How would I configure the interfaces since I won't have a registration or
isolation interface in packetfence?
On Sat, Jun 29, 2013 at 7:54 PM, Dustin Schuemann <[email protected]>wrote:
> The vlan is x on all switches. If they need to be isolated we place them
> in vlan y.
>
>
> On Sat, Jun 29, 2013 at 7:06 PM, Fabrice Durand <[email protected]>wrote:
>
>> An example:
>>
>> Building A -> switch A -> Normal vlan x
>> Building B -> switch B -> Normal vlan y
>>
>> So when a device travel from A to B you want the device in building A to
>> be in the vlan x and in building to be in vlan y, right ?
>> And you doesn't want to have a registration vlan , right ?
>>
>> You just have to configure your 2 different switchs with the normal vlan
>> corresponding as your building.
>>
>> And yes import your devices with the script import-node-csv.pl in addons
>> (just add node_add_simple($mac) before node_modify( $mac, %macHash ); and
>> launch like that:
>> ./import-node-csv.p _mode=reg -file=node.csv
>>
>> where node.csv contain:
>> @mac,pid,category
>>
>> Fabrice
>>
>>
>>
>>
>> Le 2013-06-29 18:48, Dustin Schuemann a écrit :
>>
>> Then as devices need to be isolated in vlan y do I just change them in
>> packetfence?
>>
>> Is there an automated way to get all the devices to be registered?
>>
>>
>> On Sat, Jun 29, 2013 at 6:22 PM, Fabrice Durand <[email protected]>wrote:
>>
>>> Ok more simple.
>>> Import all your device in packetfence set all as reg and define all your
>>> switch with for switch in location x normal vlan as vlan x and for location
>>> y normal vlan as vlan y.
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>> Le 2013-06-29 17:05, Dustin Schuemann a écrit :
>>>
>>> This is what I am trying to do.
>>>
>>> We have a 50 locations all running layer 3 down to the access layer.
>>> Currently everyone is on vlan x. When they trip our IPS we would like to
>>> move them to vlan y. I was thinking packetfence could do that. If the mac
>>> is in the database then when packetfence receives the linkup/mac snmp trap
>>> it would put the switchport in vlan y. This way it doesn't matter if they
>>> move from switch to switch.
>>>
>>>
>>> On Sat, Jun 29, 2013 at 4:09 PM, Tim DeNike <[email protected]> wrote:
>>>
>>>> Just use vlans on a single interface.
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On Jun 29, 2013, at 4:08 PM, Dustin Schuemann <[email protected]>
>>>> wrote:
>>>>
>>>> Do I have to forward the dhcp requests to packet fence or can I use
>>>> the auto register feature?
>>>> On Jun 29, 2013 3:01 PM, "Fabrice Durand" <[email protected]> wrote:
>>>>
>>>>> Hello Dustin,
>>>>> it could be done with the github branch
>>>>> https://github.com/inverse-inc/packetfence/tree/feature/iplog_accounting
>>>>>
>>>>> In fact you will use accounting information to fill out your database
>>>>> (probably have to add a function to add the device if it doesn't exist in
>>>>> the database) , declare your switch in the conf to as a production switch
>>>>> with all the parameter to interact with it and don't forget to forward the
>>>>> dhcp traffic to packetfence.
>>>>>
>>>>> With that way you will have a database with all your devices and where
>>>>> they are and will have the possibility to put them in the isolation vlan
>>>>> if
>>>>> you trigger manually a violation or automatically (snort, suricata,
>>>>> accounting violation ...)
>>>>>
>>>>> And of course it could be sponsored development.
>>>>>
>>>>> Regards
>>>>> Fabrice
>>>>>
>>>>>
>>>>> Le 2013-06-29 14:05, Dustin Schuemann a écrit :
>>>>>
>>>>> This can't be done just with the SNMP notifications. What I want to do
>>>>> is have a database of all the devices. If a device needs to be in the
>>>>> isolation vlan I would put it in there and then when the device is plugged
>>>>> in packet fence would set the vlan for that switch interface.
>>>>> On Jun 29, 2013 1:56 PM, "Fabrice Durand" <[email protected]> wrote:
>>>>>
>>>>>> Hello,
>>>>>> you mean without registration process and with an ids like snort ?
>>>>>>
>>>>>> If it that case, packetfence must have to know where the device is
>>>>>> (switch interface) and forward the dhcp traffic to packetfence to be able
>>>>>> for it to resolv mac by ip.
>>>>>> If you do that , it's possible.
>>>>>>
>>>>>>
>>>>>> Regards
>>>>>> Fabrice
>>>>>> Le 2013-06-29 13:26, Dustin Schuemann a écrit :
>>>>>>
>>>>>> Can packetfence use one interface? I only want to do vlan isolation
>>>>>> with MAC traps. Is this possible?
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> This SF.net email is sponsored by Windows:
>>>>>>
>>>>>> Build for Windows Store.
>>>>>> http://p.sf.net/sfu/windows-dev2dev
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> PacketFence-users mailing
>>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> This SF.net email is sponsored by Windows:
>>>>>>
>>>>>> Build for Windows Store.
>>>>>>
>>>>>> http://p.sf.net/sfu/windows-dev2dev
>>>>>> _______________________________________________
>>>>>> PacketFence-users mailing list
>>>>>> [email protected]
>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>
>>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> This SF.net email is sponsored by Windows:
>>>>>
>>>>> Build for Windows Store.
>>>>> http://p.sf.net/sfu/windows-dev2dev
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> PacketFence-users mailing
>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> This SF.net email is sponsored by Windows:
>>>>>
>>>>> Build for Windows Store.
>>>>>
>>>>> http://p.sf.net/sfu/windows-dev2dev
>>>>> _______________________________________________
>>>>> PacketFence-users mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF.net email is sponsored by Windows:
>>>>
>>>> Build for Windows Store.
>>>>
>>>> http://p.sf.net/sfu/windows-dev2dev
>>>>
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF.net email is sponsored by Windows:
>>>>
>>>> Build for Windows Store.
>>>>
>>>> http://p.sf.net/sfu/windows-dev2dev
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by Windows:
>>>
>>> Build for Windows Store.
>>> http://p.sf.net/sfu/windows-dev2dev
>>>
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing
>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by Windows:
>>>
>>> Build for Windows Store.
>>>
>>> http://p.sf.net/sfu/windows-dev2dev
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Windows:
>>
>> Build for Windows Store.
>> http://p.sf.net/sfu/windows-dev2dev
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Windows:
>>
>> Build for Windows Store.
>>
>> http://p.sf.net/sfu/windows-dev2dev
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
