In my config we have 3 interfaces ... but only one is being used : ) I am not intimately familiar with the code but it is my understanding that PF "needs" a separate interface for registration, isolation, and management.
What we did was setup the management interface on the box and then setup the other interfaces as virtual interfaces using separate vlans on the same physical interface. PF seems to like this config just fine as we have been using it in production for 2+ years. Also, about the DHCP traffic. AFAIK it is only necessary for PF to see DHCP on the registration and isolation networks, we send a copy of all our dhcp traffic (via a second IP helper entry) because it is simpler and an easy way to get a quick glance at what is on our network. But, it is my understanding that it is not necessary except on the aforementioned vlans. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton TX. 76513 Fone: 254-295-4658 Phax: 254-295-4221 HTTP://WWW.UMHB.EDU -----Original Message----- From: Brian Candler [mailto:[email protected]] Sent: Saturday, September 29, 2012 2:33 PM To: [email protected] Subject: Re: [PacketFence-users] Registration in routed networks On Wed, Sep 26, 2012 at 09:42:05PM +0100, Brian Candler wrote: > (4) Now this is where things get murky for me. pfdhcplistener is > running (two instances?!) but I don't understand exactly what traffic > it needs to see. > > Does it need to see DHCP packets from production subnets only? What if > it also sees DHCP activity from isolation and registration subnets? Further digging through code: pfdhcplistener is started on all internal interfaces (@listen_ints) and all management interfaces (@dhcplistener_ints) - those arrays are set in lib/pf/config.pm: readPfConfigFiles () - daemons started in lib/pf/services.pm: service_ctl() Each pfdhcplistener instance is started with identical options except -i<interface> Therefore, it appears that pfdhcplistener *does* expect to see both production dhcp traffic and registration/isolation dhcp traffic; and therefore I still can't see any reason why PF needs more than one interface when managing a routed network. I still hope someone can either refute or confirm this - and when I know the score, I would be happy to contribute some extra documentation to clarify. Regards, Brian. ------------------------------------------------------------------------------ How fast is your code? 3 out of 4 devs don\\\'t know how their code performs in production. Find out how slow your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219672;13503038;z? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
