> On Sep 15, 2016, at 11:27 AM, Jason 'XenoPhage' Frisvold > <xenoph...@godshell.com> wrote: > > Jog my memory a bit, please.. I should be using a helper-address on > each router interface to push dhcp requests to packatfence so that > pfdhcplistener can see them and act accordingly, right? ie, this is how > the users current IP ends up in the logs. And the helper-address should > point at the management interface of packetfence? >
Correct, except if you have routed isolation and registration networks. DHCP relays for those should point to the PF interface for each. > Are there any configuration options I need to set within packetfence so > that it knows what networks to be on the lookout for, or will it accept > everything? The only networks it need to know anything specific about are the isolation and registration networks. It needs to know their subnets and a few more details if they are not layer 2 connected to your PF server such as the "next_hop" between the PF interfaces and these networks. See this for a better explanation: https://packetfence.org/doc/PacketFence_Administration_Guide.html#_routed_networks <https://packetfence.org/doc/PacketFence_Administration_Guide.html#_routed_networks> > >> >> Profiles can be assigned based on criteria such as SSID, connection >> type, switch (controller) etc. >> It should be possible to have a portal that only matches your dot1x traffic. > > Hrm.. I'll have to dig into this. I guess what we would want is one > portal to handle the 802.1x traffic and one to handle everything else.. > So we should use the connection type for that? Wireless is probably a > little easier since we can specify an SSID for guest access, but I can't > really do that on wired.. Not that I expect much guest access there. You can even define profiles that match combinations of things. E.g connection type & SSID. Connection type can also be wired vs wireless. It's pretty flexible. You should be able to narrow down to exactly what you want. Try it, you'll like it! Regards, -- Louis Munro lmu...@inverse.ca <mailto:lmu...@inverse.ca> :: www.inverse.ca <http://www.inverse.ca/> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and PacketFence (www.packetfence.org <http://www.packetfence.org/>)
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
