I have been running Packetfence for my Layer 2 network now for about a year and
1/2 and it is working great. We have about 2000 nodes on the system. Thanks
for the support and great program.
This month I have been working to get my remote networks around the world setup
and so far thing are working except for 1 thing. It hasn't been as easy as L2
setup, but yesterday I finally got it figured out and working on 3 sites so far.
My main hang up for those who are struggling with it was that I did not have a
ip address on my core switch for my L2 registration vlan. Without this, the
routed networks did not know where to send the DHCP/DNS requests when the
system was switched to the registration vlan. When working on L2 network this
was not needed.
Created a int vlan on my core switch for the registration vlan and followed the
config in the admin guide. True I did have to read it over and over to grasp
the concept but it finally clicked. Anyone else struggling with this setup, I
am willing to assist where I can.
1st question I have with this setup is, I plan on keeping the REGISTRATION and
VOICE VLAN's on the same VLAN ID. ALL Routed sites will have VLAN 600 for
registration and VLAN 72 for voice. VLAN 72 is my voice vlan for my L2, but
since they will sever go across the router I am assuming this should be fine
and will simplify the config. Each remote site will have a different ip
network for those VLAN's but the ID will be identical. Will this be an issue?
2nd Question:
Everything seems work fine (DHCP and DNS for Registration / VLAN Swathing)
except for when I change a node from the gui. When the device is plugged in,
the system runs smooth. If I go to the GUI and switch the Node that is already
running from Registered to Unregistered or vice versa I get the following on
packetfence.log and the vlan doesn't change
Replaced info with ** for security
Oct 06 07:34:36 pfcmd(28416) INFO: pfcmd calling node_modify for
00:23:18:**:**:** (main::command_param)
Oct 06 07:34:36 pfcmd(28416) INFO: re-evaluating access for node
00:23:18:**:**:** (node_modify called) (pf::enforcement::reevaluate_access)
Oct 06 07:34:36 pfcmd(28416) INFO: 00:23:18:**:**:** is currentlog connected at
192.168.**.8 ifIndex 10021 in VLAN 600
(pf::enforcement::_should_we_reassign_vlan)
Oct 06 07:34:36 pfcmd(28416) INFO: MAC: 00:23:18:**:**:**, PID: 1, Status: reg.
Returned VLAN: 1 (pf::vlan::fetchVlanForNode)
Oct 06 07:34:36 pfcmd(28416) INFO: VLAN reassignment required for
00:23:18:**:**:** (current VLAN = 600 but should be in VLAN 1)
(pf::enforcement::_should_we_reassign_vlan)
Oct 06 07:34:36 pfcmd(28416) INFO: switch port for 00:23:18:**:**:** is
192.168.**.* ifIndex 10021 connection type: Wired MAC Auth
(pf::enforcement::_vlan_reevaluation)
Oct 06 07:34:39 pfsetvlan(22) INFO: local (127.0.0.1) trap for switch
192.168.**.* (main::parseTrap)
Oct 06 07:34:39 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
Argument "noSuchInstance" isn't numeric in numeric eq (==) at
/usr/local/pf/lib/pf/vlan.pm line 118.
Oct 06 07:34:39 pfsetvlan(3) INFO: reAssignVlan trap received on 192.168.**.*
ifindex 10021 which is not ethernetCsmacd (pf::vlan::doWeActOnThisTrap)
Oct 06 07:34:39 pfsetvlan(3) INFO: doWeActOnThisTrap returns false. Stop
reAssignVlan handling (main::handleTrap)
Oct 06 07:34:39 pfsetvlan(3) INFO: finished (main::cleanupAfterThread)
Thanks
Dan Nelson
Nutraceutical Corporation
Network Administrator
801-334-3702
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
