I am currently looking at potential replacement options for an existing NAC 
solution that is EOL, and PacketFence seems like a viable replacement candidate 
however I was hoping to clarify by just listing what I am trying to accomplish 
and get some validation that I did in fact read and understand everything 
correctly and this will work (Before I spend the time to set it all up).


I have a large network separated both by VLSM subnets, as well as via VLAN 
tagging.


I want to place Packetfence as an additional layer between what we will call 
Network 'A' and Network 'B' (We can assume these networks both reside on 
different subnets, as well as separate VLANS)


Before allowing traffic (Which I want to be able to define by user) I want a 
user to authenticate, this authentication will be integrated with LDAP (Active 
Directory), as well as if possible MFA (I use Duo Mobile), and if successful 
the defined traffic from the authenticated workstation/user will be allowed 
through to the hosts/ports/vlan(?) that user has been configured as permitted 
to access.


What I really like is it appears (Unlike my existing solution) that I may be 
able to manage this not only by Subnet but potentially by VLAN as well which is 
far more secure if I am in fact reading this correctly.


If at a high level this is all possible (And based on what I have read so far 
it certainly seems like it is), I am going to begin a test build but obviously 
something of this scope is not just a server build but includes network 
hardware as well. (If there are options out there for setting up a sandboxed or 
virtual test network I would love to hear about them, as I am not aware of 
anything, and things like AWS do not appear to give me the level of control I 
would need to set this up with VLAN tagging)


Thanks!


Mike
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to