Then as devices need to be isolated in vlan y do I just change them in
packetfence?
Is there an automated way to get all the devices to be registered?
On Sat, Jun 29, 2013 at 6:22 PM, Fabrice Durand <[email protected]> wrote:
> Ok more simple.
> Import all your device in packetfence set all as reg and define all your
> switch with for switch in location x normal vlan as vlan x and for location
> y normal vlan as vlan y.
>
> Regards
> Fabrice
>
>
> Le 2013-06-29 17:05, Dustin Schuemann a écrit :
>
> This is what I am trying to do.
>
> We have a 50 locations all running layer 3 down to the access layer.
> Currently everyone is on vlan x. When they trip our IPS we would like to
> move them to vlan y. I was thinking packetfence could do that. If the mac
> is in the database then when packetfence receives the linkup/mac snmp trap
> it would put the switchport in vlan y. This way it doesn't matter if they
> move from switch to switch.
>
>
> On Sat, Jun 29, 2013 at 4:09 PM, Tim DeNike <[email protected]> wrote:
>
>> Just use vlans on a single interface.
>>
>> Sent from my iPhone
>>
>> On Jun 29, 2013, at 4:08 PM, Dustin Schuemann <[email protected]>
>> wrote:
>>
>> Do I have to forward the dhcp requests to packet fence or can I use
>> the auto register feature?
>> On Jun 29, 2013 3:01 PM, "Fabrice Durand" <[email protected]> wrote:
>>
>>> Hello Dustin,
>>> it could be done with the github branch
>>> https://github.com/inverse-inc/packetfence/tree/feature/iplog_accounting
>>>
>>> In fact you will use accounting information to fill out your database
>>> (probably have to add a function to add the device if it doesn't exist in
>>> the database) , declare your switch in the conf to as a production switch
>>> with all the parameter to interact with it and don't forget to forward the
>>> dhcp traffic to packetfence.
>>>
>>> With that way you will have a database with all your devices and where
>>> they are and will have the possibility to put them in the isolation vlan if
>>> you trigger manually a violation or automatically (snort, suricata,
>>> accounting violation ...)
>>>
>>> And of course it could be sponsored development.
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>> Le 2013-06-29 14:05, Dustin Schuemann a écrit :
>>>
>>> This can't be done just with the SNMP notifications. What I want to do
>>> is have a database of all the devices. If a device needs to be in the
>>> isolation vlan I would put it in there and then when the device is plugged
>>> in packet fence would set the vlan for that switch interface.
>>> On Jun 29, 2013 1:56 PM, "Fabrice Durand" <[email protected]> wrote:
>>>
>>>> Hello,
>>>> you mean without registration process and with an ids like snort ?
>>>>
>>>> If it that case, packetfence must have to know where the device is
>>>> (switch interface) and forward the dhcp traffic to packetfence to be able
>>>> for it to resolv mac by ip.
>>>> If you do that , it's possible.
>>>>
>>>>
>>>> Regards
>>>> Fabrice
>>>> Le 2013-06-29 13:26, Dustin Schuemann a écrit :
>>>>
>>>> Can packetfence use one interface? I only want to do vlan isolation
>>>> with MAC traps. Is this possible?
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF.net email is sponsored by Windows:
>>>>
>>>> Build for Windows Store.
>>>> http://p.sf.net/sfu/windows-dev2dev
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> PacketFence-users mailing
>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF.net email is sponsored by Windows:
>>>>
>>>> Build for Windows Store.
>>>>
>>>> http://p.sf.net/sfu/windows-dev2dev
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by Windows:
>>>
>>> Build for Windows Store.
>>> http://p.sf.net/sfu/windows-dev2dev
>>>
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing
>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by Windows:
>>>
>>> Build for Windows Store.
>>>
>>> http://p.sf.net/sfu/windows-dev2dev
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Windows:
>>
>> Build for Windows Store.
>>
>> http://p.sf.net/sfu/windows-dev2dev
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Windows:
>>
>> Build for Windows Store.
>>
>> http://p.sf.net/sfu/windows-dev2dev
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
> http://p.sf.net/sfu/windows-dev2dev
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
