Thanks ALL for the answer ,
Sorry to bother again with this topic , but i need to understand the
concept :-)
I have on my LAN 3 users VLAN'S 17 18 19 , should i set in pfence Nic for
each vlan?
On the switch side how specific config set for Procuve 2910,20 toward
Pfence 801.x and MAC Auth ?
Thanks for the patience :-)
On Mon, Apr 20, 2015 at 4:26 PM, Nicolas Gailly <[email protected]> wrote:
> If I am not mistaken (no packetfence staff) you have to configure 801.x
> and MAC Auth so no direct modifications of the port are needed. The port
> will be in unauthorised state, until the radius server, (bundled with
> packetfence) will tell the switch it s OK and the port will be put by
> packetfence in the right vlan.
>
> Nicolas Gailly
> On 20 Apr 2015 15:21, "Tal Bar-Or" <[email protected]> wrote:
>
>> Thanks Fabrice for the answer, :-)
>>
>> As for vlan config , how should i set the vlans , in case i want to leave
>> ports in actual config "Untagged" and still have control of them , and what
>> else should i set with Packetfence and on the switch side
>>
>> Cheers
>> Thanks
>>
>>
>> On Mon, Apr 20, 2015 at 3:55 PM, Fabrice DURAND <[email protected]>
>> wrote:
>>
>>> Hi Tal,
>>>
>>> Le 2015-04-19 14:29, Tal Bar-Or a écrit :
>>> >
>>> > Hello All,
>>> >
>>> > I am in the process of validating PacketFence and few other product
>>> > like MS NPS,OpenNac
>>> >
>>> > Whats i am interested at most is three scenarios that can do isolation
>>> > to designated VLAN but i am not yet ready to turn all our users
>>> > switch port to dot1x authentication right away , since i have mass of
>>> > equipment and each switch have some users on each 4 users Vlan we got
>>> > as Unttaged , at the first step as follows below , mostly interested
>>> > with virus detection and isolation for existing static ports
>>> > configured as untagged.
>>> >
>>> > First scenario : We have Symantec endpoint protection AV and we would
>>> > like to have isolation in case of
>>> >
>>> > * client infection
>>> > * AV not installed
>>> >
>>> Let's configure packetfence with Symantec endoint :
>>>
>>> http://inverse.ca/downloads/PacketFence/doc/PacketFence_SEPM_Quick_Install_Guide-5.0.0.pdf
>>>
>>> > Second scenario: Our organization firewalls(Pfsesnce) have ids Snort
>>> > based capable of sending syslog alert ,unified, SQL log alert, we
>>> > would like to have ability to inform some how Packetfence server
>>> > with violating IP and have it VLAN isolated , again first step most
>>> > users still have static port Untagged .
>>> >
>>> We have a pfdetect remote that send the snort/suricata event to
>>> packetfence.
>>> >
>>> > Third Scenario: unknown device attached to socket wall conf room or
>>> > somewhere else, for those ports only we would like to use dot1x
>>> > authentication will be isolated .
>>> >
>>> if the username and password is wrong then they will never be able to
>>> connect.
>>>
>>> > Another point is that Most of network equipment are based on HP
>>> > Procurve 2910al ,2920 ,1900
>>> >
>>> perfect
>>> >
>>> > My question to you PacketFence experts is possible with given above
>>> > scenarios?
>>> >
>>> > Please advice
>>> >
>>> > Thanks
>>> >
>>> >
>>> >
>>> > --
>>> > Tal Bar-or
>>> >
>>> >
>>> >
>>> ------------------------------------------------------------------------------
>>> > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>> > Develop your own process in accordance with the BPMN 2 standard
>>> > Learn Process modeling best practices with Bonita BPM through live
>>> exercises
>>> > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>> event?utm_
>>> > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>> >
>>> >
>>> > _______________________________________________
>>> > PacketFence-users mailing list
>>> > [email protected]
>>> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>> Regards
>>> Fabrice
>>>
>>> --
>>> Fabrice Durand
>>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
>>> PacketFence (http://packetfence.org)
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>> Develop your own process in accordance with the BPMN 2 standard
>>> Learn Process modeling best practices with Bonita BPM through live
>>> exercises
>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>> event?utm_
>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> --
>> Tal Bar-or
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through live
>> exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live
> exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Tal Bar-or
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
