I am trying to set up PacketFence for guest wireless users so they can register via email or SMS. I was able to get this working on a test network with a very simple design where the vlan was locally reachable by both the wireless controller and the PacketFence server. However, in production we have a different setup with multiple Cisco 5508 controllers running 7.6.130.0. A couple controllers are on the LAN and another is outside a firewall in a DMZ. The controller in the DMZ operates as a guest anchor controller, so clients connecting to the guest SSID have their traffic tunneled from the controllers on the LAN to the controller on the DMZ. In this way, client traffic is originated from the DMZ. This works great using the Cisco captive portal, but we want to transition to PacketFence in order to provide self-service guest wireless registrations with unique credentials.
I have created a test SSID according to the instructions for ³Wireless LAN Controller (WLC) Web Auth² on pages 79-83 of the Network Devices Configuration Guide and have opened up RADIUS traffic from the DMZ controller to the PacketFence server. The Web Auth setup made sense in the test network with a local VLAN, but I¹m not sure how to get this working with a guest anchor controller. The guest controller provides DHCP services for the clients and since it is in a DMZ, there is no place to provide an ³ip helper² address to forward DHCP info to the PacketFence server. Maybe this isn¹t necessary with the Web Auth model. Also, I¹m not sure what to use as a captive portal address. Should I just create a registration vlan and point to the PacketFence address on that VLAN. Originally, I was trying to point this to the management IP address of the PacketFence server, but that does not seem to be working. Also, do I need to set up a routed registration vlan so PacketFence recognizes that clients with IP addresses from the DMZ need to be registered? Does anyone else have this type of setup working? Any help would be greatly appreciated. Thanks, _______________________________________ Chris Mielke | Lead, ISS Network Systems Drake Technology Services (DTS) | Drake University T 515.271.4640 E [email protected] ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
