Arthur,
Thanks, this actually is very helpful. Do you have a sample switch/PF
configuration for your scenario that you could share?
Boris.
On Wed, Jan 21, 2015 at 10:22 AM, Arthur Emerson <[email protected]>
wrote:
> I'm using the PF registration VLAN as the default on all switch ports,
> and skipped setting up the MAC detection VLAN.
>
> If you follow the directions for the Cisco 2960, the switch sends PF
> notice that a new client is connected to the wired port. PF looks up
> the MAC address, and then tells the switch what VLAN to put that port
> onto. If the client isn't registered, PF tells the switch to put the
> port onto the registration VLAN (or leaves it there in my case since
> registration is my default). If it has outstanding violations, it gets
> sent to the "naughty room" (isolation VLAN). If PF knows the device
> and it's registered, it tells the switch to put the port onto whatever
> the appropriate production network is based on client
> role.
>
> PF generally has direct connections to the registration and isolation
> VLANs, and handles the DHCP for those two segments. PF does NOT talk
> on your production networks, so you need to provide DHCP on those
> VLANs. If you want PF to track IP address history on your production
> VLANs, make sure that the Cisco DHCP helper also sends those packets
> to PF in addition to your production DHCP server. (Put it at the end
> of the DHCP server list in the switch.) PF will not hand out the
> addresses on your production networks, but uses the DHCP packets to
> track the IP addresses that are handed out by the production DHCP
> servers.
>
> Hope this helps to get you started...
>
> -Arthur
>
> -------------------------------------------------------------------------
> Arthur Emerson III Email: [email protected]
> Network Administrator InterNIC: AE81
> Mount Saint Mary College MaBell: (845) 561-0800 Ext. 3109
> 330 Powell Ave. Fax: (845) 562-6762
> Newburgh, NY 12550 SneakerNet: Aquinas Hall Room 11
>
>
> From: Boris Epstein <[email protected]>
> Reply-To: "[email protected]" <
> [email protected]>
> Date: Wednesday, January 21, 2015 at 10:00 AM
> To: "[email protected]" <
> [email protected]>
> Subject: Re: [PacketFence-users] DHCP on switch via DHCP helper
>
> Arthur,
>
> Thanks! This makes sense.
>
> So let us say I have a VLAN on a switch that is the MAC detection VLAN.
> A device gets plugged into it, the PF is notified by the SNMP - and then
> what? Or should I automatically move that device to a different VLAN right
> away?
>
> Boris.
>
>
>
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
