Hello Minh,your packetfence config looks ok, now next step is to configure your cisco switch, so let's check the documentation:
https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc#cisco
If your cisco switch support MAB then use it and let's configure only one port for the test.
On the packetfence side add a new switch, select Voip enabled, configure the role (registration: 210, isolation: 220, voip: 124, default: 123), radius secret, snmp v2c and set the community read and write. (btw enable snmp on the cisco switch too).
So now if you plug a device in the test switch port a radius request will go on packetfence server (radius server 10.126.122.27) and pf will answer the registration vlan (210). You will hit the portal (you can create a portal profile base with a filter like switch ip) and register on a authentication source and pf will return the vlan id based on the role the authentication source set based on the rules.
For iphone, if you plug it in the switch port then packetfence will try to know if it's an ipphone by doing an snmp read on the cdp/lldp mib and if the flag is on then packetfence will answer a specific radius attribute to tell the switch to use the voip vlan configured on the switch port (switch port voice vlan 124).
For printer you can create a violation based on the dhcp fingerprint, like if packetfence detect that it's a printer then register the device and set the role to printer (of course add a new category and assign the correct vlan id to the role in the switch config).
For the wifi it's the same workflow (it depend of your AP) but if it support Mac auth then folow the configuration and create a portal profile with ssid filter = your ssid and add the sponsor source.
Btw you will probably have to add a Active Directory auth source and set rule that will set a role as default , an access duration to 1W and add a Mark as Sponsor (for wifi sponsor).
Regards Fabrice Le 2015-03-14 05:23, Minh Trung a écrit :
Hello experts, I am newbie. My network as attached file and i suggested i should use PF as Vlan enforcement. My infrastructure already has: Vlan122: Servers (including PF server, pf is vmware) Vlan123: Office Users (PCs, Desktops, IP Phone, Printer) Vlan124: Telephone Vlan:125 Firewall Vlan126: Access Door ......... I already own DNS, DHCP by Windows server Vlan123 will be DHCP via Windows Server 2008 Now i want PF only apply for Vlan123, how to do that and which method i should use to authenticate for all Users, IP phone, Printer (This Vlan used wired)? I also plan used wifi in case visitor come to work, which authenticate method should i used in this case? On PF server already created 2 Vlan Registration and Isolation. These are config file that PF generated: *#pf.conf:[interface eth0]ip=10.126.122.27 --> my IP address's PF server type=managementmask=255.255.255.0[interface eth0.210]enforcement=vlanip=10.126.210.1type=internalmask=255.255.255.0[interface eth0.220]enforcement=vlanip=10.126.220.1type=internalmask=255.255.255.0* *And network.conf:[10.126.210.0]dns=10.126.210.1dhcp_start=10.126.210.10gateway=10.126.210.1domain-name=vlan-registration.globalnat_enabled=disablednamed=enableddhcp_max_lease_time=30fake_mac_enabled=disableddhcpd=enableddhcp_end=10.126.210.246type=vlan-registrationnetmask=255.255.255.0dhcp_default_lease_time=30[10.126.220.0]dns=10.126.220.1dhcp_start=10.126.220.10gateway=10.126.220.1domain-name=vlan-isolation.globalnat_enabled=disablednamed=enableddhcp_max_lease_time=30fake_mac_enabled=disableddhcpd=enableddhcp_end=10.126.220.246type=vlan-isolationnetmask=255.255.255.0dhcp_default_lease_time=30* What are the next step i should to do to apply PF for Vlan123 while many devices in this vlan. How to configuration of my Cisco switches look like? I have still many confused here. Hope someone can make me clearly. Any help is very very appreciated, Best regards, ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
