Ok more simple.
Import all your device in packetfence set all as reg and define all your
switch with for switch in location x normal vlan as vlan x and for
location y normal vlan as vlan y.
Regards
Fabrice
Le 2013-06-29 17:05, Dustin Schuemann a écrit :
This is what I am trying to do.
We have a 50 locations all running layer 3 down to the access layer.
Currently everyone is on vlan x. When they trip our IPS we would like
to move them to vlan y. I was thinking packetfence could do that. If
the mac is in the database then when packetfence receives the
linkup/mac snmp trap it would put the switchport in vlan y. This way
it doesn't matter if they move from switch to switch.
On Sat, Jun 29, 2013 at 4:09 PM, Tim DeNike <[email protected]
<mailto:[email protected]>> wrote:
Just use vlans on a single interface.
Sent from my iPhone
On Jun 29, 2013, at 4:08 PM, Dustin Schuemann
<[email protected] <mailto:[email protected]>> wrote:
Do I have to forward the dhcp requests to packet fence or can I
use the auto register feature?
On Jun 29, 2013 3:01 PM, "Fabrice Durand" <[email protected]
<mailto:[email protected]>> wrote:
Hello Dustin,
it could be done with the github branch
https://github.com/inverse-inc/packetfence/tree/feature/iplog_accounting
In fact you will use accounting information to fill out your
database (probably have to add a function to add the device
if it doesn't exist in the database) , declare your switch in
the conf to as a production switch with all the parameter to
interact with it and don't forget to forward the dhcp traffic
to packetfence.
With that way you will have a database with all your devices
and where they are and will have the possibility to put them
in the isolation vlan if you trigger manually a violation or
automatically (snort, suricata, accounting violation ...)
And of course it could be sponsored development.
Regards
Fabrice
Le 2013-06-29 14:05, Dustin Schuemann a écrit :
This can't be done just with the SNMP notifications. What I
want to do is have a database of all the devices. If a
device needs to be in the isolation vlan I would put it in
there and then when the device is plugged in packet fence
would set the vlan for that switch interface.
On Jun 29, 2013 1:56 PM, "Fabrice Durand"
<[email protected] <mailto:[email protected]>> wrote:
Hello,
you mean without registration process and with an ids
like snort ?
If it that case, packetfence must have to know where the
device is (switch interface) and forward the dhcp
traffic to packetfence to be able for it to resolv mac
by ip.
If you do that , it's possible.
Regards
Fabrice
Le 2013-06-29 13:26, Dustin Schuemann a écrit :
Can packetfence use one interface? I only want to do
vlan isolation with MAC traps. Is this possible?
------------------------------------------------------------------------------
ThisSF.net <http://SF.net> email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net <http://SF.net> email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
ThisSF.net <http://SF.net> email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net <http://SF.net> email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net <http://SF.net> email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
