Hi Boonyawat,

 

You have drawn a diagram of in-line enforcement.  With Vlan enforcement, the
Packetfence server would be plugged in to your switch just like any other
server or desktop.  The PacketFence server uses messages from the switch
such as DHCP broadcasts and SNMP MAC Security Enforcement messages to
determine which clients are connected to which ports.  

 

As an example, it might work something like this:

 

1.       Client plugs in to a switch that is configured with mac security
on, and configured to send snmp messages to the PacketFence server

2.       The switch sends the MAC Security message to packetfence (saying
Hey!  Computer X plugged in to switch 1, port 3)

3.       Packetfence doesn't have a record of Computer X being authorized to
connect, so it sends a message to the switch1 "place port 3 in VLAN 2"

4.       Since VLAN2 is registration, the client can't access HTTP pages
except the PacketFence Logon page.  The user logs on using the PacketFence
logon page.

5.       Packetfence authenticates the username and password and recognizes
the user as valid.  It then sends a message to Switch1: "Place port 3 in
VLAN 1". 

6.       Now the user can access all the resources that are in VLAN1.  If
you have an Internet connection available there, they can access the
Internet.  If servers and printers are on VLAN1, they are accessible too.  

 

If your equipment isn't totally compatible with VLAN enforcement, the
In-Line enforcement will let you do many of the same things, except it can
only control access through a bottleneck.  So in your diagram, you could use
PacketFence to control access to the WAN cloud, but the clients could still
talk to each other.  Instead of telling your switch to enforce access
control, PacketFence just decides whether or not a user's packets should be
forwarded through to the outside network interface.

 

From: Boonyawat Pattarachaichan [mailto:[email protected]] 
Sent: Wednesday, August 08, 2012 1:04 PM
To: [email protected]
Subject: [PacketFence-users] could you explain about structure vlan
enforcement

 

Hi. all

 

I confuse about structure of vlan enforcement. If i chose vlan enforcement
(I hope client connect to internet.)

how i should config my network? 

 

in network.png i've 2 network card (eth0,eth1) and switch cisco2960 and i
config eth1(management) eth1.2(registration) eth1.3(isolation)

that's is true isn't it?

 

Sorry for silly question

 

Thanks for your help

Boonyawat

 

 

 

 

 


DoubleCheck identified this as CLEAN. Give feedback:
<http://dcem.cccp.com/ms?k=MZnbymhgPXo1> This is SPAM .
<http://dcem.cccp.com/md?k=MZnbymhgPXo1> More 

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to