-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Il 06/10/2015 18:00, Sjoerd Venema ha scritto: > [...] I am quite new to using VLANs on my network.
unfortunately this can quickly became a _MAJOR_ problem in correctly understanding/configuring PacketFence in VLAN-mode. > So I have some questions. Let me begin by explaining the scenario. > [...OpenWRT...TL-WDR4200...TL-JetStream...] as a starting point, please consider that: - - your physical switch is _NOT_ officially supported by PacketFence (for VLAN-enforcemente), as for: http://www.packetfence.org/about/supported_switches_and_aps.html - - OpenWRT, as for its "hostapd" wireless driver/engine, is supported since July 2013 [1]. Anyway, lots of rough-edges can be encountered in its configuration, based on the several factors (version of OpenWRT; chipset used by wireless router; version of hostapd; etc.). You can get an idea by yourself, just searching over the ML archives [2] - - are you sure to have a WDR-4200? I don't see any reference about it on the web. Did you mean WDR-4300? Anyway, as it surely supports OpenWRT, consider that it's mostly sure that the router has an embedded switch that _DO_ support VLANs [3], so... you have another switch that you might be forced to deal with (depending on your setup) > [Server] <-- Proxmox Hypervisor [PacketFence] <-- KVM virtual machine > CentOS6 So, as your PacketFence BOX is a Virtual Machine (managed by ProxMox/KVM), you also have another "virtual-switch" (actually a "bridge") between your physical network and the virtual world (the VMs). This is another things that you should clearly understand, otherwise some (other) problems might arise. > Q. What happens to my network if the PacketFence server goes down? > Does the network go down, now that PF is an integral part? Or partly? As a general rule, if PF is introduced on a network, it will behaves as a Network-Access-Control point. Hence... it will "control" everything. As for this very issue, should the NAC fail... network-access won't be granted anymore. This is a valid statement, regardless of the enforcement mode (VLAN or Inline, or Hybrid as well). The failing of a NAC can be addressed with several approaches. As for PF, first of all with an High-Availability PF-deployment [4] > Q. Should I add more than one (virtual) NIC to the VM? As you can see on the image at page 5 of the Administration Guide [5], PF (in VLAN-mode) need to be connected to several networks. Such "logical" networks can be coupled with the PF-server network-interfaces in several ways, based on the configuration of "trunk/VLAN-aware" network interfaces (in Linux) and/or the possibility to bring such trunk from the physical-hyphervisor to virtual-VMs trough virtual-switches. In other_words/simple_terms: an "ifconfig" (or "ip link show") run within the PF-box (real or virtual) needs to return an interface for each of the needed network. > Q. And this is my real question. Do I require multiple cables between > server and switch??? Or can all VLAN's go over the same cable? Uhm... Short answer: _NO_. Long answer: please, again, investigate the VLAN technologies. It's definitely something you should do ASAP, starting right after the reading of this para> > Thanks all! > > > - ------------------------------------------------------------------------------ > > > > _______________________________________________ PacketFence-users > mailing list [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > graph :-) > Sorry for the beginner questions. I try to follow the manual and > search online, but it's just not detailed enough for a starter like > me. <my_personal_comment_here_mode=on> With your question you're raising/mixing _LOTS_ of technologies and even if they are related to PacketFence, their investigation is _really_ out of scope for this mailing-list. Probably your questions might receive better answers elsewhere (I'm not saying that people, here, is not enough knowledged. It's the viceversa: it's not common, for PF-people, to spend time on "basic" topics that should be "mastered" before entering the PF-world). As an example, I think a better place for asking your "general" questions could be the SuperUser community of the StackExchange network, here [6] </my> Best luck and.... nice VLAN reading ;-) Cheers, DV [1] http://www.packetfence.org/news/2013/article/packetfence-now-supports-hostapd.html [2] https://www.google.it/search?q=openwrt+site%3Asourceforge.net%2Fp%2Fpacketfence%2Fmailman%2Fpacketfence-users%2F [3] http://wiki.openwrt.org/toh/tp-link/tl-wdr4300#switch_ports_for_vlans [4] http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Clustering_Guide-5.4.0.pdf [5] http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Administration_Guide-5.4.0.pdf [6] https://superuser.com/ - -- Damiano Verzulli e-mail: [email protected] - --- possible?ok:while(!possible){open_mindedness++} - --- "Technical people tend to fall into two categories: Specialists and Generalists. The Specialist learns more and more about a narrower and narrower field, until he eventually, in the limit, knows everything about nothing. The Generalist learns less and less about a wider and wider field, until eventually he knows nothing about everything." - William Stucke - AfrISPA http://elists.isoc.org/mailman/private/pubsoft/2007-December/001935.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEARECAAYFAlYUN+YACgkQcwT9fsMT4Sy2sQCfZeKREsj+u8jaToWQ0l2NB30G O28AoIHgj0knWJbSiQQVFHv9Ha9zKmPe =6LuF -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
