On May 1, 2015, at 15:20 , mourik jan heupink <[email protected]> wrote:
> So, in our case: our idea is to start using packetfence with vlan
> enforcement (currently we're only doing inline).
>
> You are saying that in a new case, new setup, hp procurve 5400 switch,
> samba4 active directory, using port security is NOT the way to go, and
> we better look into radius?
Yes.
Port security (and really any SNMP based methods) are a poor man’s way of
managing authentication.
Don’t do it if you can do RADIUS (which you can).
Same goes for inline mode by the way.
You should not be using it if your networking equipment supports VLANs.
Inline was only designed for people who have older gear that just won’t do
RADIUS based VLAN assignments.
Radius dynamic VLAN assignment works well, scales better, is not a single point
of failure and is more secure.
Do yourselves a favor and use it.
There have even been discussion about when we can finally deprecate SNMP based
authentication methods.
That day is coming as even RADIUS is beginning to get old with some of the
newer features supported by modern networking equipment.
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
