Re: [PacketFence-users] trouble expanding CustomVLANs beyond 5

Tue, 08 May 2012 06:26:34 -0700 

Hi Steve,

On 05/04/2012 07:36 PM, Steve Wittstruck wrote:
> Hi PF Community:
> 
> I'm having trouble expanding the # of CustomVlans beyond 5.

Yes, because there are only 5 customVlan attributes. It's not a dynamic
field, it's a static field.

>  Below are
> my relevant custom.pm and switches.conf lines, and the packetfence.log
> entries for the failed CustomVLAN6.  If I  grep around in other pf/conf
> files I see more hits on "CustomVLAN"'s 1 thru 5 in ui.conf* and
> violations.conf.  Is expanding the number of CustomVLAN's beyond 5 more
> complicated than I hoped? 

Scattered changes in pf::SwitchFactory and pf::SNMP would be required.

> The failed CustomVLAN6 lookup ends up putting
> the switch port into the MacDetection VLAN (I have it defined even
> though I'm using Port-Security, not Linkup/LinkDown.)  I'm running
> version 3.2.
> 
> #    # return customVlan to nodes defined with a category
>     if (defined($node_info->{'category'}) &&
> lc($node_info->{'category'}) eq "admin1") {
>         return $switch->getVlanByName('customVlan4');
>     } elsif (defined($node_info->{'category'}) &&
> lc($node_info->{'category'}) eq "admin2") {
>         return $switch->getVlanByName('customVlan5');
>     } elsif (defined($node_info->{'category'}) &&
> lc($node_info->{'category'}) eq "admin3") {
>         return $switch->getVlanByName('customVlan6');
>     }
> #

If the VLAN you want to return is the same campus-wide (ie customVlan4
is _always_ VLAN ID 100) then instead of using:

return $switch->getVlanByName('customVlanX');

you can directly return the VLAN id:

return 100;

Does that free enough customVlanX for you so that you are fine with 5?

We have plans to migrate the switch configuration to the database and
have a more flexible custom VLAN assignment configuration. Nothing short
term though, we're busy with a Web-based installer and Web Admin revamp
right now.

-- 
Olivier Bilodeau
[email protected]  ::  +1.514.447.4918 *115  ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to