Hi Boonyawat,
You have drawn a diagram of in-line enforcement. With Vlan enforcement, the Packetfence server would be plugged in to your switch just like any other server or desktop. The PacketFence server uses messages from the switch such as DHCP broadcasts and SNMP MAC Security Enforcement messages to determine which clients are connected to which ports. As an example, it might work something like this: 1. Client plugs in to a switch that is configured with mac security on, and configured to send snmp messages to the PacketFence server 2. The switch sends the MAC Security message to packetfence (saying Hey! Computer X plugged in to switch 1, port 3) 3. Packetfence doesn't have a record of Computer X being authorized to connect, so it sends a message to the switch1 "place port 3 in VLAN 2" 4. Since VLAN2 is registration, the client can't access HTTP pages except the PacketFence Logon page. The user logs on using the PacketFence logon page. 5. Packetfence authenticates the username and password and recognizes the user as valid. It then sends a message to Switch1: "Place port 3 in VLAN 1". 6. Now the user can access all the resources that are in VLAN1. If you have an Internet connection available there, they can access the Internet. If servers and printers are on VLAN1, they are accessible too. If your equipment isn't totally compatible with VLAN enforcement, the In-Line enforcement will let you do many of the same things, except it can only control access through a bottleneck. So in your diagram, you could use PacketFence to control access to the WAN cloud, but the clients could still talk to each other. Instead of telling your switch to enforce access control, PacketFence just decides whether or not a user's packets should be forwarded through to the outside network interface. From: Boonyawat Pattarachaichan [mailto:[email protected]] Sent: Wednesday, August 08, 2012 1:04 PM To: [email protected] Subject: [PacketFence-users] could you explain about structure vlan enforcement Hi. all I confuse about structure of vlan enforcement. If i chose vlan enforcement (I hope client connect to internet.) how i should config my network? in network.png i've 2 network card (eth0,eth1) and switch cisco2960 and i config eth1(management) eth1.2(registration) eth1.3(isolation) that's is true isn't it? Sorry for silly question Thanks for your help Boonyawat DoubleCheck identified this as CLEAN. Give feedback: <http://dcem.cccp.com/ms?k=MZnbymhgPXo1> This is SPAM . <http://dcem.cccp.com/md?k=MZnbymhgPXo1> More
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
