Your English is pretty good. It is a lot better than my Thai!
The information below may not be 100% accurate since I work with HP equipment, not Cisco, but the theory should be the same. You will want to review the Administration and Configuration guides on packetfence.org to get familiar with the technical details for your equipment. In your diagram vlan_enforcement.png, you have drawn a vlan enforcement scenario. However, it sounds like you might be misunderstanding the concept of how Packetfence performs Network Access Control. Let's say your PacketFence server is plugged in to port 1 on your switch. Port 1 should have vlan1, 2, and 3 trunked to it. It appears that you already have your vlans set up in Linux on eth0, so you should be all set there. If you are going to connect to an external network, let's put that on port 24. Vlan 1 should be trunked to port 24. If you are going to be doing any IP routing within the switch, you'll have to take care of that later, since its beyond the scope of what Packetfence does. In your switches.conf, you should have your Cisco 2960 configured with its vlan numbers, IP Address, and SNMP names. I haven't set up Cisco equipment with PacketFence, but I think your Cisco 2960 should be configured with MAC security on ports 2-23, and should be configured with the address of the Packetfence server as an SNMP server. On ports 2-23 I think you can trunk vlan 2 if you want. This will get over-ridden by PacketFence later. If everything is configured correctly, it will work like this: 1. PC1 plugs in to Port 2 and attempts to connect to the Internet 2. MAC Security sends an alarm via SNMP to PacketFence saying "Computer X plugged in to Switch 1, Port 2" 3. Packetfence looks in its authentication database, and doesn't have a record that Comptuer X should be on Port 2. 4. PacketFence sends an SNMP command to the Cisco switch that says "Assign vlan2 to port 2". Now PC1 is on the Registration VLAN 5. PC1 attempts to navigate to an HTTP site and gets redirected to the authentication page. There is no way for traffic to flow from PC1 to the Internet, because there is no Internet connection in VLAN2. 6. The user at PC1 types his username and password and hits enter 7. Packetfence receives the username/password and confirms that it is correct. 8. Packetfence looks at the switches.conf configuration to see what the "normal" vlan is. It is set as VLAN 1. 9. Packetfence tells Switch1 "Assign vlan 1 to port 2". 10. Now PC1 is on VLAN1. If you have set up a gateway on this VLAN (which it sounds like you intend to do with port 24 on your switch) that user can now access the gateway, and thus, access the Internet. From: Boonyawat Pattarachaichan [mailto:[email protected]] Sent: Wednesday, August 08, 2012 2:44 PM To: [email protected] Subject: Re: [PacketFence-users] could you explain about structure vlan enforcement Hi Sean Nelson I really thank for quick reply and a lot information. in vlan_enforcement.png That's true isn't it? show that i've just 1 network card right? simple:(eth1 = management, eth1.2 = registration, eth1.3 = isolation) for vlan enforcement I understand that eth1 plugged to trunk port on switch but Can i plugged WAN to any port? (i've cisco 2960 : 24 Ethernet and 2 Gig port) detail on my switch i config trunk port is port 24 port 1-4 is vlan 2 for registration port 5-8 is vlan 3 for isolation other than that is vlan 1 apology for my english so bad Thanks for any help. :) Boonyawat 2012/8/9 Boonyawat Pattarachaichan <[email protected]> Hi. all I confuse about structure of vlan enforcement. If i chose vlan enforcement (I hope client connect to internet.) how i should config my network? in network.png i've 2 network card (eth0,eth1) and switch cisco2960 and i config eth1(management) eth1.2(registration) eth1.3(isolation) that's is true isn't it? Sorry for silly question Thanks for your help Boonyawat DoubleCheck identified this as CLEAN. Give feedback: <http://dcem.cccp.com/ms?k=nLYmSWBw0PQ3> This is SPAM . <http://dcem.cccp.com/md?k=nLYmSWBw0PQ3> More
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
