Hi Derek, > Everything is possible, we just need to take the time to do it ! Sure thing is that modifications to fit a > particular use case may be more difficult to port on upgrade compared to a vanilla installation without customization. > One thing tho is that we try to make all the customization on a configuration land… That way, the codebase > is not impacted but that is not always possible (even if I just said that everything is possible ;))
Herein lines my conundrum. If we migrate from our own solution to another, I don't want to break the new solution and make upgrades difficult. The main reason I'm considering migrating is to move to something that is constantly being developed, whereas we've got a bit stale with our own development. We totally appreciate that no commercial or public solution is going to match exactly our workflow, but at the same time we've got staff who've used the currently solution for 10+ years who we will need to retrain, so trying to minimise the change in the workflow will aid in a successful adoption of an alternative solution from their perspective. > What do you mean by “add/delete VLANs as a tenant comes and goes” ? > Regarding the individual user account for each device being signed into that VLAN, PacketFence assign a > user account for each device being signed in on the network since it is the purpose of the NAC. We can limit > the number of device per user account used to register a device. In the current solution we have allocated 20 VLANs in the config that can be used. Vlan 220-239. As a new tenant comes into the facility, the user "Adds a VLAN", which selects the next available/unused vlan id. Once the VLAN has been created (used), they can then add user accounts to that vlan, which the tenants will then use to authorise their devices from the logon vlan into their respective tenancy vlan. When a tenant leaves, we delete the vlan - which really only removes all devices from the vlan (and database). There's no reason why those 20 VLANs couldn't always be active, and as a tenant comes in we just say "VLAN 220 is owned by Client XYZ" somewhere in the system, so staff can quickly identify who is what. > Since it is your very own custom developed app, it sure does exactly what you want it to do. The PacketFence > web GUI doesn’t behave that way tho. We are listing all the devices that have been seen on the different > networks PacketFence manage and allow the admin to query the info for these devices. Is it possible to create a new view that displays all devices, and their user details (combined) in a particular VLAN (for example) ? > The registration workflow is almost the same. It is also, very easy to customize to fits your needs. Is it also possible to make some of the fields when creating a user NOT needed? ie: the registration window, the expiry date and the email address field? We won't know WHO the user account is being used by - it's just randomly assigned. As for the expiry and registration fields, we would deregister the accounts as we are advised the person (device) leaves the network, or when we decommission the entire vlan (tenant). > Like said before, modifications are fairly easy to do. Sure thing, it will have to be ported on upgrades… > Modifications to the registration workflow is something we usually see at all client sites. > Modifications to the web GUI is less frequent and may require a little bit more work. > > I think the best way for you to see how PacketFence behave and if it can fits your needs would be to give it a try, > which is fairly easy by spinning a ZEN appliance. > http://www.packetfence.org/download/zen.html We're running PacketFence side by side in our test lab so we can get a feel for it, which is why we've come up with these queries. :) Just to paint a visual picture, here are some screenshots from our existing solution Display all active VLANs page: https://www.dropbox.com/s/xners400x54hui8/vlans-display-page.png?dl=0 Display devices registered within an active VLAN (registered users use a u/p to register their device; manual devices are typically printers that we see in the logon vlan and manually assign to a vlan): https://www.dropbox.com/s/jf5ka4qlpsn7ajk/vlan- devices-page.png?dl=0 Create a new VLAN page: https://www.dropbox.com/s/oamrl4qdkupdlaz/new- vlan-page.png?dl=0 As mentioned, the process of creating a VLAN is really not that important. More so is the ability to create a view that displays all users/devices in a specific VLAN. I know I can do a filtered search, where the role is the vlan id (we're using this in our test facility), but some users may struggle with this extra step. Thanks for your feedback :) ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
