On Mar 17, 2015, at 16:30 , Boris Epstein <[email protected]> wrote:
> Hello Louis,
>
> Absolutely we can consider using 802.1x on our switches. What are the main
> advantages of that approach as far as PF is concerned? How do I get started?
Hi Boris,
In short, the advantages are:
It’s more secure (i.e. you can use EAP and encrypt the connection, you are not
relying on a MAC that can be spoofed etc.),
It uses less resources on PacketFence (the RADIUS server is much more efficient
than pfsetvlan) and
It is more reliable (there is no need to act on disconnection as all
connections will be authenticated regardless of the previous state of the port).
A good start would be the relevant parts of the network devices configuration
guide, page 18-20 or so:
http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Devices_Configuration_Guide-4.7.0.pdf
Best regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
