Jake,
Great feedback, Thank you!
Are you running multiple Packetfence servers for performance or mainly for
redundancy (cluster)
Hardware specs for Packetfence to support your user base?
Thanks,
Damian
On Tue, Apr 30, 2013 at 9:13 AM, Sallee, Stephen (Jake) <
[email protected]> wrote:
> We have a similar environment.
>
> We opted for MAB (MAC Authentication Bypass) on the wire instead of 802.1x
> because Microsoft's implementation of 802.1x is what can only be described
> as, purposefully obtuse.
>
> 802.1x is a fantastic technology and once you get it setup it works very
> well. However, the management is a nightmare wrapped in terror sent CoD
> courtesy of Redmond.
>
> There are several 3rd party vendors that offer suites to make the roll out
> and management of 802.1x on windows easier but they are not free and you
> get what you pay for.
>
> MAB works very well and will do everything 802.1x does sans the
> encryption. Best part? It requires no changes to the clients, MAB is
> configured on the switch and the client is blissfully ignorant.
>
> Wireless is another story, we use MAB there too. But since wireless is a
> shared medium it is significantly easier to attempt to spoof a MAC and gain
> access to the network. Just make sure you have some counter measures in
> place to mitigate known attack vectors.
>
> Jake Sallee
> Godfather of Bandwidth
> Network Engineer
> University of Mary Hardin-Baylor
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
> ________________________________
> From: Damian Mendoza [[email protected]]
> Sent: Tuesday, April 30, 2013 10:42 AM
> To: [email protected]
> Subject: [PacketFence-users] recommendations/ideas for Packetfence large
> workstation school board
>
> Hi,
>
> Looking at installing Packetfence at a school district with 8,000 wired
> workstations and 2,000 wireless devices across 26 schools.
>
> The goal is to lock down the network so switch ports are not open for
> network access unless approved by a on-site technician and wireless
> connections are more secure than just using a basic SSID. Dynamic VLAN
> assignment would be a plus for guest access.
>
> Switches are all fairly Current Cisco models that support 802.1x
>
> Does it make sense to use 802.1x on all wired devices? 90% of workstations
> are Windows XP. If we went with link up/link down would we be looking at
> performance issues on a single PF server? Would Multiple PF servers be
> recommended?
>
> Configuring 802.1x on 8,000 workstation would take some time since we
> would have to push out scripts to enable it and configure it properly.
> Wired guest workstations would also have to be configured with 802.1x which
> might not be possible.
>
> Any recommendations?
>
>
> Thanks,
>
> --
> Damian Mendoza
> [email protected]<mailto:[email protected]>
>
>
>
>
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
--
Damian Mendoza
XVR Software, LLC
949 218-3337
Ask me about how to access your mission critical servers when a disaster
occurs, SIS, BIS, eMail Servers, Transportation, etc.
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
