I'm using the PF registration VLAN as the default on all switch ports,
and skipped setting up the MAC detection VLAN.
If you follow the directions for the Cisco 2960, the switch sends PF
notice that a new client is connected to the wired port. PF looks up
the MAC address, and then tells the switch what VLAN to put that port
onto. If the client isn't registered, PF tells the switch to put the
port onto the registration VLAN (or leaves it there in my case since
registration is my default). If it has outstanding violations, it gets
sent to the "naughty room" (isolation VLAN). If PF knows the device
and it's registered, it tells the switch to put the port onto whatever
the appropriate production network is based on client
role.
PF generally has direct connections to the registration and isolation
VLANs, and handles the DHCP for those two segments. PF does NOT talk
on your production networks, so you need to provide DHCP on those
VLANs. If you want PF to track IP address history on your production
VLANs, make sure that the Cisco DHCP helper also sends those packets
to PF in addition to your production DHCP server. (Put it at the end
of the DHCP server list in the switch.) PF will not hand out the
addresses on your production networks, but uses the DHCP packets to
track the IP addresses that are handed out by the production DHCP
servers.
Hope this helps to get you started...
-Arthur
-------------------------------------------------------------------------
Arthur Emerson III Email:
[email protected]<mailto:[email protected]>
Network Administrator InterNIC: AE81
Mount Saint Mary College MaBell: (845) 561-0800 Ext. 3109
330 Powell Ave. Fax: (845) 562-6762
Newburgh, NY 12550 SneakerNet: Aquinas Hall Room 11
From: Boris Epstein <[email protected]<mailto:[email protected]>>
Reply-To:
"[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>
Date: Wednesday, January 21, 2015 at 10:00 AM
To:
"[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>
Subject: Re: [PacketFence-users] DHCP on switch via DHCP helper
Arthur,
Thanks! This makes sense.
So let us say I have a VLAN on a switch that is the MAC detection VLAN. A
device gets plugged into it, the PF is notified by the SNMP - and then what? Or
should I automatically move that device to a different VLAN right away?
Boris.
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
