Hello,
I'm actually trying to get VLANs working for the first time at one of our
sites. Right now I thought I'd "start small" and just do two Inline VLANs.
The problem is that while one of the VLANs seems to be working fine, the
other doesn't seem to work at all. As you can see in the config files, I
have VLANs 2 and 10. VLAN 10 works, whereas VLAN 2 gets DHCP and then
absolutely nothing. Seriously, once the IP is assigned I can't ping the
server, nor can the server ping the workstation.
The switch is an HP Procurve... both VLANs are tagged for the port going
into the server. The server is CentOS 6.4 running on Citrix XenServer.
I've also included the network-scripts in case those need some tweaking.
I'm sure I'm missing something simple as I haven't really done anything
with VLANs before. Any suggestions? Is there some fundamental thing I'm
getting wrong? Thanks for your help!
pf.conf
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=bfacademy.de
#
# general.hostname
#
# Hostname of PacketFence system. This is concatenated with the domain in
Apache rewriting rules and therefore must be resolvable by clients.
hostname=mspacketfence
#
# general.dnsservers
#
# Comma-delimited list of DNS servers. Passthroughs are created to allow
queries to these servers from even "trapped" nodes.
dnsservers=127.0.0.1,208.67.222.222,208.67.220.220
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers. Passthroughs are created to allow
DHCP transactions from even "trapped" nodes.
dhcpservers=127.0.0.1,192.168.2.1,192.168.10.1
#
# general.timezone
#
# System's timezone in string format. Supported list:
# http://www.php.net/manual/en/timezones.php
timezone=Europe/Berlin
[trapping]
registration=enabled
#
# trapping.range
#
# Comma-delimited list of address ranges/CIDR blocks that PacketFence will
monitor/detect/trap on. Gateway, network, and
# broadcast addresses are ignored.
range=192.168.2.0/24,192.168.10.0/24
#
# trapping.redirecturl
#
# Default URL to redirect to on registration/mitigation release.
#
redirecturl=http://www.bfacademy.com
#
# trapping.detection
#
# Enables snort-based worm detection. If you don't have a span interface
available, don't bother enabling it. If you do,
# you'll most definately want this on.
detection=enabled
#
# trapping.passthrough
#
# When enabled, pfdns will resolve the real IP addresses of passthroughs
and add them in the ipset session to give access
# to trapped devices. Don?t forget to enable ip_forward on your server.
passthrough=enabled
#
# trapping.passthroughs
#
# Comma-delimited list of domains to be used as HTTP and HTTPS passthroughs
to web sites.
#
passthroughs=accounts.google.com
[registration]
#
# registration.range
#
#
range=192.168.2.0/24,192.168.10.0/24
[guests_admin_registration]
#
# guests_admin_registration.access_duration_choices
#
# These are all the choices offered in the guest management interface as
# possible access duration values for a given registration.
access_duration_choices=1D,2D,3D,5D,1W,2W
#
# guests_admin_registration.default_access_duration
#
# This is the default access duration value selected in the dropdown on the
# guest management interface.
default_access_duration=1W
[alerting]
#
# alerting.emailaddr
#
# Email address to which notifications of rogue DHCP servers, violations
with an action of "email", or any other
# PacketFence-related message goes to.
emailaddr=i...@bfacademy.de
[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
pass=validpassword
[captive_portal]
#
# captive_portal.network_detection
#
# Enable or not the network detection feature after registration
network_detection=disabled
#
# captive_portal.network_detection_ip
#
# This IP is used as the webserver who hosts the
common/network-access-detection.gif which is used to detect if network
# access was enabled.
# It cannot be a domain name since it is used in registration or quarantine
where DNS is blackholed.
# It is recommended that you allow your users to reach your packetfence
server and put your LAN's PacketFence IP.
# By default we will make this reach PacketFence's website as an easy
solution.
#
network_detection_ip=192.168.100.100
[inline]
interfaceSNAT=eth1
[webservices]
user=admin
pass=validpassword
[interface eth0]
mask=255.255.255.0
type=management
enforcement=inline
gateway=192.168.0.1
ip=192.168.0.1
[interface eth0.2]
mask=255.255.255.0
type=internal
enforcement=inline
gateway=192.168.2.1
ip=192.168.2.1
[interface eth0.10]
mask=255.255.255.0
type=internal
enforcement=inline
gateway=192.168.10.1
ip=192.168.10.1
[interface eth1]
mask=255.255.255.0
type=monitor
gateway=192.168.100.1
ip=192.168.100.100
networks.conf
[192.168.2.0]
netmask=255.255.255.0
gateway=192.168.2.1
next_hop=192.168.2.254
domain-name=inlinestu.mspacketfence.bfacademy.de
dns=208.67.220.220
dhcp_start=192.168.2.10
dhcp_end=192.168.2.200
dhcp_default_lease_time=300
dhcp_max_lease_time=600
type=inline
named=enabled
dhcpd=enabled
[192.168.10.0]
netmask=255.255.255.0
gateway=192.168.10.1
next_hop=
domain-name=inlinesta.mspacketfence.bfacademy.de
dns=208.67.220.220
dhcp_start=192.168.10.10
dhcp_end=192.168.10.224
dhcp_default_lease_time=300
dhcp_max_lease_time=600
type=inline
named=enabled
dhcpd=enabled
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BROADCAST=192.168.0.255
IPADDR=192.168.0.1
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes
TYPE=ETHERNET
/etc/sysconfig/network-scripts/ifcfg-eth0.2
DEVICE=eth0.2
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.2.1
NETMASK=255.255.255.0
VLAN=yes
/etc/sysconfig/network-scripts/ifcfg-eth0.10
DEVICE=eth0.10
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.10.1
NETMASK=255.255.255.0
VLAN=yes
/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.100.100
BROADCAST=192.168.100.255
NETMASK=255.255.255.0
NETWORK=192.168.100.0
GATEWAY=192.168.100.1
DNS1=208.67.220.220
TYPE=ETHERNET
Joshua Nathan
IT Administrator
Black Forest Academy
+49 (0) 7626-916123
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
