If I am not mistaken (no packetfence staff) you have to configure 801.x and
MAC Auth so no direct modifications of the port are needed. The port will
be in unauthorised state, until the radius server, (bundled with
packetfence) will tell the switch it s OK and the port will be put by
packetfence in the right vlan.
Nicolas Gailly
On 20 Apr 2015 15:21, "Tal Bar-Or" <[email protected]> wrote:
> Thanks Fabrice for the answer, :-)
>
> As for vlan config , how should i set the vlans , in case i want to leave
> ports in actual config "Untagged" and still have control of them , and what
> else should i set with Packetfence and on the switch side
>
> Cheers
> Thanks
>
>
> On Mon, Apr 20, 2015 at 3:55 PM, Fabrice DURAND <[email protected]>
> wrote:
>
>> Hi Tal,
>>
>> Le 2015-04-19 14:29, Tal Bar-Or a écrit :
>> >
>> > Hello All,
>> >
>> > I am in the process of validating PacketFence and few other product
>> > like MS NPS,OpenNac
>> >
>> > Whats i am interested at most is three scenarios that can do isolation
>> > to designated VLAN but i am not yet ready to turn all our users
>> > switch port to dot1x authentication right away , since i have mass of
>> > equipment and each switch have some users on each 4 users Vlan we got
>> > as Unttaged , at the first step as follows below , mostly interested
>> > with virus detection and isolation for existing static ports
>> > configured as untagged.
>> >
>> > First scenario : We have Symantec endpoint protection AV and we would
>> > like to have isolation in case of
>> >
>> > * client infection
>> > * AV not installed
>> >
>> Let's configure packetfence with Symantec endoint :
>>
>> http://inverse.ca/downloads/PacketFence/doc/PacketFence_SEPM_Quick_Install_Guide-5.0.0.pdf
>>
>> > Second scenario: Our organization firewalls(Pfsesnce) have ids Snort
>> > based capable of sending syslog alert ,unified, SQL log alert, we
>> > would like to have ability to inform some how Packetfence server
>> > with violating IP and have it VLAN isolated , again first step most
>> > users still have static port Untagged .
>> >
>> We have a pfdetect remote that send the snort/suricata event to
>> packetfence.
>> >
>> > Third Scenario: unknown device attached to socket wall conf room or
>> > somewhere else, for those ports only we would like to use dot1x
>> > authentication will be isolated .
>> >
>> if the username and password is wrong then they will never be able to
>> connect.
>>
>> > Another point is that Most of network equipment are based on HP
>> > Procurve 2910al ,2920 ,1900
>> >
>> perfect
>> >
>> > My question to you PacketFence experts is possible with given above
>> > scenarios?
>> >
>> > Please advice
>> >
>> > Thanks
>> >
>> >
>> >
>> > --
>> > Tal Bar-or
>> >
>> >
>> >
>> ------------------------------------------------------------------------------
>> > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> > Develop your own process in accordance with the BPMN 2 standard
>> > Learn Process modeling best practices with Bonita BPM through live
>> exercises
>> > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>> > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> >
>> >
>> > _______________________________________________
>> > PacketFence-users mailing list
>> > [email protected]
>> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>> Regards
>> Fabrice
>>
>> --
>> Fabrice Durand
>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through live
>> exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> --
> Tal Bar-or
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live
> exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
