If you don't want to create vlan on packetfence side then you must have an interface for each vlans.
per example: eth0 (mgmt, pf side) <-> switch port vlan access 1 eth1 (reg, pf side) <-> switch port vlan access 20 eth2 (isol, pf side) <-> switch port vlan access 30 ... Regards Fabrice Le 2015-04-20 09:06, Tal Bar-Or a écrit : > Thanks Fabrice for the answer, :-) > > As for vlan config , how should i set the vlans , in case i want to > leave ports in actual config "Untagged" and still have control of them > , and what else should i set with Packetfence and on the switch side > > Cheers > Thanks > > > > > On Mon, Apr 20, 2015 at 3:55 PM, Fabrice DURAND <[email protected] > <mailto:[email protected]>> wrote: > > Hi Tal, > > Le 2015-04-19 14:29, Tal Bar-Or a écrit : > > > > Hello All, > > > > I am in the process of validating PacketFence and few other product > > like MS NPS,OpenNac > > > > Whats i am interested at most is three scenarios that can do > isolation > > to designated VLAN but i am not yet ready to turn all our users > > switch port to dot1x authentication right away , since i have > mass of > > equipment and each switch have some users on each 4 users Vlan > we got > > as Unttaged , at the first step as follows below , mostly interested > > with virus detection and isolation for existing static ports > > configured as untagged. > > > > First scenario : We have Symantec endpoint protection AV and we > would > > like to have isolation in case of > > > > * client infection > > * AV not installed > > > Let's configure packetfence with Symantec endoint : > > http://inverse.ca/downloads/PacketFence/doc/PacketFence_SEPM_Quick_Install_Guide-5.0.0.pdf > > > Second scenario: Our organization firewalls(Pfsesnce) have ids Snort > > based capable of sending syslog alert ,unified, SQL log alert, we > > would like to have ability to inform some how Packetfence server > > with violating IP and have it VLAN isolated , again first step most > > users still have static port Untagged . > > > We have a pfdetect remote that send the snort/suricata event to > packetfence. > > > > Third Scenario: unknown device attached to socket wall conf room or > > somewhere else, for those ports only we would like to use dot1x > > authentication will be isolated . > > > if the username and password is wrong then they will never be able to > connect. > > > Another point is that Most of network equipment are based on HP > > Procurve 2910al ,2920 ,1900 > > > perfect > > > > My question to you PacketFence experts is possible with given above > > scenarios? > > > > Please advice > > > > Thanks > > > > > > > > -- > > Tal Bar-or > > > > > > > > ------------------------------------------------------------------------------ > > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > > Develop your own process in accordance with the BPMN 2 standard > > Learn Process modeling best practices with Bonita BPM through > live exercises > > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- > event?utm_ > > > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > > > > > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > <mailto:[email protected]> > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > Regards > Fabrice > > -- > Fabrice Durand > [email protected] <mailto:[email protected]> :: +1.514.447.4918 > <tel:%2B1.514.447.4918> (x135) :: www.inverse.ca > <http://www.inverse.ca> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and > PacketFence (http://packetfence.org) > > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live > exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- > event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > PacketFence-users mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > -- > Tal Bar-or > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
