On May 2, 2015, at 6:52 , mourik jan heupink <[email protected]> wrote:
> Hi Louis, > > On 05/01/2015 09:33 PM, Louis Munro wrote: >> Radius dynamic VLAN assignment works well, scales better, is not a >> single point of failure and is more secure. >> Do yourselves a favor and use it. > Ok, will do. Just wondering: why would radius not be a single point of > failure? It runs on pf, so if packetfence is down -> radius is down -> > no network, right? To be clear, I was comparing out of band vs inline in that specific case. In inline mode if your PacketFence server goes down you are left without network access at all. In out of band mode anything already authorized will still have access, which would be the case for most devices on a wired network like yours, giving you some breathing room while you fix the problem. But there is a larger point to be made that RADIUS is also easier in general to scale out and make redundant than SNMP. I have a client that lost all connectivity to a datacenter last week (where their PF was hosted). They kept on going normally until that was fixed a few hours later because they had a completely redundant PF setup behind two FreeRADIUS load balancers, one in each DC. While that might have been possible with port security, it was easy with RADIUS. Easy is good. This thread is getting off topic. I’d be glad to expound on the virtues of RADIUS but please open a new thread. Regards, -- Louis Munro [email protected] :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
