The vlan is x on all switches. If they need to be isolated we place them in
vlan y.
On Sat, Jun 29, 2013 at 7:06 PM, Fabrice Durand <[email protected]> wrote:
> An example:
>
> Building A -> switch A -> Normal vlan x
> Building B -> switch B -> Normal vlan y
>
> So when a device travel from A to B you want the device in building A to
> be in the vlan x and in building to be in vlan y, right ?
> And you doesn't want to have a registration vlan , right ?
>
> You just have to configure your 2 different switchs with the normal vlan
> corresponding as your building.
>
> And yes import your devices with the script import-node-csv.pl in addons
> (just add node_add_simple($mac) before node_modify( $mac, %macHash ); and
> launch like that:
> ./import-node-csv.p _mode=reg -file=node.csv
>
> where node.csv contain:
> @mac,pid,category
>
> Fabrice
>
>
>
>
> Le 2013-06-29 18:48, Dustin Schuemann a écrit :
>
> Then as devices need to be isolated in vlan y do I just change them in
> packetfence?
>
> Is there an automated way to get all the devices to be registered?
>
>
> On Sat, Jun 29, 2013 at 6:22 PM, Fabrice Durand <[email protected]>wrote:
>
>> Ok more simple.
>> Import all your device in packetfence set all as reg and define all your
>> switch with for switch in location x normal vlan as vlan x and for location
>> y normal vlan as vlan y.
>>
>> Regards
>> Fabrice
>>
>>
>> Le 2013-06-29 17:05, Dustin Schuemann a écrit :
>>
>> This is what I am trying to do.
>>
>> We have a 50 locations all running layer 3 down to the access layer.
>> Currently everyone is on vlan x. When they trip our IPS we would like to
>> move them to vlan y. I was thinking packetfence could do that. If the mac
>> is in the database then when packetfence receives the linkup/mac snmp trap
>> it would put the switchport in vlan y. This way it doesn't matter if they
>> move from switch to switch.
>>
>>
>> On Sat, Jun 29, 2013 at 4:09 PM, Tim DeNike <[email protected]> wrote:
>>
>>> Just use vlans on a single interface.
>>>
>>> Sent from my iPhone
>>>
>>> On Jun 29, 2013, at 4:08 PM, Dustin Schuemann <[email protected]>
>>> wrote:
>>>
>>> Do I have to forward the dhcp requests to packet fence or can I use
>>> the auto register feature?
>>> On Jun 29, 2013 3:01 PM, "Fabrice Durand" <[email protected]> wrote:
>>>
>>>> Hello Dustin,
>>>> it could be done with the github branch
>>>> https://github.com/inverse-inc/packetfence/tree/feature/iplog_accounting
>>>>
>>>> In fact you will use accounting information to fill out your database
>>>> (probably have to add a function to add the device if it doesn't exist in
>>>> the database) , declare your switch in the conf to as a production switch
>>>> with all the parameter to interact with it and don't forget to forward the
>>>> dhcp traffic to packetfence.
>>>>
>>>> With that way you will have a database with all your devices and where
>>>> they are and will have the possibility to put them in the isolation vlan if
>>>> you trigger manually a violation or automatically (snort, suricata,
>>>> accounting violation ...)
>>>>
>>>> And of course it could be sponsored development.
>>>>
>>>> Regards
>>>> Fabrice
>>>>
>>>>
>>>> Le 2013-06-29 14:05, Dustin Schuemann a écrit :
>>>>
>>>> This can't be done just with the SNMP notifications. What I want to do
>>>> is have a database of all the devices. If a device needs to be in the
>>>> isolation vlan I would put it in there and then when the device is plugged
>>>> in packet fence would set the vlan for that switch interface.
>>>> On Jun 29, 2013 1:56 PM, "Fabrice Durand" <[email protected]> wrote:
>>>>
>>>>> Hello,
>>>>> you mean without registration process and with an ids like snort ?
>>>>>
>>>>> If it that case, packetfence must have to know where the device is
>>>>> (switch interface) and forward the dhcp traffic to packetfence to be able
>>>>> for it to resolv mac by ip.
>>>>> If you do that , it's possible.
>>>>>
>>>>>
>>>>> Regards
>>>>> Fabrice
>>>>> Le 2013-06-29 13:26, Dustin Schuemann a écrit :
>>>>>
>>>>> Can packetfence use one interface? I only want to do vlan isolation
>>>>> with MAC traps. Is this possible?
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> This SF.net email is sponsored by Windows:
>>>>>
>>>>> Build for Windows Store.
>>>>> http://p.sf.net/sfu/windows-dev2dev
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> PacketFence-users mailing
>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> This SF.net email is sponsored by Windows:
>>>>>
>>>>> Build for Windows Store.
>>>>>
>>>>> http://p.sf.net/sfu/windows-dev2dev
>>>>> _______________________________________________
>>>>> PacketFence-users mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF.net email is sponsored by Windows:
>>>>
>>>> Build for Windows Store.
>>>> http://p.sf.net/sfu/windows-dev2dev
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> PacketFence-users mailing
>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF.net email is sponsored by Windows:
>>>>
>>>> Build for Windows Store.
>>>>
>>>> http://p.sf.net/sfu/windows-dev2dev
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by Windows:
>>>
>>> Build for Windows Store.
>>>
>>> http://p.sf.net/sfu/windows-dev2dev
>>>
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by Windows:
>>>
>>> Build for Windows Store.
>>>
>>> http://p.sf.net/sfu/windows-dev2dev
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Windows:
>>
>> Build for Windows Store.
>> http://p.sf.net/sfu/windows-dev2dev
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Windows:
>>
>> Build for Windows Store.
>>
>> http://p.sf.net/sfu/windows-dev2dev
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
> http://p.sf.net/sfu/windows-dev2dev
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
