On Thu, Sep 20, 2012 at 07:50:15PM +0000, Brian Candler wrote: > I'm afraid I've got a bit stuck in the configurator. > > At step 1, I've deselected "inline" and selected "VLAN enforcement" > > At step 2, there is only one network interface, which I have marked > "Management". However it won't let me proceed, as it then says: > > Error! You must assign an interface to the following types: Registration, > Isolation > > Surely if the registration and isolation networks are routed, I do not need > separate local interfaces (e.g. subinterfaces) for them? But I cannot assign > one interface to multiple functions.
I worked around this by: 1. getting PF to create spurious interfaces eth0.254 and eth0.255 2. completing the initial configurator 3. setting eth0 to "management,internal" in configuration->interfaces 4. removing eth0.254 and eth0.255 in configuration->interfaces (and then using vconfig to remove them for real) 5. trying to update configuration->networks to reflect the real isolation networks However I have some issues to report. (1) There seem to be a number of bugs in configuration->networks, for example adding a network shows: --- Error: Problems executing 'PFCMD networkconfig add type="vlan-registration", named="enabled", dhcpd="enabled", netmask="255.255.255.0", gateway="10.2.255.0", next_hop="", domain-name="vlan-registration.example.com", dns="192.0.2.14", dhcp_start="10.2.255.10", dhcp_end="10.2.255.250", dhcp_default_lease_time="30", dhcp_max_lease_time="30"' Command not understood. (pfcmd grammar test failed at line 210.) --- (although I was able to add some networks later, I'm not sure of the exact circumstance which cause this one) Deleting a network shows: --- Error: Problems executing 'PFCMD networkconfig delete 10.1.254.0' Insecure dependency in sysopen while running setgid at /usr/share/perl5/File/Temp.pm line 513. --- (however I can easily work around the latter one by running pfcmd at the shell prompt) Aside: it's not clear what the difference is between "Clients Gateway" and "Gateway to remote VLAN" settings are - presumably one of these in the gateway returned by DHCP, but I have no idea what the other might be for. (2) I need to restart dhcpd, and indeed it is running, but the administration->services page shows dhcpd (expected status) stopped (actual status) running with no action buttons next to it. Clearly I cannot use the usual initscript because, for example, DHCPDARGS is set to empty string in /etc/sysconfig/dhcpd (Aside: the same is true for named and radiusd: they are really running but the expected status is stopped) It's important I restart dhcpd and check it binds to the right interfaces, because at the moment it's still listening on the fake vlan subinterfaces that I deleted earlier: root 7319 0.0 0.0 46496 3868 ? Ss 15:59 0:00 /usr/sbin/dhcpd -lf /usr/local/pf/var/dhcpd/dhcpd.leases -cf /usr/local/pf/var/conf/dhcpd.conf eth0.255 eth0.254 I found `pfcmd service pf status`, and notice that pf.conf.defaults has [services] dhcpd=enabled named=enabled radiusd=enabled but these are not in pf.conf (and adding them doesn't seem to make a difference). So I'm not yet sure what's the right way to fix this. (3) > P.S. The configurator does not work in Chrome (OSX, 21.0.1180.89). Even > though I uncheck Inline enforcement and check VLAN enforcement on the first > page, the second page still thinks I am doing Inline enforcement (the > interface can be set to Management or Inline). FYI, Safari also exhibits this problem. (4) I found a web usability issue. When adding a new monitor interface (configuration->interfaces), if you leave the IP address blank you get ---- Error: Problems executing 'PFCMD interfaceconfig get all' could not parse at /usr/local/pf/lib/pf/config.pm line 362 ---- which corresponds to: $int_obj = new Net::Netmask( $ip, $mask ); Obviously my mistake - I didn't want to give my monitor interface an IP, but I am happy to if necessary. However from this point onwards the web interface is completely screwed, displaying errors and backtraces, until you manually edit pf.conf and set an IP address and netmask for this interface. (5) Very minor point: documentation.conf has [interface.type] type=multi options=internal|management|managed|monitor|dhcplistener|dhcp-listener|high-availability description=<<EOT Describes "type" of named interface. ... and goes on to describe the options. However the web interface also offers "external", I don't know what it's for. Can this be added to the documentation? Thanks, Brian. ------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
