Hello again,
I had a few more questions about Packet Fence that I was hoping I could
get answered. After working with the In-line configuration with the ZEN
installation, I thought I would try deploying a VLAN enforcement set up,
but have run into a few stumbling blocks. I imagine this is partially
due to my lack of understanding the software.
First, I'm interested primarily in deploying Packet Fence as a captive
portal with some sort of "abuse control," preferably through MAC address
blocking and bandwidth limiting. I know Packet Fence can do both of
these things, but the violation configuration pages suggest it relies on
a VLAN enforcement setup to work. Are these controls usable using
In-line only enforcement? How? MAC blocking did not seem to work with my
In-line setup, despite the violation being acknowledged by the software
(entered into violation.conf) and there did not seem to be any bandwidth
limit checks being done according to the logs (I set the sample from the
ZEN installation to "TOT1KB1M" as a test and was never cut off, for
example).
Second, I'm attempting a Packet Fence installation with VLAN enforcement
on Debian 6 (which I understand may be a problem in itself). I'm hoping
to simplify the process because the environment I wish to put Packet
Fence into does not require anything extraordinary (it will be a simple
guest wireless portal, where traffic flows in one interface and out the
other. In case of remediation, a single tertiary VLAN to dump the extra
traffic is enough). To do something like this, could I simply have this
setup?
Packet Fence interface on a VLAN-trunked port containing the
registration and isolation VLANs, with the outside network as the native
VLAN.
A secondary port for the connecting traffic (in this case, a test
laptop) with the registration VLAN native.
A tertiary port for remediation, with the isolation VLAN native.
Or does Packet Fence require all pieces of the setup to work properly?
I've attempted a similar set up to what I suggested and am unable to
gain network access after registering. I don't know if this is a problem
with my setup, or something the software can be configured to adapt for.
Please let me know if I am over-complicating things, as there may be an
easier configuration for my needs.
Sorry for the long email, and thank you for your time.
Christian
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
