Thank you Louis,
Suspected case sensitive, thank you for confirming.
Assumed it was ‘rolename’Vlan, noted that the “Vlan” must be searched for by
the parser and no other delimiter is needed.
Not sure why our manager recommended a full reload, I’d just as soon restart
only what was needed.
Now I’ve got to script myself something to change the default access vlan on
the user ports of the switch (avoid the trunk lines). Enjoying Rancid as much
as I’m enjoying having packetfence.
Many thanks,
Brian
From: Louis Munro [mailto:[email protected]]
Sent: Wednesday, February 17, 2016 1:32 PM
To: [email protected]
Subject: Re: [PacketFence-users] change vlan map on multiple switches
On Feb 17, 2016, at 13:21 , Cuttler, Brian (HEALTH)
<[email protected]<mailto:[email protected]>> wrote:
Thank you, that is what I’d needed, and apparently missed reading through the
file earlier.
There is a “[default]” that contains “vlans=1,22,23,24,25,110,111,112” and then
lines with the name of the vlan and its value, lines of this type for
“registration”
“registrationVlan=110”
And I do see how some switches, for instance, one campus in particular, has in
each stanza lines that read “Default_VLANVlan=112” or nearly unique “General
Usevlan=1”.
Whatever comes before “Vlan” is the name of the role that matches.
I.e. If you have a a role called “Staff” the users that match that role
according to the authorization sources and rules will be sent to the
“StaffVlan” defined in that file.
I am guessing you have roles named “Default_VLAN” and “General Use”.
I should be able to set “RegistrationVlan=150” in the stanzas for the end point
switches at this one particular location. Reconfigure the router to put the
necessary network into the new vlan and if it works do the same process for the
Isolation vlan.
Right.
Be careful when editing the file. Case matters.
Since there are only a few switches per floor in the building, and we route by
floor (unique network with unique vlan id) I can modify those via the web
interface as I go.
My PF manager said something about a DOS INI file but this looks like a normal
unix file to me, which I will edit with # vi.
Everything is a file (or so they say).
Yes, it’s just a regular text file.
And I guess, reload the server, # ~pf/bin/pfcmd services pf restart
Does this seem correct? I’m trying to be verbose, not just for myself, but
maybe for the next guy.
Yes that seems correct.
If you edit the switches configuration from the GUI, a restart should not be
required.
Otherwise, you may want to try
# bin/pfcmd configreload hard
to force PacketFence to reread those configuration files.
Restarting all services would work, but why do it if it’s not needed?
Regards,
--
Louis Munro
[email protected]<mailto:[email protected]> ::
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
