Your desired setup sounds like how I have mine setup. Nothing touches
packet fence at L2. I setup VRFs in our switches/routers and route the
registration/isolation vlans back to PF. Some over VPN connections, some
over fiber, some over metro ethernet/GRE tunnels, some via MPLS VRFs.... I
run OSPF on both my PF boxes back into the VRF, then out to our main campus
via the PF management interface. This allows our IT department to access
devices in the registration or isolation networks but keeping them away
from the rest of campus.
On Fri, Jan 9, 2015 at 2:38 PM, Tim DeNike <[email protected]> wrote:
> Yes... And thats determined by the role, not the vlans configured on the
> interfaces.
>
> On Fri, Jan 9, 2015 at 1:35 PM, Boris Epstein <[email protected]>
> wrote:
>
>> Tim,
>>
>> True enough - but given that there may be more than one - doesn't the PF
>> server need to be aware of them and know how to tell the switch involved
>> which VLAN to put the node in?
>>
>> Boris.
>>
>> On Fri, Jan 9, 2015 at 1:27 PM, Tim DeNike <[email protected]> wrote:
>>
>>> Because a production vlan, in most instances, won't ever touch the
>>> packet fence server. So it doesn't NEED to have one configured.
>>>
>>> On Fri, Jan 9, 2015 at 1:16 PM, Boris Epstein <[email protected]>
>>> wrote:
>>>
>>>> Chris,
>>>>
>>>> 100%. I should have said "one or more production networks".
>>>>
>>>> Boris.
>>>>
>>>> On Fri, Jan 9, 2015 at 12:27 PM, Chris Chance <[email protected]>
>>>> wrote:
>>>>
>>>>> Because their can be multiple production clans such as an
>>>>> infrastructure vlan a customer vlan a staff vlan or whatever your specific
>>>>> network requires.
>>>>>
>>>>> Authorized clients don't necessarily get sent to the same areas just
>>>>> because they are allowed access.
>>>>> On Jan 9, 2015 12:51 PM, "Boris Epstein" <[email protected]> wrote:
>>>>>
>>>>>> Hello all,
>>>>>>
>>>>>> This is just to compare notes and make sure the way I do things is in
>>>>>> line with the conventions. So here is how I understand things.
>>>>>>
>>>>>> "Registration VLAN" is where newly plugged in devices are assigned,
>>>>>> until they are deemed secure and allowed to join the production network.
>>>>>>
>>>>>> "Isolation VLAN" is where suspect devices (those believed to be
>>>>>> virus-infected, for instance) are relegated to.
>>>>>>
>>>>>> "Management VLAN" is a network used for management purposes (to
>>>>>> communicate to switches, etc.)
>>>>>>
>>>>>> Here is what I don't quite understand.
>>>>>>
>>>>>> 1) Why is a "Production VLAN" not mandated?
>>>>>>
>>>>>> 2) How does one designate it on the switch level as a VLAN to put
>>>>>> production-ready devices in (i.e., OK, MAC address so-and-so on port 10
>>>>>> is
>>>>>> good, switch it to the "Production VLAN" and let is access the internet)?
>>>>>>
>>>>>> Thanks in advance for your help.
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> Boris.
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> Dive into the World of Parallel Programming! The Go Parallel Website,
>>>>>> sponsored by Intel and developed in partnership with Slashdot Media,
>>>>>> is your
>>>>>> hub for all things parallel software development, from weekly thought
>>>>>> leadership blogs to news, videos, case studies, tutorials and more.
>>>>>> Take a
>>>>>> look and join the conversation now. http://goparallel.sourceforge.net
>>>>>> _______________________________________________
>>>>>> PacketFence-users mailing list
>>>>>> [email protected]
>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>
>>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Dive into the World of Parallel Programming! The Go Parallel Website,
>>>>> sponsored by Intel and developed in partnership with Slashdot Media,
>>>>> is your
>>>>> hub for all things parallel software development, from weekly thought
>>>>> leadership blogs to news, videos, case studies, tutorials and more.
>>>>> Take a
>>>>> look and join the conversation now. http://goparallel.sourceforge.net
>>>>> _______________________________________________
>>>>> PacketFence-users mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Dive into the World of Parallel Programming! The Go Parallel Website,
>>>> sponsored by Intel and developed in partnership with Slashdot Media, is
>>>> your
>>>> hub for all things parallel software development, from weekly thought
>>>> leadership blogs to news, videos, case studies, tutorials and more.
>>>> Take a
>>>> look and join the conversation now. http://goparallel.sourceforge.net
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming! The Go Parallel Website,
>>> sponsored by Intel and developed in partnership with Slashdot Media, is
>>> your
>>> hub for all things parallel software development, from weekly thought
>>> leadership blogs to news, videos, case studies, tutorials and more. Take
>>> a
>>> look and join the conversation now. http://goparallel.sourceforge.net
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming! The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is
>> your
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>> look and join the conversation now. http://goparallel.sourceforge.net
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
