Hello Jake,
Thanks for your reply. It was very helpful.
What you are saying does not contradict what I am saying, it seems. Your
faculty/staff and student and guest VLAN's are just different production
VLAN's. I think my point still stands - you do need to mandate at least one
production VLAN. I guess I should have worded my point better by saying
"one or more".
What automatic mechanisms can I use to assign users to a certain production
VLAN based on who they are - i.e., criteria such as which switch they
connect to, or their user ID - or other criteria?
Cheers,
Boris.
On Fri, Jan 9, 2015 at 11:57 AM, Sallee, Jake <[email protected]> wrote:
> > 1) Why is a "Production VLAN" not mandated?
>
> Many users have multiple vlans that users can be put into, I have
> faculty/staff, students, guests, etc. Each gets put into a separate vlan
> with its own set of restrictions.
>
> That's why when you setup a new role in PF you will find a vlan designator
> available for that role for every switch in your config.
>
> > How does one designate it on the switch level as a VLAN to put
> production-ready devices in...
>
> In the web admin GUI you can go to config -> switches and select the
> switch you want. under the ROLES section you will finde blanks for each
> role a node on that switch can be assigned. put the vlan id on the
> corresponding role.
>
> When the node's access is evaluated they will be assigned a role, PF will
> the lookup the vlan based on the combination of role and switch id. Viola!
>
> Hope that helps.
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
> WWW.UMHB.EDU
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
> ________________________________
> From: Boris Epstein [[email protected]]
> Sent: Friday, January 09, 2015 10:48 AM
> To: [email protected]
> Subject: [PacketFence-users] proper VLAN assignment
>
> Hello all,
>
> This is just to compare notes and make sure the way I do things is in line
> with the conventions. So here is how I understand things.
>
> "Registration VLAN" is where newly plugged in devices are assigned, until
> they are deemed secure and allowed to join the production network.
>
> "Isolation VLAN" is where suspect devices (those believed to be
> virus-infected, for instance) are relegated to.
>
> "Management VLAN" is a network used for management purposes (to
> communicate to switches, etc.)
>
> Here is what I don't quite understand.
>
> 1) Why is a "Production VLAN" not mandated?
>
> 2) How does one designate it on the switch level as a VLAN to put
> production-ready devices in (i.e., OK, MAC address so-and-so on port 10 is
> good, switch it to the "Production VLAN" and let is access the internet)?
>
> Thanks in advance for your help.
>
> Cheers,
>
> Boris.
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
