An example:
Building A -> switch A -> Normal vlan x
Building B -> switch B -> Normal vlan y
So when a device travel from A to B you want the device in building A to
be in the vlan x and in building to be in vlan y, right ?
And you doesn't want to have a registration vlan , right ?
You just have to configure your 2 different switchs with the normal vlan
corresponding as your building.
And yes import your devices with the script import-node-csv.pl in addons
(just add node_add_simple($mac) before node_modify( $mac, %macHash );
and launch like that:
./import-node-csv.p _mode=reg -file=node.csv
where node.csv contain:
@mac,pid,category
Fabrice
Le 2013-06-29 18:48, Dustin Schuemann a écrit :
Then as devices need to be isolated in vlan y do I just change them in
packetfence?
Is there an automated way to get all the devices to be registered?
On Sat, Jun 29, 2013 at 6:22 PM, Fabrice Durand <[email protected]
<mailto:[email protected]>> wrote:
Ok more simple.
Import all your device in packetfence set all as reg and define
all your switch with for switch in location x normal vlan as vlan
x and for location y normal vlan as vlan y.
Regards
Fabrice
Le 2013-06-29 17:05, Dustin Schuemann a écrit :
This is what I am trying to do.
We have a 50 locations all running layer 3 down to the access
layer. Currently everyone is on vlan x. When they trip our IPS we
would like to move them to vlan y. I was thinking packetfence
could do that. If the mac is in the database then when
packetfence receives the linkup/mac snmp trap it would put the
switchport in vlan y. This way it doesn't matter if they move
from switch to switch.
On Sat, Jun 29, 2013 at 4:09 PM, Tim DeNike <[email protected]
<mailto:[email protected]>> wrote:
Just use vlans on a single interface.
Sent from my iPhone
On Jun 29, 2013, at 4:08 PM, Dustin Schuemann
<[email protected] <mailto:[email protected]>> wrote:
Do I have to forward the dhcp requests to packet fence or
can I use the auto register feature?
On Jun 29, 2013 3:01 PM, "Fabrice Durand"
<[email protected] <mailto:[email protected]>> wrote:
Hello Dustin,
it could be done with the github branch
https://github.com/inverse-inc/packetfence/tree/feature/iplog_accounting
In fact you will use accounting information to fill out
your database (probably have to add a function to add
the device if it doesn't exist in the database) ,
declare your switch in the conf to as a production
switch with all the parameter to interact with it and
don't forget to forward the dhcp traffic to packetfence.
With that way you will have a database with all your
devices and where they are and will have the possibility
to put them in the isolation vlan if you trigger
manually a violation or automatically (snort, suricata,
accounting violation ...)
And of course it could be sponsored development.
Regards
Fabrice
Le 2013-06-29 14:05, Dustin Schuemann a écrit :
This can't be done just with the SNMP notifications.
What I want to do is have a database of all the
devices. If a device needs to be in the isolation vlan
I would put it in there and then when the device is
plugged in packet fence would set the vlan for that
switch interface.
On Jun 29, 2013 1:56 PM, "Fabrice Durand"
<[email protected] <mailto:[email protected]>> wrote:
Hello,
you mean without registration process and with an
ids like snort ?
If it that case, packetfence must have to know
where the device is (switch interface) and forward
the dhcp traffic to packetfence to be able for it
to resolv mac by ip.
If you do that , it's possible.
Regards
Fabrice
Le 2013-06-29 13:26, Dustin Schuemann a écrit :
Can packetfence use one interface? I only want to
do vlan isolation with MAC traps. Is this possible?
------------------------------------------------------------------------------
ThisSF.net <http://SF.net> email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net <http://SF.net> email is sponsored by
Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
ThisSF.net <http://SF.net> email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net <http://SF.net> email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net <http://SF.net> email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
