Hello Pierrick,
You should not need to have a second trunk from PacketFence to the
Firewall, unless PacketFence have to assign VLAN for devices in this
area. Usually you will have one trunk to your main switch, and from
there create VLAN interfaces for your needs in PacketFence.
For more details look at:
http://packetfence.org/doc/PacketFence_Administration_Guide.html#_network_integration
;
Thank you
On 05/26/2016 06:21 AM, PROST pierrick wrote:
Hi everyone,
We finished our test of packet fence .. this NAC is juste awesome good
job ! (I came from aruba Clearpass …)
We need your help to validate a POC. Is it possible to implement the
following architecture on packet fence ? We have a lot of Linksys
LAPAC 1750 who support VLAN TRUNK and SSID/ VLAN assignation …and
there are not compatible with openwrt.
10 Gbt/s backbone
WIFI AP <------------------------>
+--------------------+ +------------------------+
+-------------------+
| | | | |
| XXXXXXX XXXX
| | | Packet Fence
| | | XXXXXXXXXX XXX XX
| | Trunk eth1 |
| | | X XX
| multiple SSID | |
| | |
XXXXXXXX XX
| one per VLAN +--------------------------+ |
TRUNK eth0 | | XX XXXXXXX
| | | | |
FW | X internet X
| | VLAN mngt |
+--------------------------+ +------+X X
| | VLAN employee |
| | | X
XX
| | VLAN guest
| | VLAN mngt
| | X XXXXX
| | VLAN Eduroam
| | VLAN employee
| | XXXXXX X X
| | | | VLAN
guest | | XXX XXX X
| | |
| VLAN Eduroam | | XXXXXX XXX XXXX
| | | | | |
+--------------------+ +------------------------+ +-------------------+
Regards
Pierrick Prost
CNRS Rhones Alpes
France
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Antoine Amacher
[email protected] :: +1.514.447.4918 *130 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
