I have no idea how the formatting will look in various email clients. It looked
good in notepad and will hopefully help...or, it will be a garbled mess.
--------
| Client |
--------
|
|
------------- -----------
| LAN |-------| PF Server | 10.x.x.x
------------- -----------
|
|
---------
| LAN WLC | Client connects to AP on this controller
---------
| |
| |
| | <---Wireless session tunneled to DMZ controller
| | |
| | |
---------- | ---------
| | \/ | |
| Firewall |--------------| DMZ WLC | WLC Serves DHCP (192.168.x.x). Client
traffic originates from here.
| |--------------| |
---------- RADIUS to PF ---------
|
|
----------
| Internet |
----------
Thanks,
_______________________________________
Chris Mielke | Lead, ISS Network Systems
Drake Technology Services (DTS) | Drake University
T 515.271.4640
E [email protected]
________________________________________
From: Sallee, Jake <[email protected]>
Sent: Monday, November 03, 2014 9:57 AM
To: [email protected]
Subject: Re: [PacketFence-users] Portal access from a guest anchor controller
in DMZ
That's a pretty neat setup. I am having a little bit of trouble visualizing it
though. Would it be possible for you to post a simple (and sanitized) diagram?
I think I know what you are asking about but I want to make sure.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
________________________________________
From: Christopher Mielke [[email protected]]
Sent: Monday, November 03, 2014 9:15 AM
To: [email protected]
Subject: [PacketFence-users] Portal access from a guest anchor controller in
DMZ
I am trying to set up PacketFence for guest wireless users so they can
register via email or SMS. I was able to get this working on a test
network with a very simple design where the vlan was locally reachable by
both the wireless controller and the PacketFence server. However, in
production we have a different setup with multiple Cisco 5508 controllers
running 7.6.130.0. A couple controllers are on the LAN and another is
outside a firewall in a DMZ. The controller in the DMZ operates as a guest
anchor controller, so clients connecting to the guest SSID have their
traffic tunneled from the controllers on the LAN to the controller on the
DMZ. In this way, client traffic is originated from the DMZ. This works
great using the Cisco captive portal, but we want to transition to
PacketFence in order to provide self-service guest wireless registrations
with unique credentials.
I have created a test SSID according to the instructions for ³Wireless LAN
Controller (WLC) Web Auth² on pages 79-83 of the Network Devices
Configuration Guide and have opened up RADIUS traffic from the DMZ
controller to the PacketFence server. The Web Auth setup made sense in
the test network with a local VLAN, but I¹m not sure how to get this
working with a guest anchor controller. The guest controller provides DHCP
services for the clients and since it is in a DMZ, there is no place to
provide an ³ip helper² address to forward DHCP info to the PacketFence
server. Maybe this isn¹t necessary with the Web Auth model. Also, I¹m not
sure what to use as a captive portal address. Should I just create a
registration vlan and point to the PacketFence address on that VLAN.
Originally, I was trying to point this to the management IP address of the
PacketFence server, but that does not seem to be working. Also, do I need
to set up a routed registration vlan so PacketFence recognizes that
clients with IP addresses from the DMZ need to be registered?
Does anyone else have this type of setup working? Any help would be
greatly appreciated.
Thanks,
_______________________________________
Chris Mielke | Lead, ISS Network Systems
Drake Technology Services (DTS) | Drake University
T 515.271.4640
E [email protected]
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
