Hi, Sean Nelson
Thanks for a lot information again. Now I can usage client access to
internet with vlan enforcement.
but i have some question about isolation and log traffic.
isolation :
In administration guide example : registration vlan(vlan 2), i understand
that's authenticate user for access to resources in normal vlan(vlan 1) and
Mac_detection vlan(vlan 4) for check the port in switch (saying Hey!
Computer X plugged in to switch 1, port 3)
So what's isolation vlan(vlan 3)?
log traffic :
I investigate log in file usr/local/pf/logs/access_log
192.168.2.11 - - [15/Aug/2012:12:17:05 +0700] "GET
/content/images/background.png HTTP/1.1" 200 2733 "
https://localhost.localdomain/captive-portal?destination_url=http://www.doolakorntv.com/";
"Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.289 Version/12.00"
192.168.2.11 - - [15/Aug/2012:12:17:10 +0700] "GET / HTTP/1.1" 307 292 "-"
"Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.289 Version/12.00"
192.168.2.11 - - [15/Aug/2012:12:17:10 +0700] "GET
/captive-portal?destination_url=http://www.mthai.com/ HTTP/1.1" 200 6990
"-" "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.289 Version/12.00"
this log can check client to any url but check in registration vlan (in
captive-portal page) if user authenticate and change to vlan 1 access to
internet (ip 192.168.2.11(vlan 2) change to 10.30.254.129(vlan 1)), Can i
check user go to any url in vlan 1? Could you spot me for this direction?
Best Regards
Boonyawat
2012/8/9 Boonyawat Pattarachaichan <[email protected]>
> I appreciate for a lot information .
> It's be clearly. I will try to work on packetfence again.
>
> ????????????? :)
> Boonyawat
>
> 2012/8/9 Boonyawat Pattarachaichan <[email protected]>
>
>> Hi Sean Nelson
>>
>> I really thank for quick reply and a lot information.
>>
>> in vlan_enforcement.png That's true isn't it?
>> show that i've just 1 network card right? simple:(eth1 = management,
>> eth1.2 = registration, eth1.3 = isolation) for vlan enforcement
>>
>> I understand that eth1 plugged to trunk port on switch but
>> Can i plugged WAN to any port? (i've cisco 2960 : 24 Ethernet and 2 Gig
>> port)
>>
>> detail on my switch
>> i config trunk port is port 24
>> port 1-4 is vlan 2 for registration
>> port 5-8 is vlan 3 for isolation
>> other than that is vlan 1
>>
>> apology for my english so bad
>>
>> Thanks for any help. :)
>> Boonyawat
>>
>> 2012/8/9 Boonyawat Pattarachaichan <[email protected]>
>>
>>> Hi. all
>>>
>>> I confuse about structure of vlan enforcement. If i chose vlan
>>> enforcement (I hope client connect to internet.)
>>> how i should config my network?
>>>
>>> in network.png i've 2 network card (eth0,eth1) and switch cisco2960 and
>>> i config eth1(management) eth1.2(registration) eth1.3(isolation)
>>> that's is true isn't it?
>>>
>>> Sorry for silly question
>>>
>>> Thanks for your help
>>> Boonyawat
>>>
>>>
>>>
>>>
>>>
>>>
>>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
