Hello Fabrice
Sorry for the inconvenience.
This link is newtork diagram: https://i.imgsafe.org/ad79256af9.jpg
I created Registration and Isolation vlans on PFence.
Here is my PFence config:
===========================================
===========================================
# more /usr/local/pf/conf/networks.conf
[192.168.141.0]
dns=192.168.141.1
dhcp_start=192.168.141.10
gateway=192.168.141.1
domain-name=vlan-registration.packetfence.org
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.141.246
type=vlan-registration
netmask=255.255.255.0
dhcp_default_lease_time=30
[192.168.142.0]
dns=192.168.142.1
dhcp_start=192.168.142.10
gateway=192.168.142.1
domain-name=vlan-isolation.packetfence.org
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.142.246
type=vlan-isolation
netmask=255.255.255.0
dhcp_default_lease_time=30
[192.168.130.0]
dns=192.168.141.1
next_hop=192.168.141.2
gateway=192.168.130.1
dhcp_start=192.168.130.10
domain-name=vlan-registration.packetfence.org
nat_enabled=0
named=enabled
dhcp_max_lease_time=300
dhcpd=enabled
fake_mac_enabled=disabled
netmask=255.255.255.0
type=vlan-registration
dhcp_end=192.168.130.240
dhcp_default_lease_time=300
[192.168.131.0]
dns=192.168.142.1
next_hop=192.168.142.2
gateway=192.168.131.1
dhcp_start=192.168.131.10
domain-name=vlan-isolation.packetfence.org
nat_enabled=0
named=enabled
dhcp_max_lease_time=300
dhcpd=enabled
fake_mac_enabled=disabled
netmask=255.255.255.0
type=vlan-isolation
dhcp_end=192.168.131.240
dhcp_default_lease_time=300
===========================================
===========================================
# ip route
192.168.131.0/24 via 192.168.142.2 dev eth1.142
192.168.130.0/24 via 192.168.141.2 dev eth1.141
192.168.142.0/24 dev eth1.142 proto kernel scope link src 192.168.142.1
192.168.141.0/24 dev eth1.141 proto kernel scope link src 192.168.141.1
192.168.140.0/24 dev eth0 proto kernel scope link src 192.168.140.1
default via 192.168.140.2 dev eth0
===========================================
===========================================
# more /usr/local/pf/conf/switches.conf
[10.0.0.2]
description=AIR-AP1242G
group=ciscoAP
deauthMethod=Telnet
uplink=dynamic
[group ciscoAP]
mode=production
SNMPCommunityRead=public
description=ciscoAP
SNMPVersionTrap=2c
cliPwd=Cisco
uplink_dynamic=0
SNMPCommunityTrap=public
registrationVlan=130
wsPwd=Cisco
guestVlan=132
SNMPCommunityWrite=private
cliUser=Cisco
defaultVlan=1
deauthMethod=RADIUS
type=Cisco::Aironet_1242
isolationVlan=131
radiusSecret=freeradius
SNMPVersion=2c
cliEnablePwd=Cisco
uplink=1
wsUser=Cisco
===========================================
===========================================
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP qlen 1000
link/ether 00:50:56:a2:47:90 brd ff:ff:ff:ff:ff:ff
inet 192.168.140.1/24 brd 192.168.140.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP qlen 1000
link/ether 00:50:56:a2:10:f5 brd ff:ff:ff:ff:ff:ff
4: eth1.141@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
inet 192.168.141.1/24 brd 192.168.141.255 scope global eth1.141
5: eth1.142@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
inet 192.168.142.1/24 brd 192.168.142.255 scope global eth1.142
Best Regards,
Namjil
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
