Fletcher Haynes wrote: > Hello, > > I have experimented with the Linux HA configuration recommendation in > the Administrator's guide, and at this point, I would prefer to find a > different solution for load balancing and failover. I am hoping some of > you might be able to answer a few questions...
Why not use the HA configuration they recommend? I have it up and running here and it seems to work well in the testing I've done thus far. > 1) Has anyone put PacketFence behind a Cisco IP SLB? Specifically, would > there be any issues configuring a virtual IP for both the FreeRadius > aspect, and the captive portal part on the registration VLAN? It seems > like it should work fine to me, but I could be missing something... I'm not sure how this works with packetfence, but with a pure freeradius environment, this causes issues with accounting since you can't guarantee that accounting packets will get to the same server every time. > 2) Are there any sizing/scaling guidelines for PacketFence? I haven't > been able to find any other than the minimums in the administrator's guide. I asked the same thing. A single CPU with 8G ram seems to be sufficient for 10k+ clients according to the rep I talked to. > 4) Does anyone have any suggestions on a way to implement a "let > everyone authorize" failover option? In our particular environment, if > PacketFence were to go down for some reason, my preference would be that > everyone automatically get put on the access vlan configured on the > switch. I was thinking of a separate FreeRadius server configured to > just authorize everyone set as a secondary or tertiary aaa server in the > various switches. What's your intention with PF? If you default to "let everyone authorize" in the event of a failure, it becomes a fairly simple task to gain network access by DoSing your PF server. That said, I *think* I saw some config options on a Cisco switch to configure this. > Regards, > -- > Fletcher Haynes <[email protected] <mailto:[email protected]>> -- --------------------------- Jason 'XenoPhage' Frisvold [email protected] --------------------------- "Any sufficiently advanced magic is indistinguishable from technology.\" - Niven's Inverse of Clarke's Third Law ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
