cloud services business. Read Now! > http://www.accelacomm.com/jaw/sfnl/114/51491232/ > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ---------------------------------------------------------------------- > -------- Cloud Services Checklist: Pricing and Packaging Optimization > This white paper is intended to serve as a reference, checklist and > point of discussion for anyone considering optimizing the pricing and > packaging model of a cloud services business. Read Now! > http://www.accelacomm.com/jaw/sfnl/114/51491232/ > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users Nuffield College is a Registered Charity No. 1137506. Registered Office: Nuffield College, New Road, Oxford, OX1 1NF ------------------------------------------------------------------------ ------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------ ------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users Nuffield College is a Registered Charity No. 1137506. Registered Office: Nuffield College, New Road, Oxford, OX1 1NF ------------------------------------------------------------------------ ------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
