Hi Susan, On 08/23/2012 02:11 PM, Nall, Susan (N-The Judge Group) wrote: > Hello, > > > > We are trying to setup and configure Packet Fence to test it on our > network for wired guest internet access. Our security team has required > that all guest net internet traffic be isolated from our internal > network, but we’d like to be able to manage the packet fence > installation from our internal network (probably in the DMZ). We will > have a proxy server delivered via DHCP to clients successfully > registering on the guest network. If my DMZ IP space is 192.168.0.0, > the Guest Normal Internet traffic vlan is 192.168.2.0, with Guest > Registration vlan 192.168.3.0 and Isolation vlan 192.168.4.0, how do I > configure my interfaces in packet fence? PF is installed on RHEL6 in a > vmware VM managed via vSphere. Eventually we will route the guest net > vlans in a separate VRF across our MPLS tunnel via a DMVPN encrypted > tunnel but for now we’re trying to get the installation working at a > single site where the internet connection, proxy and packet fence server > and guests are all located at the same site. Here’s what we’re assuming > now: > > > > We’d like to be able to manage the packet fence configuration from our > internal network vlan 100 via the DMZ: > > PF server 192.168.0.7/24, GW 192.168.0.1 > > Vlan 100 > > Type Management > > > > Isolation vlan > > PF server 192.168.4.7/24, GW 192.167.4.7 > > Vlan 183 > > Type Isolation > > > > Registration vlan > > PF server 192.168.3.7/24, GW 192.168.3.7 > > Vlan 182 > > Type Registration > > > > Authenticated Guests with internet access: > > PF server 192.168.2.7/24, GW192.168.2.1 > > Vlan 181 > > Type ?
Is the PacketFence system only used for guests? If so, then at the installation stage create the interface but don't assign it a type. You'll use that VLAN as the normal VLAN in the 'default' switch configuration. > > > > TMG Proxy server at “http://192.168.2.3/wpad.dat” (the DHCP server on PF > will need to deliver this to clients in the Guest VLAN) Usually we don't host the DHCP for VLANs others than registration / isolation. But if you want to do so and provide the above option, just alter the /usr/local/pf/conf/dhcpd.conf file with the proper options for your scope. > > > > Question: > > What interface type do we select for each of the above, since the PF > server configurator page only presents the options “Management”, > “Registration”, and “Isolation”, so we’re not sure what type to select > for the Authenticated Guests vlan. > See above. Cheers! -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
